> On Oct. 31, 2016, 4:27 p.m., Robert Levas wrote: > > This seems dangerous. > > > > I think it would be a better option to make this explicit by using a > > configuration attribute. For example: > > > > ''' > > <value-attributes> > > ... > > <type>kerberos_principal</type> > > ... > > </value-attributes> > > ''' > > > > However I am not sure if this data is available at the time you would need > > it. > > Amruta Borkar wrote: > Hello Robert, > Would it be ok if a new property type is defined to identify kerberos > principal EX: <property-type>kerberos-principal<property-type> rather than > defining it in <value-attribute> ? As we currently use > <property-type>password<property-type> to identify and filter out password > references while blueprint export. > > Robert Levas wrote: > I think that will work too but we might need some more expertice on this. > After making the change, can you add Jayush Luniya and Jaimin Jetly to the > review? Also, make sure you update `configuration-schema.xsd` and > `org.apache.ambari.server.state.PropertyInfo.PropertyType` > > Amruta Borkar wrote: > Updated the the patch based on suggestions. Also adding Jayush Luniya and > Jaimin Jetly.
Hello Jayush, Jaimin Could you please review this? Thank you - Amruta ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53213/#review154274 ----------------------------------------------------------- On Nov. 9, 2016, 12:11 a.m., Amruta Borkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53213/ > ----------------------------------------------------------- > > (Updated Nov. 9, 2016, 12:11 a.m.) > > > Review request for Ambari, Di Li, Jaimin Jetly, Jayush Luniya, Robert Levas, > and Robert Nettleton. > > > Bugs: AMBARI-18692 > https://issues.apache.org/jira/browse/AMBARI-18692 > > > Repository: ambari > > > Description > ------- > > Exporting blueprint from kerberos enabled cluster, exports hardcoded values > cluster name and realm in principal_name property. > When the same blueprint is used to create another cluster with different > name, service start fail with following error: > "resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt > /etc/security/keytabs/hdfs.headless.keytab [keytab_name_in_blueprint] eturned > 1. kinit: Keytab contains no suitable keys for [keytab_name_in_blueprint] > while getting initial credentials" > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java > f890326 > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/Stack.java > 16f75ee > > ambari-server/src/main/java/org/apache/ambari/server/state/PropertyInfo.java > 81de76c > > ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/configuration/accumulo-env.xml > 1d330dd > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-env.xml > d7ae236 > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-security-site.xml > 2be101b > > ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml > 9efa4f9 > > ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml > 8712c7d > > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/configuration/hbase-env.xml > 24bd563 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hadoop-env.xml > afaaee8 > > ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml > e8a76b6 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 7016437 > > ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/knox-env.xml > 2e5a026 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logfeeder-env.xml > ee885e3 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-env.xml > c5b9b4e > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml > 36ebc8c > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml > a0bd322 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-ugsync-site.xml > d267b75 > > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-site.xml > 1bce4e6 > > ambari-server/src/main/resources/common-services/SPARK/1.2.1/configuration/spark-defaults.xml > b85cf50 > > ambari-server/src/main/resources/common-services/SPARK/1.2.1/configuration/spark-env.xml > 71a42f7 > > ambari-server/src/main/resources/common-services/SPARK2/2.0.0/configuration/spark2-defaults.xml > a5115af > > ambari-server/src/main/resources/common-services/SPARK2/2.0.0/configuration/spark2-env.xml > b78fd79 > > ambari-server/src/main/resources/common-services/STORM/0.9.1/configuration/storm-env.xml > 5d0b2ff > > ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-env.xml > c03d2dc > > ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/configuration/zookeeper-env.xml > 696b28a > ambari-server/src/main/resources/configuration-schema.xsd daba29f > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java > 5bedb9d > > Diff: https://reviews.apache.org/r/53213/diff/ > > > Testing > ------- > > Tested manually. Suitable keytabs are generated automatically when not > mentioned in blueprint. Service starts succeeded with a blueprint exported > with the code change. > Modified existing unit test cases. > > > Thanks, > > Amruta Borkar > >