----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63180/#review188838 -----------------------------------------------------------
The patch looks really good, but I am concerned that it may break the various forms of the "Regenerate Keytab" operations that are avaialbe: - Regenerate all - Regenerate missing - Regenerate all for a host - Regenerate all for a service (or set of components) The headless identities are most sensitive to the host-based operation. We don't want to change the key for them during this operation since it will invalidate the keytab files on the other hosts. For this case, we simply want to ensure the keytab file for those identities are installed on the host we are operating on. If needed the keytab entry should be pulled from the cache to build the keytab file to distribute. ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java Lines 471 (patched) <https://reviews.apache.org/r/63180/#comment265833> Is there a reason this commented out line was left in? ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java Lines 738 (patched) <https://reviews.apache.org/r/63180/#comment265834> Missing javadoc ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java Lines 740 (patched) <https://reviews.apache.org/r/63180/#comment265835> Missing javadoc ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java Lines 1889 (patched) <https://reviews.apache.org/r/63180/#comment265837> Possible NPE? ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProvider.java Lines 199-201 (original), 199-204 (patched) <https://reviews.apache.org/r/63180/#comment265836> It seems like this should be completed else the generated report will also indicate that the keytb file have not yet been distributed. ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java Lines 393-396 (patched) <https://reviews.apache.org/r/63180/#comment265838> This may not be necessary since we aren't actually creating Keberos identitities here. We are setting up the configurations for certain services not yet installed in anticipation for them being installed so that we can reduce the need to restart the core Hadoop services. - Robert Levas On Oct. 20, 2017, 9:25 a.m., Eugene Chekanskiy wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63180/ > ----------------------------------------------------------- > > (Updated Oct. 20, 2017, 9:25 a.m.) > > > Review request for Ambari, Attila Magyar, Balázs Bence Sári, Laszlo Puskas, > Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-22278 > https://issues.apache.org/jira/browse/AMBARI-22278 > > > Repository: ambari > > > Description > ------- > > Fist step of changin way of handling keytabs. > In this patch: > 1. Enable cache for every principal > 2. Changed database to represent keytab-principal relation > 3. Created stub (ResolvedKerberosKeytab) to handle keytabs files between > stages in kerberos instead of principal records > > Future plans: > 1. Improve kerberos.json with support for referencing to keytab descriptor > and multiple principals descriptors in one identity > 2. Refactor all *Kerberos*ServerAction.java to use KerberosKeytab instead of > IdentityRecord > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java > 2690008e59 > > ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java > 29f8e2acbd > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java > b8e1be15d5 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 4f14614000 > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProvider.java > bfaf7b4a4f > > ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java > 8acc401c83 > > ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosKeytabDAO.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalDAO.java > 93c55c14fa > > ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalHostDAO.java > 0c17f198f4 > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosKeytabEntity.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntity.java > bb67131584 > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntityPK.java > 600bb8b2aa > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java > 7948a60ba2 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java > dae8254799 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/Component.java > 4f1ee52739 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerAction.java > fca1b6fd12 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java > 355f515591 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java > 1c0853b98e > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java > ddf3d1b0fe > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java > ea742bd940 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > 1b0f4fb2f9 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java > e1f8419b81 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java > 335451fa03 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java > 038d1b5d3f > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java > 5af7c6b35f > ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java > 1104d199f4 > > ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java > 3b8f6dae22 > ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 614af1ef15 > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 530411a149 > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ebe5f120a2 > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 634db9566a > ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql > f64ff80b73 > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 7a3feaf92a > ambari-server/src/main/resources/META-INF/persistence.xml e4045ef536 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py > 21accdd925 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py > 21accdd925 > > ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java > 20ff9497e4 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 7ed52d2782 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java > 9c94f35e98 > > ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java > 2518da9d9b > > ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java > 24d4f555a7 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java > 5522132c45 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java > c232117da1 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java > 8b679bf76f > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java > cfe0fee411 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java > a43db4d12c > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java > a7bf33c775 > > > Diff: https://reviews.apache.org/r/63180/diff/1/ > > > Testing > ------- > > mvn clean test, kerberos enable, kerberos disable, add service > > > Thanks, > > Eugene Chekanskiy > >
