subject:"Review Request 62828\: When regenerating keytab files for a service, non\-service\-specific principals are affected"

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

2017-10-09 Thread Sebastian Toader


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62828/#review187415
---


Ship it!




Ship It!

- Sebastian Toader


On Oct. 8, 2017, 1:36 p.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62828/
> ---
> 
> (Updated Oct. 8, 2017, 1:36 p.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene 
> Chekanskiy, Jonathan Hurley, Laszlo Puskas, Nate Cole, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-22138
> https://issues.apache.org/jira/browse/AMBARI-22138
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> When regenerating keytab files for a service, non-service-specific principals 
> are affected. For example, when regenerating the keytab files for HDFS using 
> the following ReST API call:
> 
> ```
> PUT /api/v1/clusters/c1?regenerate_keytabs=all_components=HDFS
> {
>   "Clusters": {
> "security_type": "KERBEROS"
>   }
> }
> ```
> 
> The following principals are affected:
> - HTTP/c6402.ambari.apache@example.com
> - ambari-qa...@example.com
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - HTTP/c6403.ambari.apache@example.com
> - dn/c6403.ambari.apache@example.com
> - HTTP/c6401.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> - ambari-server...@example.com
> 
> However only the following principals *should be*  affected:
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - dn/c6403.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
>  20c5708467 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  b691968919 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java
>  66bf7b3cd3 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
>  4396a2ba7e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  069c821f0e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  c86ffa36b1 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
>  f56e9464e5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
>  3ec84fa681 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
>  49828cb462 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java
>  b4969420d6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
>  9ddb9417db 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java
>  ef45343dbc 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  60d7fd9677 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java
>  663934fd3a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
>  d6bef022cd 
> 
> 
> Diff: https://reviews.apache.org/r/62828/diff/1/
> 
> 
> Testing
> ---
> 
> manual tesing
> 
> # Local test results:
> ```
> [INFO] 
> 
> [INFO] BUILD SUCCESS
> [INFO] 
> 
> [INFO] Total time: 28:02 min
> [INFO] Finished at: 2017-10-07T12:09:47-04:00
> [INFO] Final Memory: 108M/1995M
> [INFO] 
> 
> ```
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

2017-10-09 Thread Nate Cole


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62828/#review187414
---


Ship it!




Ship It!

- Nate Cole


On Oct. 8, 2017, 7:36 a.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62828/
> ---
> 
> (Updated Oct. 8, 2017, 7:36 a.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene 
> Chekanskiy, Jonathan Hurley, Laszlo Puskas, Nate Cole, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-22138
> https://issues.apache.org/jira/browse/AMBARI-22138
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> When regenerating keytab files for a service, non-service-specific principals 
> are affected. For example, when regenerating the keytab files for HDFS using 
> the following ReST API call:
> 
> ```
> PUT /api/v1/clusters/c1?regenerate_keytabs=all_components=HDFS
> {
>   "Clusters": {
> "security_type": "KERBEROS"
>   }
> }
> ```
> 
> The following principals are affected:
> - HTTP/c6402.ambari.apache@example.com
> - ambari-qa...@example.com
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - HTTP/c6403.ambari.apache@example.com
> - dn/c6403.ambari.apache@example.com
> - HTTP/c6401.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> - ambari-server...@example.com
> 
> However only the following principals *should be*  affected:
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - dn/c6403.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
>  20c5708467 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  b691968919 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java
>  66bf7b3cd3 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
>  4396a2ba7e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  069c821f0e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  c86ffa36b1 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
>  f56e9464e5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
>  3ec84fa681 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
>  49828cb462 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java
>  b4969420d6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
>  9ddb9417db 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java
>  ef45343dbc 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  60d7fd9677 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java
>  663934fd3a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
>  d6bef022cd 
> 
> 
> Diff: https://reviews.apache.org/r/62828/diff/1/
> 
> 
> Testing
> ---
> 
> manual tesing
> 
> # Local test results:
> ```
> [INFO] 
> 
> [INFO] BUILD SUCCESS
> [INFO] 
> 
> [INFO] Total time: 28:02 min
> [INFO] Finished at: 2017-10-07T12:09:47-04:00
> [INFO] Final Memory: 108M/1995M
> [INFO] 
> 
> ```
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

2017-10-09 Thread Jonathan Hurley


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62828/#review187409
---


Ship it!




Ship It!

- Jonathan Hurley


On Oct. 8, 2017, 7:36 a.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62828/
> ---
> 
> (Updated Oct. 8, 2017, 7:36 a.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene 
> Chekanskiy, Jonathan Hurley, Laszlo Puskas, Nate Cole, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-22138
> https://issues.apache.org/jira/browse/AMBARI-22138
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> When regenerating keytab files for a service, non-service-specific principals 
> are affected. For example, when regenerating the keytab files for HDFS using 
> the following ReST API call:
> 
> ```
> PUT /api/v1/clusters/c1?regenerate_keytabs=all_components=HDFS
> {
>   "Clusters": {
> "security_type": "KERBEROS"
>   }
> }
> ```
> 
> The following principals are affected:
> - HTTP/c6402.ambari.apache@example.com
> - ambari-qa...@example.com
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - HTTP/c6403.ambari.apache@example.com
> - dn/c6403.ambari.apache@example.com
> - HTTP/c6401.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> - ambari-server...@example.com
> 
> However only the following principals *should be*  affected:
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - dn/c6403.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
>  20c5708467 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  b691968919 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java
>  66bf7b3cd3 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
>  4396a2ba7e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  069c821f0e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  c86ffa36b1 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
>  f56e9464e5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
>  3ec84fa681 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
>  49828cb462 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java
>  b4969420d6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
>  9ddb9417db 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java
>  ef45343dbc 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  60d7fd9677 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java
>  663934fd3a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
>  d6bef022cd 
> 
> 
> Diff: https://reviews.apache.org/r/62828/diff/1/
> 
> 
> Testing
> ---
> 
> manual tesing
> 
> # Local test results:
> ```
> [INFO] 
> 
> [INFO] BUILD SUCCESS
> [INFO] 
> 
> [INFO] Total time: 28:02 min
> [INFO] Finished at: 2017-10-07T12:09:47-04:00
> [INFO] Final Memory: 108M/1995M
> [INFO] 
> 
> ```
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

