Jonathan Hurley created AMBARI-16717:
----------------------------------------
Summary: Knox Gateway Uses Wrong Keystore After Upgrade
Key: AMBARI-16717
URL: https://issues.apache.org/jira/browse/AMBARI-16717
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.1.0
Reporter: Jonathan Hurley
Assignee: Jonathan Hurley
Priority: Critical
Fix For: 2.4.0
When upgrading Knox, the {{data}} directory and its security artifacts are not
copied over to the "versioned" data directory. This causes the {{gateway.jks}}
keystore to be automatically re-generated. If the installation was using a
custom keystore/certificate, then this will cause connections to be rejected
after a successful startup.
{code:title=Knox 2.2 -> 2.3.0.0}
/usr/hdp/current/knox-server/data -> /var/lib/knox/data
{code}
{code:title=Knox 2.3.2.0+}
/usr/hdp/current/knox-server/data -> /var/lib/knox/data-2.3.2.0-1234
{code}
As a result, after upgrading the {{/var/lib/knox/data-2.3.2.0-1234}} does not
contain any of the security artifacts from the prior version.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
