----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63450/#review189917 -----------------------------------------------------------
Ship it! Ship It! - Sebastian Toader On Oct. 31, 2017, 10:03 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63450/ > ----------------------------------------------------------- > > (Updated Oct. 31, 2017, 10:03 p.m.) > > > Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene > Chekanskiy, Jonathan Hurley, Laszlo Puskas, Nate Cole, Robert Nettleton, and > Sebastian Toader. > > > Bugs: AMBARI-22293 > https://issues.apache.org/jira/browse/AMBARI-22293 > > > Repository: ambari > > > Description > ------- > > Improve KDC integration by making the interfaces more consistent with each > other. > > #Notes: > - When using the MIT KDC or IPA options, the `kerberos-env/admin_server_host` > value *must be the fully qualified domain name* (FQDN) of the host were the > KDC administrator service is. > - When connecting to the MIT KDC and IPA server, a username a password is not > used to authenticate using the kadmin utility. A Kerberos ticket is first > acquired and that is used for authentication. > - When creating Kerberos identities using the MIT KDC and IPA handlers, the > Ambari-generated password is not used. All password's for principals in the > MIT KDC and IP server are generated randomly by the KDC. > - Removed `kerberos-env/set_password_expiry` and > `kerberos-env/password_chat_timeout` properties since they are no longer > needed > - Changed `kerberos-env/groups` to `kerberos-env/ipa_user_groups` to be more > explicit in how the property is used. > - The setPassword implementation for the MIT KDC and IPA handlers do nothing > except check to see if the relevant principal exists. This is to maintain > backward compatibility with previous implementations. > > > Diffs > ----- > > ambari-server/docs/security/kerberos/kerberos_service.md 65e312b866 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java > f7d6060710 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java > 1c0853b98e > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java > 2b3a0ca40d > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java > 9a6a07e4d3 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCKerberosOperationHandler.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > 8749f81068 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java > 0997f650f8 > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog300.java > bfe2a1346e > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 0a081215ec > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/configuration/kerberos-env.xml > 0a081215ec > > ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml > 66e81dbb00 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 7ed52d2782 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java > 483cc0aed2 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java > f2a09bafb9 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KDCKerberosOperationHandlerTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java > 88c841c3a1 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java > a43db4d12c > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java > 04d03bebb5 > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog300Test.java > 25e9dbf739 > ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json > 288d155c47 > ambari-server/src/test/python/stacks/2.5/configs/ranger-kms-secured.json > f7f054a0db > ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json > 38b59061b4 > ambari-server/src/test/resources/PreconfigureActionTest_cluster_config.json > 2a744c70be > ambari-web/app/controllers/main/admin/kerberos/step2_controller.js > 05b0b31e3b > > > Diff: https://reviews.apache.org/r/63450/diff/3/ > > > Testing > ------- > > Manually tested new and upgraded clusters using AD, MIT KDC, and IPA options. > > # Local test results: > ``` > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 26:09 min > [INFO] Finished at: 2017-10-31T16:24:49-04:00 > [INFO] Final Memory: 99M/2148M > [INFO] > ------------------------------------------------------------------------ > ``` > > # Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >