AMBARI-24879. kAdmin principal name is set on the GUI when enabling Kerberos with MIT KDC using a new variable replacement function #2593
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
The kadmin service principal name should be configurable for MIT KDC interactions. The current process assumes the kadmin service principal is
kadmin/FQDN_KADMIN_HOST
, but this could be different on some installations. For example,kadmin/admin
.A new
kerberos-env
property should be added to allow a user to change the kadmin principal name -kerberos-env/kadmin_principal_name
The default value for the new property should be
kadmin/${admin_server_host|stripPort()}
. To be able to do this, we have to create a new variable replacement function. For example,stripPort
.Note: related stack change is going to be submitted separately.
How was this patch tested?
Executing JUnit tests locally in
ambari-server
:In addition to this I did an E2E testing within my vagrant environment where Kerberos was enabled using the new property (leave as the default and changing it to a custom value).