subject:"Review Request 45914\: Kerberos\: Allow multiple KDC hosts to be set while enabling Kerberos"

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-11 Thread Jonathan Hurley



> On April 11, 2016, 8:25 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java,
> >  lines 1148-1161
> > 
> >
> > Would it be better to just try searching for 
> > 
> > ```
> > kdc \u003d {{kdc_host}}\n
> > ```
> > 
> > And replacing it with 
> > ```
> > for kdc_host in kdc_host_list %}\nkdc = {{kdc_host|trim()}}\n
> > ```
> > 
> > That way you don't need to worry about anyone changing this file. 
> > Chances are that it's been changed.
> 
> Robert Levas wrote:
> The web client changes have been accounted for in this patch.  Most of 
> the work is done automatically via the stack definition. I replaced some code 
> in test files, but it _feels_ like those files may be obsolete. 
> 
> I was afraid of doing the replace on `kdc_host` as you indicated since 
> have no idea what changes may have been made. In most cases (that I have 
> seen) most users leave the template alone and the replacement that is being 
> done in the UpgradeCatalog should go trough; however maybe it should be 
> documented duing the upgrade process that this template be checked after the 
> upgrade has been completed.

Reviewboard didn't load the 2nd page for me; that's why I missed the web client 
changes.

OK, so I'm on board with the replacement you did. But perhaps it should be 
documented that this value is changing and may impact upgrades if you've 
modified that config.


- Jonathan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/#review128097
---


On April 8, 2016, 5:20 p.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45914/
> ---
> 
> (Updated April 8, 2016, 5:20 p.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-13240
> https://issues.apache.org/jira/browse/AMBARI-13240
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Because multiple KDCs may exist for an installation (failover, high 
> availability, etc...), Ambari should allow a user to specify multiple KDC 
> hosts to be set while enabling Kerberos and updating the Kerberos service's 
> configuration.
> 
> This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
> (comma-)delimited list of hosts and then parsing that list properly when 
> building the krb5.conf file where each {{kdc_host}} item generates an entry 
> in the relevant realm block.  For example:
> 
> # kerberos-env
> ```
> {
>   ...
>  "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> ```
> 
> # krb5.conf
> ```
> [realms]
>   EXAMPLE.COM = {
> ...
> kdc = kdc1.example.com
> kdc = kdc2.example.com
> ...
>   }
> ```
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
>  827b187 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  1ba138b 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
>  139fd7a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  65dad79 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
> 69b9a43 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
>  bb880e2 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
>  6780d2e 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
>  200a212 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
>  cc6f63a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  e8a2e35 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  411f966 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
>  f877e85 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
>  5c882ba 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  a583d39 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
> a11d596 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
>   
> ambari-se

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-11 Thread Robert Levas



> On April 11, 2016, 8:25 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java,
> >  lines 1148-1161
> > 
> >
> > Would it be better to just try searching for 
> > 
> > ```
> > kdc \u003d {{kdc_host}}\n
> > ```
> > 
> > And replacing it with 
> > ```
> > for kdc_host in kdc_host_list %}\nkdc = {{kdc_host|trim()}}\n
> > ```
> > 
> > That way you don't need to worry about anyone changing this file. 
> > Chances are that it's been changed.

The web client changes have been accounted for in this patch.  Most of the work 
is done automatically via the stack definition. I replaced some code in test 
files, but it _feels_ like those files may be obsolete. 

I was afraid of doing the replace on `kdc_host` as you indicated since have no 
idea what changes may have been made. In most cases (that I have seen) most 
users leave the template alone and the replacement that is being done in the 
UpgradeCatalog should go trough; however maybe it should be documented duing 
the upgrade process that this template be checked after the upgrade has been 
completed.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/#review128097
---


On April 8, 2016, 5:20 p.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45914/
> ---
> 
> (Updated April 8, 2016, 5:20 p.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-13240
> https://issues.apache.org/jira/browse/AMBARI-13240
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Because multiple KDCs may exist for an installation (failover, high 
> availability, etc...), Ambari should allow a user to specify multiple KDC 
> hosts to be set while enabling Kerberos and updating the Kerberos service's 
> configuration.
> 
> This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
> (comma-)delimited list of hosts and then parsing that list properly when 
> building the krb5.conf file where each {{kdc_host}} item generates an entry 
> in the relevant realm block.  For example:
> 
> # kerberos-env
> ```
> {
>   ...
>  "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> ```
> 
> # krb5.conf
> ```
> [realms]
>   EXAMPLE.COM = {
> ...
> kdc = kdc1.example.com
> kdc = kdc2.example.com
> ...
>   }
> ```
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
>  827b187 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  1ba138b 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
>  139fd7a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  65dad79 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
> 69b9a43 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
>  bb880e2 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
>  6780d2e 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
>  200a212 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
>  cc6f63a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  e8a2e35 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  411f966 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
>  f877e85 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
>  5c882ba 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  a583d39 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
> a11d596 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
>   
> ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
>  c1ca3aa 
>   ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 
> 7df0daf 
>   
> ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json
>  f60fa8f 
>   ambari-server/src/test/python/stacks/2.2/

