[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie
[ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Krishna Pandey updated KNOX-933: Attachment: KNOX-933_master_v2.patch > PicketLink Provider must set Secure and HTTPOnly flags on Cookie > > > Key: KNOX-933 > URL: https://issues.apache.org/jira/browse/KNOX-933 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Larry McCay >Assignee: Krishna Pandey > Labels: KIP-7 > Fix For: 0.13.0 > > Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch > > > The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, > but fails to set the HttpOnly and Secure flags to true. > This provider is not really supported anymore and isn't even documented but > we should make sure that all cookies have HttpOnly and Secure flags set. We > should separately consider deprecating and removing this provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KNOX-931) asType will not work for body filter when using IdentityAsserterFilter
[ https://issues.apache.org/jira/browse/KNOX-931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16011288#comment-16011288 ] Shi Wang commented on KNOX-931: --- Hi [~lmc...@apache.org], I attached the patch as well. Do you have any suggestion to replace the instanceof method? > asType will not work for body filter when using IdentityAsserterFilter > -- > > Key: KNOX-931 > URL: https://issues.apache.org/jira/browse/KNOX-931 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 0.11.0 >Reporter: Shi Wang >Assignee: Shi Wang > Fix For: 0.13.0 > > Attachments: > 0001-KNOX-931-asType-will-not-work-for-body-filter-when-u.patch > > > In IdentityAsserterHttpServletsWrapper.java, method getInputStream(), > The body will always be urlEncoded if the contentType is > "application/x-www-form-urlencoded" > And self defined filter that change "application/x-www-form-urlencoded" as > other contentType for requestbody will be invalid. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KNOX-822) In Knox can we capture Bytes transfered info in logs
[ https://issues.apache.org/jira/browse/KNOX-822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16011058#comment-16011058 ] Rajesh Chandramohan commented on KNOX-822: -- Kevin MinderTo dev@knox.apache.org Rajesh Chandramohan CC u...@knox.apache.org 15/12/16 at 6:35 AM Actually if you enable the properties shown in gateway-log4j.properties and restart you should get request/response sizes in a separate access log but unfortunately not the authenticated/mapped user. Keep in mind that the request length might be based on the request Content-Length header. The code involved is in gateway-server/src/main/java/org/apache/hadoop/gateway/trace and AccessHandler.java in particular. #log4j.logger.org.apache.hadoop.gateway.access=TRACE,httpaccess #log4j.additivity.org.apache.hadoop.gateway.access=false #log4j.appender.httpaccess=org.apache.log4j.DailyRollingFileAppender #log4j.appender.httpaccess.File=${app.log.dir}/${launcher.name}-http-access.log #log4j.appender.httpaccess.DatePattern=.-MM-dd #log4j.appender.httpaccess.layout=org.apache.log4j.PatternLayout #log4j.appender.httpaccess.layout.ConversionPattern=%d{ISO8601}|%t|%m%n > On Dec 14, 2016, at 11:15 PM, larry mccay wrote: > > Hello Rajesh - > > I don't think that we have any way to do this today. > There may be extension points in our metrics or in our audit logging to > capture payload sizes. > I imagine that the interesting place to do this would be in the dispatch > classes to capture what is being sent to and received from the backend > services. > > This would require some investigation to determine whether we can gather the > sizes and how best to capture them. > > I would suggest filing an improvement JIRA and continuing the discussion > there. > > Thanks for your interest in Knox! > > --larry > In Knox can we capture Bytes transfered info in logs > > > Key: KNOX-822 > URL: https://issues.apache.org/jira/browse/KNOX-822 > Project: Apache Knox > Issue Type: Wish > Components: Server >Affects Versions: 0.6.0, 0.7.0, 0.9.0, 0.10.0 >Reporter: Rajesh Chandramohan > > Hi Knox-team, > In knox can we capture the bytes transferred information along with file name > etc. This would help us to track how much transaction each users are doing > via knox , Any method or thoughts on this? > We make use of audit logs to capture each user how many transaction doing > per hr per day. But we like to capture the details of how much bytes per > transaction users are doing which will help us for various cases to manage > Hadoop and Knox better. Any thoughts on this ? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-928) Topology Port Mapping
[ https://issues.apache.org/jira/browse/KNOX-928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-928: -- Attachment: KNOX-928.003.patch Patch that addresses the recent review comments. > Topology Port Mapping > - > > Key: KNOX-928 > URL: https://issues.apache.org/jira/browse/KNOX-928 > Project: Apache Knox > Issue Type: New Feature > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More > Labels: KIP-6 > Fix For: 0.13.0 > > Attachments: KNOX-928.001.patch, KNOX-928.002.patch, > KNOX-928.003.patch > > > Instead of having a single "default topology" we can map topologies to > specific ports and have a dedicated URL without the gateway specific app > context. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox
