-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63180/#review188838
-----------------------------------------------------------



The patch looks really good, but I am concerned that it may break the various 
forms of the "Regenerate Keytab" operations that are avaialbe:
- Regenerate all
- Regenerate missing
- Regenerate all for a host
- Regenerate all for a service (or set of components)

The headless identities are most sensitive to the host-based operation. We 
don't want to change the key for them during this operation since it will 
invalidate the keytab files on the other hosts. For this case, we simply want 
to ensure the keytab file for those identities are installed on the host we are 
operating on. If needed the keytab entry should be pulled from the cache to 
build the keytab file to distribute.


ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
Lines 471 (patched)
<https://reviews.apache.org/r/63180/#comment265833>

    Is there a reason this commented out line was left in?



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
Lines 738 (patched)
<https://reviews.apache.org/r/63180/#comment265834>

    Missing javadoc



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
Lines 740 (patched)
<https://reviews.apache.org/r/63180/#comment265835>

    Missing javadoc



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
Lines 1889 (patched)
<https://reviews.apache.org/r/63180/#comment265837>

    Possible NPE?



ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProvider.java
Lines 199-201 (original), 199-204 (patched)
<https://reviews.apache.org/r/63180/#comment265836>

    It seems like this should be completed else the generated report will also 
indicate that the keytb file have not yet been distributed.



ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java
Lines 393-396 (patched)
<https://reviews.apache.org/r/63180/#comment265838>

    This may not be necessary since we aren't actually creating Keberos 
identitities here.  We are setting up the configurations for certain services 
not yet installed in anticipation for them being installed so that we can 
reduce the need to restart the core Hadoop services.


- Robert Levas


On Oct. 20, 2017, 9:25 a.m., Eugene Chekanskiy wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63180/
> -----------------------------------------------------------
> 
> (Updated Oct. 20, 2017, 9:25 a.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Balázs Bence Sári, Laszlo Puskas, 
> Robert Levas, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-22278
>     https://issues.apache.org/jira/browse/AMBARI-22278
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Fist step of changin way of handling keytabs.
> In this patch:
> 1. Enable cache for every principal
> 2. Changed database to represent keytab-principal relation
> 3. Created stub (ResolvedKerberosKeytab) to handle keytabs files between 
> stages in kerberos instead of principal records
> 
> Future plans:
> 1. Improve kerberos.json with support for referencing to keytab descriptor 
> and multiple principals descriptors in one identity
> 2. Refactor all *Kerberos*ServerAction.java to use KerberosKeytab instead of 
> IdentityRecord
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
>  2690008e59 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java
>  29f8e2acbd 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
>  b8e1be15d5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  4f14614000 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProvider.java
>  bfaf7b4a4f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java
>  8acc401c83 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosKeytabDAO.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalDAO.java
>  93c55c14fa 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalHostDAO.java
>  0c17f198f4 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosKeytabEntity.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntity.java
>  bb67131584 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntityPK.java
>  600bb8b2aa 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
>  7948a60ba2 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java
>  dae8254799 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/Component.java
>  4f1ee52739 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerAction.java
>  fca1b6fd12 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
>  355f515591 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  1c0853b98e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFile.java
>  ddf3d1b0fe 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileWriter.java
>  ea742bd940 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  1b0f4fb2f9 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
>  e1f8419b81 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
>  335451fa03 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
>  038d1b5d3f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java
>  5af7c6b35f 
>   ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 
> 1104d199f4 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java
>  3b8f6dae22 
>   ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 614af1ef15 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 530411a149 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ebe5f120a2 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 634db9566a 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 
> f64ff80b73 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 7a3feaf92a 
>   ambari-server/src/main/resources/META-INF/persistence.xml e4045ef536 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
>  21accdd925 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py
>  21accdd925 
>   
> ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
>  20ff9497e4 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  7ed52d2782 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java
>  9c94f35e98 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java
>  2518da9d9b 
>   
> ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java
>  24d4f555a7 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java
>  5522132c45 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java
>  c232117da1 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
>  8b679bf76f 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java
>  cfe0fee411 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
>  a43db4d12c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java
>  a7bf33c775 
> 
> 
> Diff: https://reviews.apache.org/r/63180/diff/1/
> 
> 
> Testing
> -------
> 
> mvn clean test, kerberos enable, kerberos disable, add service
> 
> 
> Thanks,
> 
> Eugene Chekanskiy
> 
>

Reply via email to