[AMBARI-12450] Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0, 2.0.1, 2.1.0
Fix Version/s: 2.1.1
Component/s: ambari-server
Labels:
- kerberos
- rest_api

Description

When querying for information about services installed in a Kerberized cluster via the REST API, the ServiceResourceProvider always attempts to contact the KDC (or Active Directory) if the KERBEROS service is selected within the query.

This can be seen about every 15 seconds, when the UI queries for the state of the services in a Kerberized cluster using the following query:

GET  /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true

The result from this query does not contain the KDC connectivity attributes (which is expected), yet the detail are obtained.

This issue causes excess overhead in Ambari as well as on the relevant KDC or Active Directory. Also the kdamin.log fills up with messages like:

/var/log/kadmind.log

Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29

Solution
Only query for the KDC attributes when explicitly or implicitly queried. This can be done by conditionally setting the relevant properties near org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394 by inspecting the request for relevant identifiers using something like the following:

requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, requestedIds);

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-12450_01.patch
17/Jul/15 20:00
11 kB
Robert Levas

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Jul/15 15:33

Updated:: 21/Jul/15 18:10

Resolved:: 21/Jul/15 15:04