Robert Levas created AMBARI-18804:
-------------------------------------
Summary: Manage Ambari principals should be set to off when
upgrading Ambari from versions < 2.4.0
Key: AMBARI-18804
URL: https://issues.apache.org/jira/browse/AMBARI-18804
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.4.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.4.2
Since users would have manually set up the Ambari principal after enabling
Kerberos using {{ambari-server setup-security}} {{option #3}} ("Setup Ambari
kerberos JAAS configuration") in Ambari versions before 2.4.0, there is no need
to configure Ambari to automatically manage its principals after an upgrade to
version 2.4.0 and above.
Therefore, upon upgrade to Ambari 2.4.0 or above, the upgrade process (in
{{UpgradeCatalog240}}) should ensure that
"kerberos-env/create_ambari_principal}} is set to "false". By default this
value will be set to "true" after
{{org.apache.ambari.server.upgrade.AbstractUpgradeCatalog#addNewConfigurationsFromXml}}
is executed.
Note: This may have an effect on Ambari versions 2.4.2 and above if Kerberos
authentication is enabled and the SPNEGO ({{HTTP/_HOST}}) principal and keytab
file is already created and installed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
