[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mahadev konar updated AMBARI-16171: --- Fix Version/s: (was: 2.4.1) 2.4.0 > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: 2.4.0 > > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch, > AMBARI-16171.addendum.patch, AMBARI-16171.addendum2-1.patch, > AMBARI-16171.addendum2.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.addendum2-1.patch > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: 2.4.1 > > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch, > AMBARI-16171.addendum.patch, AMBARI-16171.addendum2-1.patch, > AMBARI-16171.addendum2.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.addendum2.patch [~rlevas], I think this is what we were ultimately working towards in chat today. It appears to be working as intended on some local VMs. Your keen eye would be appreciated. > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: 2.4.1 > > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch, > AMBARI-16171.addendum.patch, AMBARI-16171.addendum2.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.addendum.patch Looks like I goofed up the .009 with the python unit tests after my last rebase. Here's a small addendum to fix it up. > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: 2.4.1 > > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch, > AMBARI-16171.addendum.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Srimanth Gunturi updated AMBARI-16171: -- Fix Version/s: 2.4.1 > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: 2.4.1 > > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.009.patch .009 is .007 plus changes to stack advisor to append configuration to hadoop.proxyuser.HTTP.hosts only when there are PQS hosts in the cluster. > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171-stackadvisor-WIP.patch > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171-stackadvisor-WIP.patch, > AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch, > AMBARI-16171.006.patch, AMBARI-16171.007.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[
https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-16171:
--
Resolution: Fixed
Status: Resolved (was: Patch Available)
Committed to trunk
{noformat}
commit 9f0af38f2b01f74770e31affe78ccba49e712351
Author: Josh Elser
Date: Fri May 20 16:05:56 2016 -0400
{noformat}
Committed to branch-2.4
{noformat}
commit 1c53b030a9e859d9d28bde955757e041065b54cb
Author: Josh Elser
Date: Fri May 20 16:07:17 2016 -0400
{noformat}
> Changes to Phoenix QueryServer Kerberos configuration
> -
>
> Key: AMBARI-16171
> URL: https://issues.apache.org/jira/browse/AMBARI-16171
> Project: Ambari
> Issue Type: Improvement
>Reporter: Josh Elser
>Assignee: Josh Elser
> Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch,
> AMBARI-16171.003.patch, AMBARI-16171.006.patch, AMBARI-16171.007.patch
>
>
> The up-coming version of Phoenix will contain some new functionality to
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query
> Server (PQS).
> Presently, Ambari will configure PQS to use the hbase service keytab which
> will result in the SPNEGO authentication failing as the RFC requires that the
> "primary" component of the Kerberos principal for the server is "HTTP". Thus,
> we need to ensure that we switch PQS over to use the spnego.service.keytab as
> the keytab and "HTTP/_HOST@REALM" as the principal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.007.patch > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch, > AMBARI-16171.003.patch, AMBARI-16171.006.patch, AMBARI-16171.007.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.006.patch .006 is the last from reviewboard (as [~rlevas]) mentioned. > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch, > AMBARI-16171.003.patch, AMBARI-16171.006.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Status: Patch Available (was: Open) > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch, > AMBARI-16171.003.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: (was: AMBARI-16171.003.patch) > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch, > AMBARI-16171.003.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.003.patch .003 is just rebased on top of origin/trunk. Nothing else changed. I couldn't get a real test to work – the express upgrade dialog wouldn't let me proceed, claiming that the last status check was run days prior. I figured out where that was being stored in postgres, tried to update them, but even that wasn't working (so obviously I was missing something). So, apologies in advance if something isn't 100% correct in the upgrade path, but I think we should get this in now and deal with any upgrade problems later . Can you commit for me [~rlevas]? > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch, > AMBARI-16171.003.patch, AMBARI-16171.003.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.003.patch .003 is just rebased on top of origin/trunk. Nothing else changed. I couldn't get a real test to work -- the express upgrade dialog wouldn't let me proceed, claiming that the last status check was run days prior. I figured out where that was being stored in postgres, tried to update them, but even that wasn't working (so obviously I was missing something). So, apologies in advance if something isn't 100% correct in the upgrade path, but I think we should get this in now and deal with any upgrade problems later :). Can you commit for me [~rlevas]? > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch, > AMBARI-16171.003.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.002.patch Here's a v2 given the current "expectation" on how this would all work. [~rlevas], I'm a bit at a loss now of how to bridge the gap from unit test to actual correctness. Are there are instructions somewhere that can walk me through an upgrade from an older version? I've never had the pleasure/need to go through an upgrade myself. > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Josh Elser updated AMBARI-16171: Attachment: AMBARI-16171.001.patch I think this is along the lines of what would need to be done for PQS to use the spnego keytab and principal. I'm not sure what needs to be done to handle the upgrade scenario though. > Changes to Phoenix QueryServer Kerberos configuration > - > > Key: AMBARI-16171 > URL: https://issues.apache.org/jira/browse/AMBARI-16171 > Project: Ambari > Issue Type: Improvement >Reporter: Josh Elser >Assignee: Josh Elser > Attachments: AMBARI-16171.001.patch > > > The up-coming version of Phoenix will contain some new functionality to > support Kerberos authentication of clients via SPNEGO with the Phoenix Query > Server (PQS). > Presently, Ambari will configure PQS to use the hbase service keytab which > will result in the SPNEGO authentication failing as the RFC requires that the > "primary" component of the Kerberos principal for the server is "HTTP". Thus, > we need to ensure that we switch PQS over to use the spnego.service.keytab as > the keytab and "HTTP/_HOST@REALM" as the principal. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
