[jira] [Updated] (AMBARI-18804) Manage Ambari principals should be set to off when upgrading Ambari from versions < 2.4.0

Mon, 07 Nov 2016 09:40:20 -0800 

     [ 
https://issues.apache.org/jira/browse/AMBARI-18804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-18804:
----------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

Committed to trunk
{noformat}
commit a17c3ed2f285df3c974c6fc5002e5ad728e45a56
Author: Robert Levas <[email protected]>
Date:   Mon Nov 7 12:35:42 2016 -0500
{noformat}

Committed to branch-2.5
{noformat}
commit fb86a2b67ce728054ea3f43f4f8a5ae65df36cc8
Author: Robert Levas <[email protected]>
Date:   Mon Nov 7 12:37:10 2016 -0500
{noformat}

Committed to branch-2.4
{noformat}
commit 3a0d571befd05615130ef3a63ce72f176dba60e8
Author: Robert Levas <[email protected]>
Date:   Mon Nov 7 12:38:25 2016 -0500
{noformat}


> Manage Ambari principals should be set to off when upgrading Ambari from 
> versions < 2.4.0
> -----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-18804
>                 URL: https://issues.apache.org/jira/browse/AMBARI-18804
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.4.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>             Fix For: 2.4.2
>
>         Attachments: AMBARI-18804_branch-2.4_01.patch, 
> AMBARI-18804_branch-2.5_01.patch, AMBARI-18804_trunk_01.patch
>
>
> Since users would have manually set up the Ambari principal after enabling 
> Kerberos using {{ambari-server setup-security}} {{option #3}} ("Setup Ambari 
> kerberos JAAS configuration") in Ambari versions before 2.4.0, there is no 
> need to configure Ambari to automatically manage its principals after an 
> upgrade to version 2.4.0 and above. 
> Therefore, upon upgrade to Ambari 2.4.0 or above, the upgrade process (in 
> {{UpgradeCatalog240}}) should ensure that 
> "kerberos-env/create_ambari_principal}} is set to "false".  By default this 
> value will be set to "true" after 
> {{org.apache.ambari.server.upgrade.AbstractUpgradeCatalog#addNewConfigurationsFromXml}}
>  is executed. 
> Note: This may have an effect on Ambari versions 2.4.2 and above if Kerberos 
> authentication is enabled and the SPNEGO ({{HTTP/_HOST}}) principal and 
> keytab file is already created and installed. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to