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-11 Thread Jonathan Hurley


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/#review128097
---


Ship it!




Just a comment on the upgrade.

Also, are there any web client areas that need to change as well in the 
Kerberos Wizard? If so, is there a Jira for this?


ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 (lines 1148 - 1161)


Would it be better to just try searching for 

```
kdc \u003d {{kdc_host}}\n
```

And replacing it with 
```
for kdc_host in kdc_host_list %}\nkdc = {{kdc_host|trim()}}\n
```

That way you don't need to worry about anyone changing this file. Chances 
are that it's been changed.


- Jonathan Hurley


On April 8, 2016, 5:20 p.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45914/
> ---
> 
> (Updated April 8, 2016, 5:20 p.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-13240
> https://issues.apache.org/jira/browse/AMBARI-13240
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Because multiple KDCs may exist for an installation (failover, high 
> availability, etc...), Ambari should allow a user to specify multiple KDC 
> hosts to be set while enabling Kerberos and updating the Kerberos service's 
> configuration.
> 
> This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
> (comma-)delimited list of hosts and then parsing that list properly when 
> building the krb5.conf file where each {{kdc_host}} item generates an entry 
> in the relevant realm block.  For example:
> 
> # kerberos-env
> ```
> {
>   ...
>  "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> ```
> 
> # krb5.conf
> ```
> [realms]
>   EXAMPLE.COM = {
> ...
> kdc = kdc1.example.com
> kdc = kdc2.example.com
> ...
>   }
> ```
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
>  827b187 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  1ba138b 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
>  139fd7a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  65dad79 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
> 69b9a43 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
>  bb880e2 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
>  6780d2e 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
>  200a212 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
>  cc6f63a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  e8a2e35 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  411f966 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
>  f877e85 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
>  5c882ba 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  a583d39 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
> a11d596 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
>   
> ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
>  c1ca3aa 
>   ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 
> 7df0daf 
>   
> ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json
>  f60fa8f 
>   ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json 
> a321dfb 
>   
> ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json 
> db8e60b 
>   ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json 8ecb91b 
>   ambari-web/app/assets/data/stacks/HDP-2.2/configurations.json b82c0ee 
>   ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json 
> b34c7b4 
>   ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 7f77c38 
>   ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 38150c8 
>   ambari-web/app/controllers/main/servic

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-11 Thread Sandor Magyari


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/#review128091
---


Ship it!




Ship It!

- Sandor Magyari


On April 8, 2016, 9:20 p.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45914/
> ---
> 
> (Updated April 8, 2016, 9:20 p.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-13240
> https://issues.apache.org/jira/browse/AMBARI-13240
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Because multiple KDCs may exist for an installation (failover, high 
> availability, etc...), Ambari should allow a user to specify multiple KDC 
> hosts to be set while enabling Kerberos and updating the Kerberos service's 
> configuration.
> 
> This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
> (comma-)delimited list of hosts and then parsing that list properly when 
> building the krb5.conf file where each {{kdc_host}} item generates an entry 
> in the relevant realm block.  For example:
> 
> # kerberos-env
> ```
> {
>   ...
>  "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> ```
> 
> # krb5.conf
> ```
> [realms]
>   EXAMPLE.COM = {
> ...
> kdc = kdc1.example.com
> kdc = kdc2.example.com
> ...
>   }
> ```
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
>  827b187 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  1ba138b 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
>  139fd7a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  65dad79 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
> 69b9a43 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
>  bb880e2 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
>  6780d2e 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
>  200a212 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
>  cc6f63a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  e8a2e35 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  411f966 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
>  f877e85 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
>  5c882ba 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  a583d39 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
> a11d596 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
>   
> ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
>  c1ca3aa 
>   ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 
> 7df0daf 
>   
> ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json
>  f60fa8f 
>   ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json 
> a321dfb 
>   
> ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json 
> db8e60b 
>   ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json 8ecb91b 
>   ambari-web/app/assets/data/stacks/HDP-2.2/configurations.json b82c0ee 
>   ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json 
> b34c7b4 
>   ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 7f77c38 
>   ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 38150c8 
>   ambari-web/app/controllers/main/service/info/configs.js 8943d7c 
>   ambari-web/app/data/HDP2/site_properties.js 3586b0f 
>   ambari-web/app/messages.js 2d6ec67 
>   ambari-web/app/mixins/common/configs/toggle_isrequired.js cc2cc35 
>   ambari-web/app/models/configs/objects/service_config_property.js e7eaebd 
>   ambari-web/app/views/common/controls_view.js 2514d9d 
>   ambari-web/test/controllers/main/admin/kerberos/step2_controller_test.js 
> beacc63 
>   ambari-web/test/mixins/common/configs/toggle_isrequired_test.js 4672ae6 
>   ambari-web/test/views/common/controls_view_test.js dca7911 
> 
> Diff: https://reviews.apache.org/r/45914/diff/
> 
> 
> Testing
> ---

