[
https://issues.apache.org/jira/browse/AMBARI-9020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-9020:
---------------------------------
Description:
Ambari agent script should not kinit with Oozie service credentials on behalf
of the Oozie service.
This is occurring in
{code:title=oozie_service.py (around line 26)}
kinit_if_needed = format("{kinit_path_local} -kt {oozie_keytab}
{oozie_principal};") if params.security_enabled else ""
{code}
{code:title=oozie_service.py (around line 40)}
cmd2 = format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop
--config {hadoop_conf_dir} dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")
{code}
{code:title=oozie_service.py (around line 60)}
Execute( cmd2,
user = params.oozie_user,
not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs
-ls /user/oozie/share | awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if
(count > 0) {{exit 0}} else {{exit 1}}}}'"),
path = params.execute_path
)
{code}
was:
Ambari agent script should not kinit with Oozie service credentials on behalf
of the Oozie service.
This is occurring in
{code:title=oozie_service.py (around line 40)}
cmd2 = format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop
--config {hadoop_conf_dir} dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")
{code}
{code:title=oozie_service.py (around line 60)}
Execute( cmd2,
user = params.oozie_user,
not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs
-ls /user/oozie/share | awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if
(count > 0) {{exit 0}} else {{exit 1}}}}'"),
path = params.execute_path
)
{code}
> Ambari agent script should not kinit with Oozie service credentials on behalf
> of the Oozie service
> --------------------------------------------------------------------------------------------------
>
> Key: AMBARI-9020
> URL: https://issues.apache.org/jira/browse/AMBARI-9020
> Project: Ambari
> Issue Type: Bug
> Components: stacks
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Labels: kerberos, oozie, security, stack
> Fix For: 2.0.0
>
>
> Ambari agent script should not kinit with Oozie service credentials on behalf
> of the Oozie service.
> This is occurring in
> {code:title=oozie_service.py (around line 26)}
> kinit_if_needed = format("{kinit_path_local} -kt {oozie_keytab}
> {oozie_principal};") if params.security_enabled else ""
> {code}
> {code:title=oozie_service.py (around line 40)}
> cmd2 = format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop
> --config {hadoop_conf_dir} dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")
> {code}
> {code:title=oozie_service.py (around line 60)}
> Execute( cmd2,
> user = params.oozie_user,
> not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir}
> dfs -ls /user/oozie/share | awk 'BEGIN {{count=0;}} /share/ {{count++}} END
> {{if (count > 0) {{exit 0}} else {{exit 1}}}}'"),
> path = params.execute_path
> )
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
