[AMBARI-8976] Use cluster property rather than cluster-env/security_enabled to enable or disable Kerberos - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: ambari-server
Labels:
- kerberos

Epic Link:
Ambari Automated Kerberization

Description

Use a cluster property rather than cluster-env/security_enabled to enable or disable Kerberos. Since cluster-env/security_enabled is used by services to determine if Kerberos is enabled or not, it should not be set before completing the process of enabling or disabling Kerberos. To declare whether the cluster enable or disable Kerberos, a property on the cluster should be set. The property should be called security_type and must have one of the following values:

NONE
KERBEROS

By using cluster-env/security_enabled, the configuration property gets set to "true" before Kerberos is filly enabled. This is causing issues with stopping services so that the updated Kerberos-related configurations can be set.

Example API call to enable Kerberos

PUT /api/v1/clusters/c1

{
  "Clusters" : {
    "security_type" : "KERBEROS"
  }
}

Example API call to disable Kerberos

PUT /api/v1/clusters/c1

{
  "Clusters" : {
    "security_type" : "NONE"
  }
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-8976_01.patch
25/Jan/15 18:17
82 kB
Robert Levas
AMBARI-8976_02.patch
26/Jan/15 21:31
91 kB
Robert Levas

Issue Links

is depended upon by

AMBARI-9314 Change the API call to set the cluster property "security_type" instead of cluster-env/security_enabled for invoking kerberization

Resolved

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Jan/15 16:49

Updated:: 02/Feb/15 22:54

Resolved:: 27/Jan/15 01:20