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-08 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/
---

(Updated April 8, 2016, 5:20 p.m.)


Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
Sandor Magyari.


Changes
---

Added unit tests to test updating kerberos-env and krb5-conf configs via the 
UpgradeCatalog


Bugs: AMBARI-13240
https://issues.apache.org/jira/browse/AMBARI-13240


Repository: ambari


Description
---

Because multiple KDCs may exist for an installation (failover, high 
availability, etc...), Ambari should allow a user to specify multiple KDC hosts 
to be set while enabling Kerberos and updating the Kerberos service's 
configuration.

This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
(comma-)delimited list of hosts and then parsing that list properly when 
building the krb5.conf file where each {{kdc_host}} item generates an entry in 
the relevant realm block.  For example:

# kerberos-env
```
{
  ...
 "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
```

# krb5.conf
```
[realms]
  EXAMPLE.COM = {
...
kdc = kdc1.example.com
kdc = kdc2.example.com
...
  }
```


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
 827b187 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
 1ba138b 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
 139fd7a 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 65dad79 
  ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
69b9a43 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 bb880e2 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
 6780d2e 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
 200a212 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
 cc6f63a 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
 e8a2e35 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
 411f966 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
 f877e85 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
 5c882ba 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 a583d39 
  ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
a11d596 
  ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
  
ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
 c1ca3aa 
  ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 
7df0daf 
  
ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json 
f60fa8f 
  ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json 
a321dfb 
  ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json 
db8e60b 
  ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json 8ecb91b 
  ambari-web/app/assets/data/stacks/HDP-2.2/configurations.json b82c0ee 
  ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json 
b34c7b4 
  ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 7f77c38 
  ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 38150c8 
  ambari-web/app/controllers/main/service/info/configs.js 8943d7c 
  ambari-web/app/data/HDP2/site_properties.js 3586b0f 
  ambari-web/app/messages.js 2d6ec67 
  ambari-web/app/mixins/common/configs/toggle_isrequired.js cc2cc35 
  ambari-web/app/models/configs/objects/service_config_property.js e7eaebd 
  ambari-web/app/views/common/controls_view.js 2514d9d 
  ambari-web/test/controllers/main/admin/kerberos/step2_controller_test.js 
beacc63 
  ambari-web/test/mixins/common/configs/toggle_isrequired_test.js 4672ae6 
  ambari-web/test/views/common/controls_view_test.js dca7911 

Diff: https://reviews.apache.org/r/45914/diff/


Testing
---

manually tested new cluster and upgraded cluster

# Jenkins test results: PENDING


Thanks,

Robert Levas

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-08 Thread Oliver Szabo


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/#review127793
---


Ship it!