2017-10-08 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62828/#review187359
---




ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
Lines 271-274 (original), 274-277 (patched)


We need to force all host here if we are not regenerating for a specific 
set of hosts in the event we regenerate a headless keytab file that needs to be 
redistributed to hosts not explicitly related to the job. For example if the 
Kerberos identities for HDFS is being regenerated, the HDFS identity will be 
regenerated and thus may need to be distributed to hosts that are do not have 
HDFS components on them.



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
Line 329 (original), 332 (patched)


`null` is not allowed to be set as a value in this Map implementation. Plus 
we can now use the following as a directive to incidate all components on a 
service:

```
regenerate_components=HDFS:*
```


- Robert Levas


On Oct. 8, 2017, 7:36 a.m., Robert Levas wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62828/
> ---
> 
> (Updated Oct. 8, 2017, 7:36 a.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene 
> Chekanskiy, Jonathan Hurley, Laszlo Puskas, Nate Cole, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-22138
> https://issues.apache.org/jira/browse/AMBARI-22138
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> When regenerating keytab files for a service, non-service-specific principals 
> are affected. For example, when regenerating the keytab files for HDFS using 
> the following ReST API call:
> 
> ```
> PUT /api/v1/clusters/c1?regenerate_keytabs=all_components=HDFS
> {
>   "Clusters": {
> "security_type": "KERBEROS"
>   }
> }
> ```
> 
> The following principals are affected:
> - HTTP/c6402.ambari.apache@example.com
> - ambari-qa...@example.com
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - HTTP/c6403.ambari.apache@example.com
> - dn/c6403.ambari.apache@example.com
> - HTTP/c6401.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> - ambari-server...@example.com
> 
> However only the following principals *should be*  affected:
> - nn/c6402.ambari.apache@example.com
> - hdfs...@example.com
> - dn/c6403.ambari.apache@example.com
> - nn/c6401.ambari.apache@example.com
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
>  20c5708467 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  b691968919 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java
>  66bf7b3cd3 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
>  4396a2ba7e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  069c821f0e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  c86ffa36b1 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
>  f56e9464e5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
>  3ec84fa681 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
>  49828cb462 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java
>  b4969420d6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
>  9ddb9417db 
>   
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java
>  ef45343dbc 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  60d7fd9677 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java
>  663934fd3a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
>  d6bef022cd 
> 
> 
> Diff: https://reviews.apache.org/r/62828/diff/1/
> 
> 
> Testing
> ---
> 
> manual tesing
> 
> # Local test results:
> ```
> [INFO] 
> 
> [INFO] BUILD SUCCESS
> [INFO] 
>

Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

2017-10-08 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62828/
---

Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene Chekanskiy, 
Jonathan Hurley, Laszlo Puskas, Nate Cole, and Sebastian Toader.


Bugs: AMBARI-22138
https://issues.apache.org/jira/browse/AMBARI-22138


Repository: ambari


Description
---

When regenerating keytab files for a service, non-service-specific principals 
are affected. For example, when regenerating the keytab files for HDFS using 
the following ReST API call:

```
PUT /api/v1/clusters/c1?regenerate_keytabs=all_components=HDFS
{
  "Clusters": {
"security_type": "KERBEROS"
  }
}
```

The following principals are affected:
- HTTP/c6402.ambari.apache@example.com
- ambari-qa...@example.com
- nn/c6402.ambari.apache@example.com
- hdfs...@example.com
- HTTP/c6403.ambari.apache@example.com
- dn/c6403.ambari.apache@example.com
- HTTP/c6401.ambari.apache@example.com
- nn/c6401.ambari.apache@example.com
- ambari-server...@example.com

However only the following principals *should be*  affected:
- nn/c6402.ambari.apache@example.com
- hdfs...@example.com
- dn/c6403.ambari.apache@example.com
- nn/c6401.ambari.apache@example.com


Diffs
-

  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
 20c5708467 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 b691968919 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java
 66bf7b3cd3 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
 4396a2ba7e 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
 069c821f0e 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
 c86ffa36b1 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
 f56e9464e5 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java
 3ec84fa681 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java
 49828cb462 
  
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java
 b4969420d6 
  
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
 9ddb9417db 
  
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java
 ef45343dbc 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
 60d7fd9677 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java
 663934fd3a 
  
ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
 d6bef022cd 


Diff: https://reviews.apache.org/r/62828/diff/1/


Testing
---

manual tesing

# Local test results:
```
[INFO] 
[INFO] BUILD SUCCESS
[INFO] 
[INFO] Total time: 28:02 min
[INFO] Finished at: 2017-10-07T12:09:47-04:00
[INFO] Final Memory: 108M/1995M
[INFO] 
```


Thanks,

Robert Levas

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

Re: Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

Review Request 62828: When regenerating keytab files for a service, non-service-specific principals are affected

5 matches

Site Navigation

Mail list logo

Footer information