[ https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Krisztian Horvath updated KNOX-941: --- Attachment: ranger-ha.bp > Ranger HA does not work through Knox > > > Key: KNOX-941 > URL: https://issues.apache.org/jira/browse/KNOX-941 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 0.11.0 >Reporter: Krisztian Horvath > Attachments: gateway.log, ranger_admin_compact.log, ranger-ha.bp, > services.xml > > > Ranger Admin runs in HA mode and knox is configured with: > {code} > > ha > HaProvider > true > > RANGERUI > > maxFailoverAttempts=3;failoverSleep=1000;enabled=true > > > > RANGERUI > http://ip-10-0-2-243.eu-west-1.compute.internal:6080 > http://ip-10-0-2-10.eu-west-1.compute.internal:6080 > > {code} > Knox keeps redirecting to the login page. In Ranger log I can see however the > login was successful so it accepted the credentials. Load-balancing works as > I stop one of the Ranger Admins I still can reach the UI, but cannot move on > from the login page. Might be some session issue. > Attached the knox topology and log file and ranger aggregated log. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox
[ https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Krisztian Horvath updated KNOX-941: --- Description: Ranger Admin runs in HA mode and knox is configured with: {code} ha HaProvider true RANGERUI maxFailoverAttempts=3;failoverSleep=1000;enabled=true RANGERUI http://ip-10-0-2-243.eu-west-1.compute.internal:6080 http://ip-10-0-2-10.eu-west-1.compute.internal:6080 {code} Knox keeps redirecting to the login page. In Ranger log I can see however the login was successful so it accepted the credentials. Load-balancing works as I stop one of the Ranger Admins I still can reach the UI, but cannot move on from the login page. Might be some session issue. Attached the knox topology and log file and ranger aggregated log. Ranger is installed with Ambari through Blueprints (see attachment) was: Ranger Admin runs in HA mode and knox is configured with: {code} ha HaProvider true RANGERUI maxFailoverAttempts=3;failoverSleep=1000;enabled=true RANGERUI http://ip-10-0-2-243.eu-west-1.compute.internal:6080 http://ip-10-0-2-10.eu-west-1.compute.internal:6080 {code} Knox keeps redirecting to the login page. In Ranger log I can see however the login was successful so it accepted the credentials. Load-balancing works as I stop one of the Ranger Admins I still can reach the UI, but cannot move on from the login page. Might be some session issue. Attached the knox topology and log file and ranger aggregated log. > Ranger HA does not work through Knox > > > Key: KNOX-941 > URL: https://issues.apache.org/jira/browse/KNOX-941 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 0.11.0 >Reporter: Krisztian Horvath > Attachments: gateway.log, ranger_admin_compact.log, ranger-ha.bp, > services.xml > > > Ranger Admin runs in HA mode and knox is configured with: > {code} > > ha > HaProvider > true > > RANGERUI > > maxFailoverAttempts=3;failoverSleep=1000;enabled=true > > > > RANGERUI > http://ip-10-0-2-243.eu-west-1.compute.internal:6080 > http://ip-10-0-2-10.eu-west-1.compute.internal:6080 > > {code} > Knox keeps redirecting to the login page. In Ranger log I can see however the > login was successful so it accepted the credentials. Load-balancing works as > I stop one of the Ranger Admins I still can reach the UI, but cannot move on > from the login page. Might be some session issue. > Attached the knox topology and log file and ranger aggregated log. > Ranger is installed with Ambari through Blueprints (see attachment) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox
[ https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Krisztian Horvath updated KNOX-941: --- Affects Version/s: 0.11.0 > Ranger HA does not work through Knox > > > Key: KNOX-941 > URL: https://issues.apache.org/jira/browse/KNOX-941 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 0.11.0 >Reporter: Krisztian Horvath > Attachments: gateway.log, ranger_admin_compact.log, services.xml > > > Ranger Admin runs in HA mode and knox is configured with: > {code} > > ha > HaProvider > true > > RANGERUI > > maxFailoverAttempts=3;failoverSleep=1000;enabled=true > > > > RANGERUI > http://ip-10-0-2-243.eu-west-1.compute.internal:6080 > http://ip-10-0-2-10.eu-west-1.compute.internal:6080 > > {code} > Knox keeps redirecting to the login page. In Ranger log I can see however the > login was successful so it accepted the credentials. Load-balancing works as > I stop one of the Ranger Admins I still can reach the UI, but cannot move on > from the login page. Might be some session issue. > Attached the knox topology and log file and ranger aggregated log. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (KNOX-941) Ranger HA does not work through Knox
Krisztian Horvath created KNOX-941: -- Summary: Ranger HA does not work through Knox Key: KNOX-941 URL: https://issues.apache.org/jira/browse/KNOX-941 Project: Apache Knox Issue Type: Bug Reporter: Krisztian Horvath Attachments: gateway.log, ranger_admin_compact.log, services.xml Ranger Admin runs in HA mode and knox is configured with: {code} ha HaProvider true RANGERUI maxFailoverAttempts=3;failoverSleep=1000;enabled=true RANGERUI http://ip-10-0-2-243.eu-west-1.compute.internal:6080 http://ip-10-0-2-10.eu-west-1.compute.internal:6080 {code} Knox keeps redirecting to the login page. In Ranger log I can see however the login was successful so it accepted the credentials. Load-balancing works as I stop one of the Ranger Admins I still can reach the UI, but cannot move on from the login page. Might be some session issue. Attached the knox topology and log file and ranger aggregated log. -- This message was sent by Atlassian JIRA (v6.3.15#6346)