----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/35017/#review86469 -----------------------------------------------------------
Ship it! Ship It! - Robert Nettleton On June 3, 2015, 7:33 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/35017/ > ----------------------------------------------------------- > > (Updated June 3, 2015, 7:33 p.m.) > > > Review request for Ambari, Arpit Gupta, John Speidel, Raghav Gautam, Robert > Nettleton, and Tom Beerbower. > > > Bugs: AMBARI-11629 > https://issues.apache.org/jira/browse/AMBARI-11629 > > > Repository: ambari > > > Description > ------- > > After enabling Kerberos, the value for property > *.falcon.http.authentication.kerberos.name.rules is set to > ``` > RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/ > RULE:[1:$1@$0]([email protected])s/.*/hdfs/ > RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// > RULE:[2:$1@$0]([email protected])s/.*/ams/ > RULE:[2:$1@$0]([email protected])s/.*/ams/ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ > RULE:[2:$1@$0]([email protected])s/.*/falcon/ > RULE:[2:$1@$0]([email protected])s/.*/hive/ > RULE:[2:$1@$0]([email protected])s/.*/mapred/ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ > RULE:[2:$1@$0]([email protected])s/.*/yarn/ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ > RULE:[2:$1@$0]([email protected])s/.*/oozie/ > RULE:[2:$1@$0]([email protected])s/.*/yarn/ > RULE:[2:$1@$0]([email protected])s/.*/yarn/ > DEFAULT > ``` > > This is incorrect. The correct value should be > ``` > RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/ \ > RULE:[1:$1@$0]([email protected])s/.*/hdfs/ \ > RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \ > RULE:[2:$1@$0]([email protected])s/.*/ams/ \ > RULE:[2:$1@$0]([email protected])s/.*/ams/ \ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \ > RULE:[2:$1@$0]([email protected])s/.*/falcon/ \ > RULE:[2:$1@$0]([email protected])s/.*/hive/ \ > RULE:[2:$1@$0]([email protected])s/.*/mapred/ \ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \ > RULE:[2:$1@$0]([email protected])s/.*/yarn/ \ > RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \ > RULE:[2:$1@$0]([email protected])s/.*/oozie/ \ > RULE:[2:$1@$0]([email protected])s/.*/yarn/ \ > RULE:[2:$1@$0]([email protected])s/.*/yarn/ \ > DEFAULT > ``` > > Please notice the "\" at end of each RULE. This is needed because of the type > of configuration file the data is in - a (Java) properties file, where > properties values must be a single line or escaped if multi-lined. > > *Solution* > Convert the multi-line auth-to-local rule to meet the requirements of the > configuration file type by allowing the concatenation type to be specified in > the Kerberos descriptor. The following concatenation types are allowed: > - *new lines* - each rule is separated by a new line > - *new_lines_escaped* - each rule is separated by an escaped new line > - *spaces* - each rule is separated by a whitespace charater > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java > c599cc1 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 70d08ba > > ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json > df3ba34 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 58013e2 > > Diff: https://reviews.apache.org/r/35017/diff/ > > > Testing > ------- > > Manually tested to see _fixed_ Falcon startup.properties file and > successfully Kerberized cluster. > > Unit tests passed localled > > #Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >
