Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.8.2
    • Component/s: new service
    • Labels:
      None

      Description

      Create a Kerberos service providing KDC and client provisioning profiles

      1. WHIRR-671-VERSION-01.patch
        34 kB
        Graham Gear
      2. WHIRR-671-VERSION-02.patch
        34 kB
        Graham Gear

        Activity

        Hide
        Graham Gear added a comment - - edited

        Attached a suggested implementation:

        https://issues.apache.org/jira/secure/attachment/12550524/WHIRR-671-VERSION-01.patch

        This has been tested with CentOS 6 and Rackspace Cloud Servers, but includes support for Debian derivatives and EC2.

        Show
        Graham Gear added a comment - - edited Attached a suggested implementation: https://issues.apache.org/jira/secure/attachment/12550524/WHIRR-671-VERSION-01.patch This has been tested with CentOS 6 and Rackspace Cloud Servers, but includes support for Debian derivatives and EC2.
        Hide
        Tom White added a comment -

        Thanks for the contribution Graham. This looks great. Just a few comments:

        • Adding new services should not usually require a change to core. In this case the Kerberos realm has been added to the cluster spec class. I wonder if there's a way to avoid that, e.g. with whirr.env properties?
        • Typo: "secuirty"
        • KerberosBaseHandler has an empty catch block (needs a comment at least), and the if statement should have braces.
        Show
        Tom White added a comment - Thanks for the contribution Graham. This looks great. Just a few comments: Adding new services should not usually require a change to core. In this case the Kerberos realm has been added to the cluster spec class. I wonder if there's a way to avoid that, e.g. with whirr.env properties? Typo: "secuirty" KerberosBaseHandler has an empty catch block (needs a comment at least), and the if statement should have braces.
        Hide
        Graham Gear added a comment -

        Attached new patch impl:

        https://issues.apache.org/jira/secure/attachment/12551276/WHIRR-671-VERSION-02.patch

        addressing issues raised:

        • Adding new services should not usually require a change to core. In this case the Kerberos realm has been added to the cluster spec class. I wonder if there's a way to avoid that, e.g. with whirr.env properties?

        The Kerberos realm could be provided as a whirr.env variable, but I thought it significant enough to warrant its own cluster spec field since it is a cross cutting concern (multiple modules are likely to use it, eg kerberos, whirr-cm, etc) and the additional meta-data (eg description, type) self document the important property. Having said that, I am happy to drop the cluster spec field in favour of whirr.env if we think we should?

        • Typo: "secuirty"

        Fixed

        • KerberosBaseHandler has an empty catch block (needs a comment at least), and the if statement should have braces.

        Fixed

        Show
        Graham Gear added a comment - Attached new patch impl: https://issues.apache.org/jira/secure/attachment/12551276/WHIRR-671-VERSION-02.patch addressing issues raised: Adding new services should not usually require a change to core. In this case the Kerberos realm has been added to the cluster spec class. I wonder if there's a way to avoid that, e.g. with whirr.env properties? The Kerberos realm could be provided as a whirr.env variable, but I thought it significant enough to warrant its own cluster spec field since it is a cross cutting concern (multiple modules are likely to use it, eg kerberos, whirr-cm, etc) and the additional meta-data (eg description, type) self document the important property. Having said that, I am happy to drop the cluster spec field in favour of whirr.env if we think we should? Typo: "secuirty" Fixed KerberosBaseHandler has an empty catch block (needs a comment at least), and the if statement should have braces. Fixed
        Hide
        Tom White added a comment -

        You're right that most Hadoop services have Kerberos integration in some form so it's reasonable to add it as an optional cluster spec property.

        Show
        Tom White added a comment - You're right that most Hadoop services have Kerberos integration in some form so it's reasonable to add it as an optional cluster spec property.
        Hide
        Tom White added a comment -

        +1 I just committed this. Thanks Graham!

        Show
        Tom White added a comment - +1 I just committed this. Thanks Graham!

          People

          • Assignee:
            Graham Gear
            Reporter:
            Graham Gear
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development