[jira] [Commented] (AMBARI-23690) The UI should ignore Kerberos identity references when setting the user-supplied Kerberos descriptor

Fri, 27 Apr 2018 05:02:06 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-23690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16456269#comment-16456269
 ] 

Hudson commented on AMBARI-23690:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9135 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/9135/])
AMBARI-23690 The UI should ignore Kerberos identity references when 
(1963907+atkach: 
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=a890b8ce28c736410225349c25ec8f613929b6dc])
* (edit) ambari-web/app/controllers/main/admin/kerberos/wizard_controller.js
* (edit) 
ambari-web/test/controllers/main/admin/kerberos/kerberos_wizard_controler_test.js
* (edit) ambari-web/app/routes/add_kerberos_routes.js


> The UI should ignore Kerberos identity references when setting the 
> user-supplied Kerberos descriptor
> ----------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-23690
>                 URL: https://issues.apache.org/jira/browse/AMBARI-23690
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.7.0
>            Reporter: Andrii Tkach
>            Assignee: Andrii Tkach
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 2.7.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> The UI should ignore Kerberos identity references when setting the 
> user-supplied Kerberos descriptor.  
> For example, any Kerberos identity entry that contains a "reference" 
> attribute, should not be added to the JSON data stored in the cluster 
> artifact table, which represents the _user-supplied_ Kerberos descriptor. 
> Currently, there are a few errors in the current process:
> *Variables are being replaced*
> {code}
> {
>   "keytab": {
>     "configuration": 
> "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file",
>     "file": "/etc/security/keytabs/spnego.service.keytab"
>   },
>   "name": "mapreduce2_historyserver_spnego",
>   "principal": {
>     "configuration": 
> "mapred-site/mapreduce.jobhistory.webapp.spnego-principal",
>     "local_username": null,
>     "type": null,
>     "value": "HTTP/[email protected]"
>   },
>   "reference": "/spnego"
> }
> {code}
> This should be 
> {code}
> {
>   "keytab": {
>     "configuration": 
> "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file",
>     "file": "${keytab_dir}/spnego.service.keytab"
>   },
>   "name": "mapreduce2_historyserver_spnego",
>   "principal": {
>     "configuration": 
> "mapred-site/mapreduce.jobhistory.webapp.spnego-principal",
>     "local_username": null,
>     "type": null,
>     "value": "HTTP/[email protected]"
>   },
>   "reference": "/spnego"
> }
> {code}
> But really should be 
> {code}
> {
>   "keytab": {
>     "configuration": 
> "mapred-site/mapreduce.jobhistory.webapp.spnego-keytab-file"
>   },
>   "name": "mapreduce2_historyserver_spnego",
>   "principal": {
>     "configuration": 
> "mapred-site/mapreduce.jobhistory.webapp.spnego-principal"
>   },
>   "reference": "/spnego"
> }
> {code}
> *Incorrect variable replacement*
> Some replacement issue has occurred where the keytab _file_ and the principal 
> _name_ values have been swapped:
> {code}
> {
>   "keytab": {
>     "configuration": "hive-site/hive.server2.authentication.spnego.keytab",
>     "file": "HTTP/[email protected]"
>   },
>   "name": "hive_hive_server_spnego",
>   "principal": {
>     "configuration": "hive-site/hive.server2.authentication.spnego.principal",
>     "local_username": null,
>     "type": null,
>     "value": "/etc/security/keytabs/spnego.service.keytab"
>   },
>   "reference": "/spnego"
> },
> {code}
> And error that has resulted from this occurred while installing Hive into a 
> cluster where Kerberos was enabled:
> {noformat}
> 2018-04-18 19:30:24,557 - Failed to create principal, 
> /etc/security/keytabs/spnego.service.keytab - Failed to create service 
> principal for /etc/security/keytabs/spnego.service.keytab
> STDOUT: Authenticating as principal admin/[email protected] with existing 
> credentials.
> Principal "/etc/security/keytabs/[email protected]" created.
> STDERR: WARNING: no policy specified for 
> /etc/security/keytabs/[email protected]; defaulting to no 
> policy
> Administration credentials NOT DESTROYED.
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to