Ship It! 
Maybe you should add some more tests with multiple kdc hosts input

- Oliver Szabo


On April 8, 2016, 12:55 a.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45914/
> ---
> 
> (Updated April 8, 2016, 12:55 a.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
> Sandor Magyari.
> 
> 
> Bugs: AMBARI-13240
> https://issues.apache.org/jira/browse/AMBARI-13240
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Because multiple KDCs may exist for an installation (failover, high 
> availability, etc...), Ambari should allow a user to specify multiple KDC 
> hosts to be set while enabling Kerberos and updating the Kerberos service's 
> configuration.
> 
> This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
> (comma-)delimited list of hosts and then parsing that list properly when 
> building the krb5.conf file where each {{kdc_host}} item generates an entry 
> in the relevant realm block.  For example:
> 
> # kerberos-env
> ```
> {
>   ...
>  "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> ```
> 
> # krb5.conf
> ```
> [realms]
>   EXAMPLE.COM = {
> ...
> kdc = kdc1.example.com
> kdc = kdc2.example.com
> ...
>   }
> ```
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
>  827b187 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  1ba138b 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
>  139fd7a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  65dad79 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
> 69b9a43 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
>  bb880e2 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
>  6780d2e 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
>  200a212 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
>  cc6f63a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  e8a2e35 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  411f966 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
>  f877e85 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
>  5c882ba 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java
>  616d37f 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  a583d39 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
> a11d596 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
>   
> ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
>  c1ca3aa 
>   ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 
> 7df0daf 
>   
> ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json
>  f60fa8f 
>   ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json 
> a321dfb 
>   
> ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json 
> db8e60b 
>   ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json 8ecb91b 
>   ambari-web/app/assets/data/stacks/HDP-2.2/configurations.json b82c0ee 
>   ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json 
> b34c7b4 
>   ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 7f77c38 
>   ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 38150c8 
>   ambari-web/app/controllers/main/service/info/configs.js 8943d7c 
>   ambari-web/app/data/HDP2/site_properties.js 3586b0f 
>   ambari-web/app/messages.js 2d6ec67 
>   ambari-web/app/mixins/common/configs/toggle_isrequired.js cc2cc35 
>   ambari-web/app/models/configs/objects/service_config_property.js e7eaebd 
>   ambari-web/app/views/common/controls_view.js 2514d9d 
>   ambari-web/test/controllers/main/admin/kerberos/step2_controller_test.js 
> beacc63 
>   ambari-web/test/mixins/common/configs/to

Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

2016-04-07 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45914/
---

Review request for Ambari, Jaimin Jetly, Jonathan Hurley, Oliver Szabo, and 
Sandor Magyari.


Bugs: AMBARI-13240
https://issues.apache.org/jira/browse/AMBARI-13240


Repository: ambari


Description
---

Because multiple KDCs may exist for an installation (failover, high 
availability, etc...), Ambari should allow a user to specify multiple KDC hosts 
to be set while enabling Kerberos and updating the Kerberos service's 
configuration.

This should be done by allowing {{kerberos-env/kdc_host}} to accept a 
(comma-)delimited list of hosts and then parsing that list properly when 
building the krb5.conf file where each {{kdc_host}} item generates an entry in 
the relevant realm block.  For example:

# kerberos-env
```
{
  ...
 "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
```

# krb5.conf
```
[realms]
  EXAMPLE.COM = {
...
kdc = kdc1.example.com
kdc = kdc2.example.com
...
  }
```


Diffs
-

  
ambari-server/src/main/java/org/apache/ambari/server/api/rest/KdcServerReachabilityCheck.java
 827b187 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
 1ba138b 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
 139fd7a 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 65dad79 
  ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java 
69b9a43 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 bb880e2 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
 6780d2e 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
 200a212 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
 cc6f63a 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
 e8a2e35 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
 411f966 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
 f877e85 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
 5c882ba 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java
 616d37f 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 a583d39 
  ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py 
a11d596 
  ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py 181c16d 
  
ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
 c1ca3aa 
  ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 
7df0daf 
  
ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json 
f60fa8f 
  ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json 
a321dfb 
  ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json 
db8e60b 
  ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json 8ecb91b 
  ambari-web/app/assets/data/stacks/HDP-2.2/configurations.json b82c0ee 
  ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json 
b34c7b4 
  ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 7f77c38 
  ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 38150c8 
  ambari-web/app/controllers/main/service/info/configs.js 8943d7c 
  ambari-web/app/data/HDP2/site_properties.js 3586b0f 
  ambari-web/app/messages.js 2d6ec67 
  ambari-web/app/mixins/common/configs/toggle_isrequired.js cc2cc35 
  ambari-web/app/models/configs/objects/service_config_property.js e7eaebd 
  ambari-web/app/views/common/controls_view.js 2514d9d 
  ambari-web/test/controllers/main/admin/kerberos/step2_controller_test.js 
beacc63 
  ambari-web/test/mixins/common/configs/toggle_isrequired_test.js 4672ae6 
  ambari-web/test/views/common/controls_view_test.js dca7911 

Diff: https://reviews.apache.org/r/45914/diff/


Testing
---

manually tested new cluster and upgraded cluster

# Jenkins test results: PENDING


Thanks,

Robert Levas

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Re: Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Review Request 45914: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

7 matches

Site Navigation

Mail list logo

Footer information