[ https://issues.apache.org/jira/browse/AMBARI-22950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-22950: ---------------------------------- Fix Version/s: (was: 2.70) 2.7.0 > SPNEGO service keytab is getting deleted upon deleting component from host > -------------------------------------------------------------------------- > > Key: AMBARI-22950 > URL: https://issues.apache.org/jira/browse/AMBARI-22950 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.7.0 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Critical > Fix For: 2.7.0 > > > spnego.service.keytab is getting deleted upon deleting components. > Steps to reproduce : > # Add additional "livy" component to some host in the cluster > # Delete added "livy" component > # Deletion of livy is deleting /etc/security/keytabs/spnego.service.keytab as > well > The cause of this is due to an invalid check to determine if a Kerberos > identity is a reference or no at > {code:title=org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer#getIdentitiesSkipReferences} > public List<KerberosIdentityDescriptor> getIdentitiesSkipReferences() { > return nullToEmpty(getIdentities()) > .stream() > .filter(identity -> !identity.getReferencedServiceName().isPresent() && > identity.getName() != null && !identity.getName().startsWith("/")) > .collect(toList()); > } > {code} > The fixed code should be > {code:title=org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer#getIdentitiesSkipReferences} > public List<KerberosIdentityDescriptor> getIdentitiesSkipReferences() { > return nullToEmpty(getIdentities()) > .stream() > .filter(identity -> !identity.getReferencedServiceName().isPresent() && > !identity.isReference()) .collect(toList()); > } > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)