[ 
https://issues.apache.org/jira/browse/AMBARI-22950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-22950:
----------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> SPNEGO service keytab is getting deleted upon deleting component from host
> --------------------------------------------------------------------------
>
>                 Key: AMBARI-22950
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22950
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 2.7.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> spnego.service.keytab is getting deleted upon deleting components.
> Steps to reproduce :
> # Add additional "livy" component to some host in the cluster
> # Delete added "livy" component
> # Deletion of livy is deleting /etc/security/keytabs/spnego.service.keytab as 
> well
> The cause of this is due to an invalid check to determine if a Kerberos 
> identity is a reference or no at 
> {code:title=org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer#getIdentitiesSkipReferences}
>   public List<KerberosIdentityDescriptor> getIdentitiesSkipReferences() {
>     return nullToEmpty(getIdentities())
>       .stream()
>       .filter(identity -> !identity.getReferencedServiceName().isPresent() && 
> identity.getName() != null && !identity.getName().startsWith("/"))
>       .collect(toList());
>   }
> {code}
> The fixed code should be
> {code:title=org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer#getIdentitiesSkipReferences}
>   public List<KerberosIdentityDescriptor> getIdentitiesSkipReferences() {
>     return nullToEmpty(getIdentities())
>       .stream()
> .filter(identity -> !identity.getReferencedServiceName().isPresent() && 
> !identity.isReference())      .collect(toList());
>   }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to