[
https://issues.apache.org/jira/browse/AMBARI-22950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-22950:
----------------------------------
Status: Patch Available (was: Open)
> SPNEGO service keytab is getting deleted upon deleting component from host
> --------------------------------------------------------------------------
>
> Key: AMBARI-22950
> URL: https://issues.apache.org/jira/browse/AMBARI-22950
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> spnego.service.keytab is getting deleted upon deleting components.
> Steps to reproduce :
> # Add additional "livy" component to some host in the cluster
> # Delete added "livy" component
> # Deletion of livy is deleting /etc/security/keytabs/spnego.service.keytab as
> well
> The cause of this is due to an invalid check to determine if a Kerberos
> identity is a reference or no at
> {code:title=org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer#getIdentitiesSkipReferences}
> public List<KerberosIdentityDescriptor> getIdentitiesSkipReferences() {
> return nullToEmpty(getIdentities())
> .stream()
> .filter(identity -> !identity.getReferencedServiceName().isPresent() &&
> identity.getName() != null && !identity.getName().startsWith("/"))
> .collect(toList());
> }
> {code}
> The fixed code should be
> {code:title=org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer#getIdentitiesSkipReferences}
> public List<KerberosIdentityDescriptor> getIdentitiesSkipReferences() {
> return nullToEmpty(getIdentities())
> .stream()
> .filter(identity -> !identity.getReferencedServiceName().isPresent() &&
> !identity.isReference()) .collect(toList());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
