[
https://issues.apache.org/jira/browse/KNOX-919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15956588#comment-15956588
]
Yoann Bellet commented on KNOX-919:
-----------------------------------
Thank you in advance for taking a look at my problem :)
I built Knox from source for hadoop 2.7.3 with command :
mvn -Panalyze -Ppackage -Prelease clean install -DskipTests
i remove conf files content (with ckeck for changes if necessary)
Concerning my upgrade Process I use Chef deployment :
* I stop knox service (init.d)
* Deployment process :
* I untar and copy locally new version of Knox
* I copy keytab to be used in new Knox version
* I generate link the actual krb5.conf from server on knox/conf, create my
conf/topologies/cluster.xml with data from chef-server, same for
conf/Gateway-site.xml, /krb5JAASLogin.conf and loggers
* I install security files /data/security/keystores/gateway.jks,
current/data/security/master,
/data/security/keystores/__gateway-credentials.jceks already created
(server certificates are ok, i can see with a curl command
start date: Nov 07 11:33:05 2014 GMT
expire date: Nov 06 11:33:05 2019 GMT)
* switch current link from knox-0.9.1 to knox-0.12 on /opt/application/Knox
(it easier to rollback)
* I start knox service
> Upgrade Knox 0.9.1 to 0.12 - Url matching failed
> ------------------------------------------------
>
> Key: KNOX-919
> URL: https://issues.apache.org/jira/browse/KNOX-919
> Project: Apache Knox
> Issue Type: Bug
> Components: Release
> Affects Versions: 0.12.0
> Environment: Hadoop Cluster
> LDAP/Kerberos
> Reporter: Yoann Bellet
> Priority: Blocker
>
> Hello,
> I'm trying to upgrade our Knox on Preproduction plateform from version 0.9.1
> to 0.12, (I deployed the same configuration, i don't see any big differencies
> on this side).
> Logs seems to be identicals
> I'm trying these commands :
> {code}
> ./bin/knoxcli.sh user-auth-test --cluster bigdata --u user--p passwd--g --d
> ./bin/knoxcli.sh validate-topology --cluster bigdata
> {code}
> And it works for the two versions.
> But when I'm trying to contact webhdfs with this curl command
> curl -ivk -u user-X GET
> 'https://knox01:8443/gateway/bigdata/webhdfs/v1/user?OP=LISTSTATUS'
> with 0.9.1 :
> {code}
> 2017-04-03T15:36:24.111779+02:00 localhost 17/04/03 15:36:24
> ||e196f2d6-bdbe-4e66-b707-8d52c8bafd98|audit|WEBHDFS||||access|uri|/gateway/bigdata/webhdfs/v1/user/user?OP=LISTSTATUS|unavailable|Request
> method: GET
> 2017-04-03T15:36:24.112571+02:00 localhost 17/04/03 15:36:24
> ||e196f2d6-bdbe-4e66-b707-8d52c8bafd98|audit|WEBHDFS|user|||authentication|uri|/gateway/bigdata/webhdfs/v1/user?OP=LISTSTATUS|success|
> 2017-04-03T15:36:24.112709+02:00 localhost 17/04/03 15:36:24
> ||e196f2d6-bdbe-4e66-b707-8d52c8bafd98|audit|WEBHDFS|user|||authentication|uri|/gateway/bigdata/webhdfs/v1/user?OP=LISTSTATUS|success|Groups:
> []
> 2017-04-03T15:36:24.114225+02:00 localhost 17/04/03 15:36:24
> ||e196f2d6-bdbe-4e66-b707-8d52c8bafd98|audit|WEBHDFS|user|||dispatch|uri|http://namenode01:50070/webhdfs/v1/user?doAs=user&OP=LISTSTATUS|unavailable|Request
> method: GET
> 2017-04-03T15:36:24.146810+02:00 localhost 17/04/03 15:36:24
> ||e196f2d6-bdbe-4e66-b707-8d52c8bafd98|audit|WEBHDFS|user|||dispatch|uri|http://namenode01:50070/webhdfs/v1/user?doAs=user&OP=LISTSTATUS|success|Response
> status: 200
> 2017-04-03T15:36:24.152511+02:00 localhost 17/04/03 15:36:24
> ||e196f2d6-bdbe-4e66-b707-8d52c8bafd98|audit|WEBHDFS|user|||access|uri|/gateway/bigdata/webhdfs/v1/user?OP=LISTSTATUS|success|Response
> status: 200
> {code}
> whith 0.12 :
> {code}
> 2017-04-03T15:37:01.651295+02:00 localhost 17/04/03 15:37:01
> ||8c8c0ef2-db5c-4bc4-83c3-5ef35a7e482e|audit|||||access|uri|/gateway/bigdata/gateway/bigdata/webhdfs/v1/user/gateway/bigdata/webhdfs/v1/user?OP=LISTSTATUS|unavailable|Request
> method: GET
> 2017-04-03T15:37:01+02:00 knox01 knox WARN - org.apache.hadoop.gatewayFailed
> to match path /gateway/bigdata/webhdfs/v1/user
> 2017-04-03T15:37:01.652123+02:00 localhost 17/04/03 15:37:01
> ||8c8c0ef2-db5c-4bc4-83c3-5ef35a7e482e|audit|||||access|uri|/gateway/bigdata/gateway/bigdata/webhdfs/v1/user/gateway/bigdata/webhdfs/v1/user?OP=LISTSTATUS|success|Response
> status: 404
> {code}
> Authentication is not tested and namenode is not call on Knox 0.12 because
> uri matching reveal an error, i don't know why Knox add "gateway/bigdata"
> many times on uri...
> Regards.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
