Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AMBARI-24879. kAdmin principal name is set on the GUI when enabling Kerberos with MIT KDC using a new variable replacement function #2593

Merged
merged 1 commit into from Nov 12, 2018
Merged

AMBARI-24879. kAdmin principal name is set on the GUI when enabling Kerberos with MIT KDC using a new variable replacement function #2593

merged 1 commit into from Nov 12, 2018

Conversation

smolnar82
Copy link
Contributor

What changes were proposed in this pull request?

The kadmin service principal name should be configurable for MIT KDC interactions. The current process assumes the kadmin service principal is kadmin/FQDN_KADMIN_HOST, but this could be different on some installations. For example, kadmin/admin.

A new kerberos-env property should be added to allow a user to change the kadmin principal name - kerberos-env/kadmin_principal_name

The default value for the new property should be kadmin/${admin_server_host|stripPort()}. To be able to do this, we have to create a new variable replacement function. For example, stripPort.

Note: related stack change is going to be submitted separately.

How was this patch tested?

Executing JUnit tests locally in ambari-server:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 26:12 min
[INFO] Finished at: 2018-11-12T16:43:44+01:00
[INFO] Final Memory: 163M/1033M
[INFO] ------------------------------------------------------------------------

In addition to this I did an E2E testing within my vagrant environment where Kerberos was enabled using the new property (leave as the default and changing it to a custom value).

screen shot 2018-11-12 at 5 11 54 pm

@smolnar82
AMBARI-24879. kAdmin principal name is set on the GUI when enabling K…
815e008 
…erberos with MIT KDC using a new variable replacement function
@smolnar82 smolnar82 requested review from rlevas, zeroflag and a user November 12, 2018 16:12
@smolnar82 smolnar82 self-assigned this Nov 12, 2018
@asfgit
Copy link

asfgit commented Nov 12, 2018

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/4508/
Test PASSed.

@smolnar82 smolnar82 merged commit c17ecd1 into apache:trunk Nov 12, 2018
@smolnar82 smolnar82 deleted the AMBARI-24879 branch November 12, 2018 18:54
vishalsuvagia pushed a commit to vishalsuvagia/ambari that referenced this pull request Nov 13, 2018
Merge remote-tracking branch 'upstream/trunk' into trunk
03afcb5 
* upstream/trunk: (129 commits)
  AMBARI-24879. kAdmin principal name is set on the GUI when enabling Kerberos with MIT KDC using a new variable replacement function (apache#2593)
  AMBARI-24866. Make sure we use stack advisor to apply relevant service recommendation upon LDAP configuration addition/change (apache#2592)
  [AMBARI-24870] Allow blueprint install without HISTORYMANAGER, APP_TIMELINE_SERVER (benyoka) (apache#2590)
  [AMBARI-24873] Rolling Upgrade Orchestration Changes For Client Performance (apache#2591)
  [AMBARI-24869] Request configurations when needed during server-side actions rather than rely on configuration data from the execution command
  AMBARI-24864 Delete host confirm popup does not contain all master components
  AMBARI-24868 JS error when changing service auto-start toggle
  AMBARI-24862. Pre-Upgrade Checklist Changes (Code review changes. Part 5
  [AMBARI-24836] Service Auto start is enabled after page refresh
  AMBARI-24862. Pre-Upgrade Checklist Changes (Code review changes. Part 4
  AMBARI-24865. Build error at Findbugs with Maven 3.6. (apache#2581)
  AMBARI-24862. Pre-Upgrade Checklist Changes (Code review changes. Part 3
  AMBARI-24862. Pre-Upgrade Checklist Changes (Code review changes. Part 2
  AMBARI-24862. Pre-Upgrade Checklist Changes (Code review changes. Host heartbeat bugfix)
  AMBARI-24839. Ambari is trying to create hbase.rootdir using s3 url (aonishuk)
  AMBARI-24861. New wrapper class on Python side for LDAP-related data for use in service advisors (apache#2579)
  [AMBARI-24859] Admin View: Apache Ambari logo and favicon does not show when using Knox Gateway (apache#2577)
  AMBARI-24830. Add datatype option to the SwaggerUi client being used for api-docs. (jaimin) (apache#2576)
  AMBARI-24862. Pre-Upgrade Checklist Changes (Code review fixes)
  AMBARI-24862. Pre-Upgrade Checklist Changes (service autostrt fix)
  ...
@smolnar82 smolnar82 restored the AMBARI-24879 branch November 16, 2018 11:38
@smolnar82 smolnar82 mentioned this pull request Jan 29, 2019
Merged
@smolnar82 smolnar82 deleted the AMBARI-24879 branch January 29, 2019 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rlevas rlevas rlevas approved these changes

@zeroflag zeroflag Awaiting requested review from zeroflag

Assignees

@smolnar82 smolnar82

Labels
kerberos security
Projects
None yet
Milestone
No milestone
3 participants
@smolnar82 @asfgit @rlevas