[jira] [Updated] (AMBARI-11629) Falcon version command failed on secure runs

Wed, 03 Jun 2015 11:03:04 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-11629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-11629:
----------------------------------
    Description: 
After enabling Kerberos, the value for property 
*.falcon.http.authentication.kerberos.name.rules is set to 
{code}
RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/
RULE:[1:$1@$0]([email protected])s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0]([email protected])s/.*/ams/
RULE:[2:$1@$0]([email protected])s/.*/ams/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/falcon/
RULE:[2:$1@$0]([email protected])s/.*/hive/
RULE:[2:$1@$0]([email protected])s/.*/mapred/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/oozie/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
DEFAULT
{code}

This is incorrect. The correct value should be 
{code}
RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/ \
RULE:[1:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
RULE:[2:$1@$0]([email protected])s/.*/ams/ \
RULE:[2:$1@$0]([email protected])s/.*/ams/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/falcon/ \
RULE:[2:$1@$0]([email protected])s/.*/hive/ \
RULE:[2:$1@$0]([email protected])s/.*/mapred/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/oozie/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
DEFAULT
{code}

Please notice the "\" at end of each RULE. This is needed because of the type 
of configuration file the data is in - a (Java) properties file, where 
properties values must be a single line or escaped if multi-lined. 

*Solution*
Convert the multi-line auth-to-local rule to meet the requirements of the 
configuration file type by allowing the _concatenation type_ to be specified in 
the Kerberos descriptor.  The following concatenation types are allowed:
* *new lines* - each rule is separated by a new line 
* *new_lines_escaped* - each rule is separated by an escaped new line
* *spaces* - each rule is separated by a whitespace charater





  was:
After enabling Kerberos, the value for property 
*.falcon.http.authentication.kerberos.name.rules is set to 
{code}
RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/
RULE:[1:$1@$0]([email protected])s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0]([email protected])s/.*/ams/
RULE:[2:$1@$0]([email protected])s/.*/ams/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/falcon/
RULE:[2:$1@$0]([email protected])s/.*/hive/
RULE:[2:$1@$0]([email protected])s/.*/mapred/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/oozie/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
DEFAULT
{code}

This is incorrect. The correct value should be 
{code}
RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/ \
RULE:[1:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
RULE:[2:$1@$0]([email protected])s/.*/ams/ \
RULE:[2:$1@$0]([email protected])s/.*/ams/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/falcon/ \
RULE:[2:$1@$0]([email protected])s/.*/hive/ \
RULE:[2:$1@$0]([email protected])s/.*/mapred/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/oozie/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
DEFAULT
{code}

Please notice the "\" at end of each RULE. This is needed because of the type 
of configuration file the data is in - a (Java) properties file, where 
properties values must be a single line or escaped if multi-lined. 

*Solution*
Convert the multi-line auth-to-local rule to meet the requirements of the 
configuration file type.





> Falcon version command failed on secure runs
> --------------------------------------------
>
>                 Key: AMBARI-11629
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11629
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Blocker
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11629_01.patch
>
>
> After enabling Kerberos, the value for property 
> *.falcon.http.authentication.kerberos.name.rules is set to 
> {code}
> RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/
> RULE:[1:$1@$0]([email protected])s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0]([email protected])s/.*/ams/
> RULE:[2:$1@$0]([email protected])s/.*/ams/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/falcon/
> RULE:[2:$1@$0]([email protected])s/.*/hive/
> RULE:[2:$1@$0]([email protected])s/.*/mapred/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/oozie/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> DEFAULT
> {code}
> This is incorrect. The correct value should be 
> {code}
> RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/ \
> RULE:[1:$1@$0]([email protected])s/.*/hdfs/ \
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
> RULE:[2:$1@$0]([email protected])s/.*/ams/ \
> RULE:[2:$1@$0]([email protected])s/.*/ams/ \
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
> RULE:[2:$1@$0]([email protected])s/.*/falcon/ \
> RULE:[2:$1@$0]([email protected])s/.*/hive/ \
> RULE:[2:$1@$0]([email protected])s/.*/mapred/ \
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
> RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
> RULE:[2:$1@$0]([email protected])s/.*/oozie/ \
> RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
> RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
> DEFAULT
> {code}
> Please notice the "\" at end of each RULE. This is needed because of the type 
> of configuration file the data is in - a (Java) properties file, where 
> properties values must be a single line or escaped if multi-lined. 
> *Solution*
> Convert the multi-line auth-to-local rule to meet the requirements of the 
> configuration file type by allowing the _concatenation type_ to be specified 
> in the Kerberos descriptor.  The following concatenation types are allowed:
> * *new lines* - each rule is separated by a new line 
> * *new_lines_escaped* - each rule is separated by an escaped new line
> * *spaces* - each rule is separated by a whitespace charater



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to