A good occasion to take security seriously (before it jumps on your throat) and
have a security team and a security ML under PMC scrutiny
+0
Jacques
Le 29/01/2018 à 03:55, Roberta Marton a écrit :
+0
Running centos 6.7 and Cloudera 5.7.6 with Kerberos enabled.
I installed the source files for Trafodion release 2.2.
Successfully build binaries.
However, when I ran the python installer, it failed:
Host [rm1.novalocal]: Script [hdfs_cmds.py]
..................................... [ FAIL ]
Failed to run command su - hdfs -c '/usr/bin/hdfs dfs -chgrp 18/01/28 21:15:25
WARN security.UserGroupInformation: PriviledgedActionException as:root
(auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level: Failed
to find any Kerberos tgt)]
18/01/28 21:15:25 WARN ipc.Client: Exception encountered while connecting to
the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos tgt)
There is a valid HBASE ticket:
[centos@rm1 distribution]$ sudo su hdfs
bash-4.1$ klist
Ticket cache: FILE:/tmp/krb5cc_494
Default principal: hdfs/[email protected]
Valid starting Expires Service principal
01/28/18 21:11:10 01/29/18 21:11:10 krbtgt/[email protected]
renew until 02/02/18 21:11:10
I was able to manually run the hdfs requests when connected as hdfs user.
After manually running the HDFS steps, the installation step completed and
trafodion database was initialized. However, neither authentication or
authorization was enabled. I was able to manually enable both and successful
run some SQL queries.
I am concerned that when security features are enabled, that things do not work
as correctly.
Roberta
-----Original Message-----
From: Liu, Ming (Ming) [mailto:[email protected]]
Sent: Friday, January 26, 2018 7:09 PM
To: [email protected]
Subject: RE: [VOTE] Apache Trafodion release 2.2.0 RC 2
Hi, Steve,
The policy page does requires the year to reflect the distribution of the
CURRENT and past versions of the product. It we should update it. But does that
mean we have to update all headers in most source files, or only the NOTICE
file?
And I think this is NOT that strict, I checked a few other Apache projects:
Kylin 2.2.0 , in NOTICE, it is 2014-2016, but Kylin 2.2.0 released at 2017 Nov
ZooKeeper 3.4.8 , NOTICE file said 2009-2015, but ZooKeeper 3.4.8 released at
2016 Feb
Drill 1.12 , NOTICE file said 2013-2014, Drill 1.12 released at 2017 Dec
HBase is very good, update NOTICE for most releases, but the 2.0.0-beta-1
released at 2018 Jan, and the NOTICE file not update the year, still 2007-2017
Kudu 1.2.0, NOTICE file is 2016, but it released at 2017 Jan
Hive 1.2.2 , NOTICE file is 2008-2015, 1.2.2 released at 2017 April
...
Hadoop is very strict at this, not only update year for each release, but also
lists all third-party license header in its NOTICE file.
So in sum, I think it will be good for Trafodion to strictly follow the rule in
the next release, but it is not strict for now. Could you consider to change
your vote ?
Thanks,
Ming
-----Original Message-----
From: Steve Varnau [mailto:[email protected]]
Sent: Friday, January 26, 2018 8:03 AM
To: [email protected]
Subject: RE: [VOTE] Apache Trafodion release 2.2.0 RC 2
I'm not certain, but the NOTICE file, that contains the copyright for the
entire release is wrong.
This is the policy: http://apache.org/legal/src-headers.html#notice
I don't see any guidance about how strict that dates be correct.
--Steve
-----Original Message-----
From: Hans Zeller [mailto:[email protected]]
Sent: Thursday, January 25, 2018 2:49 PM
To: [email protected]
Subject: RE: [VOTE] Apache Trafodion release 2.2.0 RC 2
Hi Steve, does this really justify an entire new round? All the code (ok,
maybe only 99.98 %) for this release was written in 2017. The fact that we
voted in 2018, does that really justify an update to the copyright year?
-----Original Message-----
From: Steve Varnau [mailto:[email protected]]
Sent: Thursday, January 25, 2018 2:42 PM
To: [email protected]
Subject: RE: [VOTE] Apache Trafodion release 2.2.0 RC 2
It occurred to me that I missed something when I reviewed all those NOTICE
files (that are all the same).
The copyright line should be updated to include 2018.
Copyright 2015-2017 The Apache Software Foundation
Not certain if that is a legal showstopper, but it looks like an oversight we
should fix while we have the chance.
Changing my vote to -1.
--Steve
-----Original Message-----
From: Steve Varnau [mailto:[email protected]]
Sent: Thursday, January 25, 2018 12:39 PM
To: [email protected]
Subject: RE: [VOTE] Apache Trafodion release 2.2.0 RC 2
I checked signatures and checksums for all artifacts.
I ran RAT to check licenses.
I compared the source tarball to the 2.2.0rc2 label in git.
I did a quick review of LICENSE, NOTICE, README, RAT_README, .rat-
excludes in source tarball.
I did quick review of LICENSE and NOTICE in each of the binary tarballs.
I verified that there is no longer an incubating DISCLAIMER file in
any of the tarballs.
I did not actually build or test the source tarball.
I did not find any issues.
+1 for me.
--Steve
-----Original Message-----
From: Liu, Ming (Ming) [mailto:[email protected]]
Sent: Thursday, January 25, 2018 7:22 AM
To: [email protected]
Subject: [VOTE] Apache Trafodion release 2.2.0 RC 2
Hi to everyone in the Trafodion Community,
This is a call to vote on release 2.2.0 of Apache Trafodion .
This is a major release and includes over 300 fixes and some
important features. The highlights are all documented here:
https://cwiki.apache.org/confluence/display/TRAFODION/Release+2.2
They include :
* Trafodion graduates as top level Apache project
* DTM enhancements by porting EsgynDB DTM changes to Trafodion
* jdbcT4 for publish to maven central
* Trafodion Elasticity enhancements
* LOB support in JDBC
* RMS enhancements
* Bug fixes
JIRA Release Notes :
Trafodion 2.2 JIRA Release Notes
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318
620
&version=12338559
Highlights :
https://cwiki.apache.org/confluence/display/TRAFODION/Release+2.2
GIT info:
The tag for this candidate is "2.2.0rc2". Git repository: git://
git.apache.org/trafodion.git
Release artifacts :
https://dist.apache.org/repos/dist/dev/trafodion/trafodion-2.2.0-RC2
/ Artifacts are signed with my key : E1502B16 which is in
https://dist.apache.org/repos/dist/release/trafodion/KEYS
Instructions :
Installing Trafodion using convenience binaries using the Python
installer or install with Ambari :
http://trafodion.apache.org/docs/provisioning_guide/index.html
Setting up build environment and building from source :
https://cwiki.apache.org/confluence/display/TRAFODION/Create+Build+Env
i
ronment
https://cwiki.apache.org/confluence/display/TRAFODION/Build+Source
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Vote will be open until the community has had a chance to try out
the instructions and we get sufficient feedback ( at least 72
hours), unless cancelled.
Thanks,
Ming
