[jira] [Updated] (AMBARI-25788) Ambari server keeps generating keytabs even with KerberosServerAction#OperationType.CREATE_MISSING option.

Wed, 30 Nov 2022 15:23:05 -0800 


     [ 
https://issues.apache.org/jira/browse/AMBARI-25788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

YUBI LEE updated AMBARI-25788:
------------------------------
    Description: 
!image-2022-12-01-07-59-28-503.png|width=649,height=302!

When regenerating keytabs, I found an issue that ambari server keeps generating 
new keytabs, not reusing already created keytabs even with "only regenerate 
keytabs for missing hosts and components" checkbox selected.
With investigation, I found that `cached_keytab_path` has all NULL value in 
`kerberos_principal`.

e.g.
{code:java}
mysql> select * from kerberos_principal;
+------------------------------------------------------------+------------+----------------------------------------------------------------------------------------------------+
| principal_name                                             | is_service | 
cached_keytab_path
                                                                        |
+------------------------------------------------------------+------------+----------------------------------------------------------------------------------------------------+
| HTTP/[email protected]           |          1 | NULL |
| HTTP/[email protected]           |          1 | NULL |
| HTTP/[email protected]           |          1 | NULL |
...
{code}
There is a bug in `CreateKeytabFilesServerAction#processIdentity`. It doesn't 
update `cached_keytab_path` if `previousCachedFilePath` is null.
I will make a PR for this soon.

  was:
 !image-2022-12-01-07-59-28-503.png! 

When regenerating keytabs, I found an issue that ambari server keeps generating 
new keytabs, not reusing already created keytabs even with "only regenerate 
keytabs for missing hosts and components" checkbox selected.
With investigation, I found that `cached_keytab_path` has all NULL value in 
`kerberos_principal`.

e.g.


{code}
mysql> select * from kerberos_principal;
+------------------------------------------------------------+------------+----------------------------------------------------------------------------------------------------+
| principal_name                                             | is_service | 
cached_keytab_path
                                                                        |
+------------------------------------------------------------+------------+----------------------------------------------------------------------------------------------------+
| HTTP/[email protected]           |          1 | NULL |
| HTTP/[email protected]           |          1 | NULL |
| HTTP/[email protected]           |          1 | NULL |
...
{code}

There is a bug in `CreateKeytabFilesServerAction#processIdentity`. It doesn't 
update `cached_keytab_path` if `previousCachedFilePath` is null.
I will make a PR for this soon.


> Ambari server keeps generating keytabs even with 
> KerberosServerAction#OperationType.CREATE_MISSING option.
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-25788
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25788
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.6
>         Environment: Ambari 2.7.6
>            Reporter: YUBI LEE
>            Priority: Major
>         Attachments: image-2022-12-01-07-59-28-503.png
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> !image-2022-12-01-07-59-28-503.png|width=649,height=302!
> When regenerating keytabs, I found an issue that ambari server keeps 
> generating new keytabs, not reusing already created keytabs even with "only 
> regenerate keytabs for missing hosts and components" checkbox selected.
> With investigation, I found that `cached_keytab_path` has all NULL value in 
> `kerberos_principal`.
> e.g.
> {code:java}
> mysql> select * from kerberos_principal;
> +------------------------------------------------------------+------------+----------------------------------------------------------------------------------------------------+
> | principal_name                                             | is_service | 
> cached_keytab_path
>                                                                         |
> +------------------------------------------------------------+------------+----------------------------------------------------------------------------------------------------+
> | HTTP/[email protected]           |          1 | NULL |
> | HTTP/[email protected]           |          1 | NULL |
> | HTTP/[email protected]           |          1 | NULL |
> ...
> {code}
> There is a bug in `CreateKeytabFilesServerAction#processIdentity`. It doesn't 
> update `cached_keytab_path` if `previousCachedFilePath` is null.
> I will make a PR for this soon.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to