[
https://issues.apache.org/jira/browse/AMBARI-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14548303#comment-14548303
]
Hudson commented on AMBARI-11179:
---------------------------------
SUCCESS: Integrated in Ambari-trunk-Commit #2634 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/2634/])
AMBARI-11179. Kerberos: Oozie auth rules do not look correct (rlevas) (rlevas:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=2dd80b90379663265e5e1001b32f18f1c6be23ee)
*
ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml
*
ambari-server/src/main/resources/common-services/OOZIE/5.0.0.2.3/configuration/oozie-site.xml
> Kerberos: Oozie auth rules do not look correct
> ----------------------------------------------
>
> Key: AMBARI-11179
> URL: https://issues.apache.org/jira/browse/AMBARI-11179
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: keberos
> Fix For: 2.1.0
>
> Attachments: AMBARI-11179_01.patch
>
>
> 0) create cluster, hDP 2.2, build 1203
> 1) Kerb cluster (hdfs, yarn,zk)
> 2) add ozzie
> 3) add hbase
> 4) everything seems ok.
> 5) I went and looked at oozie configs,
> oozie.authentication.kerberos.name.rules property looks like this...is this
> correct?
> {code}
> RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/
> RULE:[1:$1@$0]([email protected])s/.*/hbase/
> RULE:[1:$1@$0]([email protected])s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@.*TODO-KERBEROS-DOMAIN)s/@.*//
> RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUSER/
> RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/hbase/
> RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> RULE:[2:$1@$0]([email protected])s/.*/mapred/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/oozie/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> DEFAULT
> {code}
> *Solution*
> Remove the following values for
> oozie-site/oozie.authentication.kerberos.name.rules
> {code:title=common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml:145}
> RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUxSER/
> RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
> RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> DEFAULT
> {code}
> {code:title=common-services/OOZIE/5.0.0.2.3/configuration/oozie-site.xml:24}
> RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUxSER/
> RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
> RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> DEFAULT
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
