> On Oct. 31, 2016, 4:27 p.m., Robert Levas wrote: > > This seems dangerous. > > > > I think it would be a better option to make this explicit by using a > > configuration attribute. For example: > > > > ''' > > <value-attributes> > > ... > > <type>kerberos_principal</type> > > ... > > </value-attributes> > > ''' > > > > However I am not sure if this data is available at the time you would need > > it. > > Amruta Borkar wrote: > Hello Robert, > Would it be ok if a new property type is defined to identify kerberos > principal EX: <property-type>kerberos-principal<property-type> rather than > defining it in <value-attribute> ? As we currently use > <property-type>password<property-type> to identify and filter out password > references while blueprint export. > > Robert Levas wrote: > I think that will work too but we might need some more expertice on this. > After making the change, can you add Jayush Luniya and Jaimin Jetly to the > review? Also, make sure you update `configuration-schema.xsd` and > `org.apache.ambari.server.state.PropertyInfo.PropertyType`
Updated the the patch based on suggestions. Also adding Jayush Luniya and Jaimin Jetly. - Amruta ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53213/#review154274 ----------------------------------------------------------- On Oct. 28, 2016, 5:50 p.m., Amruta Borkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53213/ > ----------------------------------------------------------- > > (Updated Oct. 28, 2016, 5:50 p.m.) > > > Review request for Ambari, Di Li, Robert Levas, and Robert Nettleton. > > > Bugs: AMBARI-18692 > https://issues.apache.org/jira/browse/AMBARI-18692 > > > Repository: ambari > > > Description > ------- > > Exporting blueprint from kerberos enabled cluster, exports hardcoded values > cluster name and realm in principal_name property. > When the same blueprint is used to create another cluster with different > name, service start fail with following error: > "resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt > /etc/security/keytabs/hdfs.headless.keytab [keytab_name_in_blueprint] eturned > 1. kinit: Keytab contains no suitable keys for [keytab_name_in_blueprint] > while getting initial credentials" > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java > f890326 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java > 5bedb9d > > Diff: https://reviews.apache.org/r/53213/diff/ > > > Testing > ------- > > Tested manually. Suitable keytabs are generated automatically when not > mentioned in blueprint. Service starts succeeded with a blueprint exported > with the code change. > Modified existing unit test cases. > > > Thanks, > > Amruta Borkar > >
