Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-8899

Knox service components should indicate security state

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.0.0
    • ambari-agent, stacks

    Description

      The Knox service components should indicate security state when queried by Ambari Agent via STATUS_COMMAND. Each component should determine it's state as follows:

      KNOX_GATEWAY

      Indicators

      • Command JSON
        • config['configurations']['cluster-env']['security_enabled']
          • = “true”
      • Configuration File: knox_conf_dir + '/krb5JAASLogin.conf'
        • keyTab
          • not empty
          • path exists and is readable
          • required
        • principal
          • not empty
          • required

      Pseudocode

      if indicators imply security is on and validate
    if kinit(principal) succeeds
        state = SECURED_KERBEROS
    else
        state = ERROR 
else
    state = UNSECURED

      Note: Due to the cost of calling kinit results should be cached for a period of time before retrying. This may be an issue depending on the frequency of the heartbeat timeout.
      Note: kinit calls should specify a temporary cache file which should be destroyed after command is executed - BUG-29477

      Attachments

        1. AMBARI-8899_01.patch
          12 kB
          Robert Levas

        Issue Links

          links to

          Web Link ReviewBoard

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: