[jira] [Commented] (KNOX-1094) Knox loses inner exception in IllegalArgumentException issues during AD authentications
[
https://issues.apache.org/jira/browse/KNOX-1094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16241777#comment-16241777
]
Alberto Bortolan commented on KNOX-1094:
Hello [~moresandeep]
I've originally reported this issue to [~pbhag...@hortonworks.com] . The
message was:
{{java.lang.IllegalArgumentException: Hit NamingException:{color:#205081}
simple bind failed: myldapserver.mycompany.com:636{color}
at
org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.getUserDn(KnoxLdapRealm.java:733)
at
org.apache.shiro.realm.ldap.JndiLdapRealm.getLdapPrincipal(JndiLdapRealm.java:342)
at
org.apache.shiro.realm.ldap.JndiLdapRealm.queryForAuthenticationInfo(JndiLdapRealm.java:371)
at
org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:295)
(...)}}
This was caused by the LDAPS-connection not being trusted, impossible to
figure out in this case, since the NamingException completely hides any
LDAP-exceptions. “Simple bind failed” can be caused by any number of underlying
Exceptions.
> Knox loses inner exception in IllegalArgumentException issues during AD
> authentications
> ---
>
> Key: KNOX-1094
> URL: https://issues.apache.org/jira/browse/KNOX-1094
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
>Affects Versions: 0.12.0
>Reporter: Pravin Bhagade
> Fix For: 0.15.0
>
>
> Knox to use their Active Directory and noted that when
> IllegalArgumentException exceptions are raised from a specific point in the
> code, the inner exception is lost and make it difficult to diagnose the
> issue.
> {code:java}
> The exception is the one at line 733 of
> https://github.com/hortonworks/knox-release/blob/HDP-2.6.2.17-tag/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
>
> } catch (NamingException e) {
> throw new IllegalArgumentException("Hit NamingException: " + e.getMessage());
> {code}
> Is it possible to change the code to preserve the inner exception ( set the
> Throwable argument )?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (KNOX-1105) Provide indication that topologies were generated from simple descriptors
[ https://issues.apache.org/jira/browse/KNOX-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-1105: -- Fix Version/s: (was: 0.14.0) 0.15.0 > Provide indication that topologies were generated from simple descriptors > - > > Key: KNOX-1105 > URL: https://issues.apache.org/jira/browse/KNOX-1105 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Phil Zampino >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.15.0 > > Attachments: KNOX-1105.patch > > > When generating topology XML files, add a comment indicating that the XML > file was generated. > Also, mark the generated XML file as read-only. > Neither of these really prevents anyone from modifying them, but they may > offer a clue that it may not be a good idea. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1031) Apache Hadoop Timeline Server REST API support
[
https://issues.apache.org/jira/browse/KNOX-1031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-1031:
--
Fix Version/s: (was: 0.14.0)
0.15.0
> Apache Hadoop Timeline Server REST API support
> --
>
> Key: KNOX-1031
> URL: https://issues.apache.org/jira/browse/KNOX-1031
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
>Affects Versions: 0.13.0
> Environment: Apache Hadoop clusters, HortonWorks clusters, Cloudera
> clusters, MapR clusters
>Reporter: Pierre Beauvois
> Fix For: 0.15.0
>
> Attachments: KNOX-1031.001.patch
>
>
> Timeline Server REST API as documented here: [Timeline Server REST
> API|https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/TimelineServer.html#Timeline_Server_REST_API_v1]
> The TLS REST API provides a RESTful interface to a Timeline Server. It makes
> it easy to produce and consume messages, view the state of the cluster, and
> perform administrative actions
> This feature allow to call Timeline Server REST API through Knox. It could be
> enabled in your topology by adding the following sample:
> {code:java}
>
> TIMELINESERVER
> http://{timelineserver-host}:{timelineserver-port}
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (KNOX-1105) Provide indication that topologies were generated from simple descriptors
[ https://issues.apache.org/jira/browse/KNOX-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16242840#comment-16242840 ] Larry McCay commented on KNOX-1105: --- Given those limitations, [~pzampino], I am going to push this out to 0.15.0 release for now. It may be better to make the generation indicator a first class citizen of the topology schema. Between JAXB and Jersey it may be more trouble than its worth to marshal the comments and we may even be able to police the rewrite programmatically rather than only with file permissions at least within the API - if that makes sense. > Provide indication that topologies were generated from simple descriptors > - > > Key: KNOX-1105 > URL: https://issues.apache.org/jira/browse/KNOX-1105 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Phil Zampino >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.15.0 > > Attachments: KNOX-1105.patch > > > When generating topology XML files, add a comment indicating that the XML > file was generated. > Also, mark the generated XML file as read-only. > Neither of these really prevents anyone from modifying them, but they may > offer a clue that it may not be a good idea. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1032) Apache Hadoop Timeline Server UI support
[
https://issues.apache.org/jira/browse/KNOX-1032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-1032:
--
Fix Version/s: (was: 0.14.0)
0.15.0
> Apache Hadoop Timeline Server UI support
>
>
> Key: KNOX-1032
> URL: https://issues.apache.org/jira/browse/KNOX-1032
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
>Affects Versions: 0.13.0
> Environment: Apache Hadoop clusters, HortonWorks clusters, Cloudera
> clusters, MapR clusters
>Reporter: Pierre Beauvois
> Fix For: 0.15.0
>
> Attachments: KNOX-1032.001.patch
>
>
> Timeline Server web UI as documented here: [Timeline Server
> UI|https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/TimelineServer.html]
> The TLS UI access the generic historic information of applications. This
> addition should be a good value for Knox in the future.
> This feature allow to access the Timeline Server UI through Knox. It could be
> enabled in your topology by adding the following sample:
> {code:java}
>
> TIMELINESERVERUI
>
> http://{timelineserver-host}:{timelineserver-port}/applicationhistory
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Comment Edited] (KNOX-1105) Provide indication that topologies were generated from simple descriptors
[
https://issues.apache.org/jira/browse/KNOX-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16238424#comment-16238424
]
Phil Zampino edited comment on KNOX-1105 at 11/7/17 8:34 PM:
-
Added header comment to topology XML files generated from simple descriptors,
and set the same files as read-only.
The admin UI does not render the XML comments. It also does not honor the
read-only attribute set on the underlying topology file
({noformat}-r--r--r--{noformat}); it overwrites the file, and sets the owner
write flag ({noformat}-rw-r--r--{noformat}).
So, the admin UI needs to be addressed as part of this.
was (Author: pzampino):
Added header comment to topology XML files generated from simple descriptors,
and set the same files as read-only.
The admin UI does not render the XML comments. It also does not honor the
read-only attribute set on the underlying topology file (-r--r--r--); it
overwrites the file, and sets the owner write flag (-rw-r--r--).
So, the admin UI needs to be addressed as part of this.
> Provide indication that topologies were generated from simple descriptors
> -
>
> Key: KNOX-1105
> URL: https://issues.apache.org/jira/browse/KNOX-1105
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
>Reporter: Phil Zampino
>Assignee: Phil Zampino
> Labels: kip-8
> Fix For: 0.14.0
>
> Attachments: KNOX-1105.patch
>
>
> When generating topology XML files, add a comment indicating that the XML
> file was generated.
> Also, mark the generated XML file as read-only.
> Neither of these really prevents anyone from modifying them, but they may
> offer a clue that it may not be a good idea.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (KNOX-999) Document that service def are case sensitive for Knox UI
[
https://issues.apache.org/jira/browse/KNOX-999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-999:
-
Summary: Document that service def are case sensitive for Knox UI (was:
service def are case sensitive for Knox UI)
> Document that service def are case sensitive for Knox UI
>
>
> Key: KNOX-999
> URL: https://issues.apache.org/jira/browse/KNOX-999
> Project: Apache Knox
> Issue Type: Bug
> Components: Site
>Affects Versions: 0.12.0
>Reporter: Pravin Bhagade
> Labels: none
> Fix For: 0.14.0
>
>
> Currently, service def is case sensitive for Knox UI.
> Issue replication.
> Accessing SOLR UI using KNOX
> adding below service def in default.xml
> {quote}
> SOLR
> http://node3.openstacklocal:8983
>
> {quote}
> If we replace service "SOLR" by lower case "solr" it won't work. It should be
> upper case to work.
> it should be case insensitive, I was stumbled on it, it's now where mention
> service def are case sensitive.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (KNOX-1010) Remote Discovery of Knox Topology Configuration
[ https://issues.apache.org/jira/browse/KNOX-1010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16242103#comment-16242103 ] Phil Zampino commented on KNOX-1010: The current patch satisfies the requirement for this issue, but it will be refactored to leverage the product of KNOX-1107. > Remote Discovery of Knox Topology Configuration > --- > > Key: KNOX-1010 > URL: https://issues.apache.org/jira/browse/KNOX-1010 > Project: Apache Knox > Issue Type: Sub-task > Components: Server >Reporter: Phil Zampino >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.15.0 > > Attachments: KNOX-1010-001.patch, KNOX-1010.patch, > docker-sandbox.json, sandbox-providers.xml, zkupload.sh > > > To support HA deployments, Knox should be able to discover simple topology > descriptors and provider configuration remotely. > - Define the ZooKeeper structure for remote config (simple desc, externalized > provider) discovery > - Determine the best way to interact with ZooKeeper (REST, or some other > client binding) > - Simple descriptor discovery > - External provider config discovery -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Work started] (KNOX-1107) Remote Configuration Registry Client Service
[ https://issues.apache.org/jira/browse/KNOX-1107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on KNOX-1107 started by Phil Zampino. -- > Remote Configuration Registry Client Service > > > Key: KNOX-1107 > URL: https://issues.apache.org/jira/browse/KNOX-1107 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.15.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.15.0 > > > There are currently multiple ZooKeeper clients in Knox, in the form of HA > provider URL managers. > These clients have been added to Knox independently, each without concern for > the other. KNOX-1010 introduces yet another such client. > In order to manage the configuration of these clients, it would be good to > have a Client Service, from which these features can retrieve a ZooKeeper > client. > Furthermore, in the future, Knox may support additional configuration > registries (e.g., consul, etcd), which these features may wish to employ. If > this service is abstracted sufficiently, the underlying registry type can be > a simple configuration change. > In addition to managing security configuration for these clients, the service > may also be able to enforce some ACL constraints on referenced znodes (or > other registry entries) to mitigate the consumption of potentially untrusted > configuration. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1096) Documentation for HA-Enabled Services and Provider Config References
[ https://issues.apache.org/jira/browse/KNOX-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1096: --- Description: Make sure that Ambari ServiceDiscovery correctly supports scenarios involving HA-enabled Hadoop services. (was: Make sure that Ambari ServiceDiscovery correctly supports scenarios involving HA-enabled Hadoop services. This should also include some facility for handling the Knox HaProvider configuration dynamically during topology generation.) > Documentation for HA-Enabled Services and Provider Config References > > > Key: KNOX-1096 > URL: https://issues.apache.org/jira/browse/KNOX-1096 > Project: Apache Knox > Issue Type: Sub-task > Components: Site >Reporter: Larry McCay >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.14.0 > > > Make sure that Ambari ServiceDiscovery correctly supports scenarios involving > HA-enabled Hadoop services. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (KNOX-1105) Provide indication that topologies were generated from simple descriptors
[ https://issues.apache.org/jira/browse/KNOX-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16238424#comment-16238424 ] Phil Zampino edited comment on KNOX-1105 at 11/7/17 8:32 PM: - Added header comment to topology XML files generated from simple descriptors, and set the same files as read-only. The admin UI does not render the XML comments. It also does not honor the read-only attribute set on the underlying topology file (-r--r--r--); it overwrites the file, and sets the owner write flag (-rw-r--r--). So, the admin UI needs to be addressed as part of this. was (Author: pzampino): Added header comment to topology XML files generated from simple descriptors, and set the same files as read-only. > Provide indication that topologies were generated from simple descriptors > - > > Key: KNOX-1105 > URL: https://issues.apache.org/jira/browse/KNOX-1105 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Phil Zampino >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.14.0 > > Attachments: KNOX-1105.patch > > > When generating topology XML files, add a comment indicating that the XML > file was generated. > Also, mark the generated XML file as read-only. > Neither of these really prevents anyone from modifying them, but they may > offer a clue that it may not be a good idea. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KNOX-1096) Documentation for HA-Enabled Services and Provider Config References
[ https://issues.apache.org/jira/browse/KNOX-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16242121#comment-16242121 ] Larry McCay commented on KNOX-1096: --- Closed as a duplicate of KNOX-1103. Thanks, [~pzampino]! > Documentation for HA-Enabled Services and Provider Config References > > > Key: KNOX-1096 > URL: https://issues.apache.org/jira/browse/KNOX-1096 > Project: Apache Knox > Issue Type: Sub-task > Components: Site >Reporter: Larry McCay >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.14.0 > > > Make sure that Ambari ServiceDiscovery correctly supports scenarios involving > HA-enabled Hadoop services. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (KNOX-1110) Simple Descriptors Must Accommodate Application elements
Phil Zampino created KNOX-1110: -- Summary: Simple Descriptors Must Accommodate Application elements Key: KNOX-1110 URL: https://issues.apache.org/jira/browse/KNOX-1110 Project: Apache Knox Issue Type: Bug Components: Server Affects Versions: 0.14.0 Reporter: Phil Zampino Assignee: Phil Zampino Simple descriptors do no currently support application topology elements (e.g., knoxauth). The topology schema dictates that an application can have: * Exactly one name * Zero or more URLs * Zero or more params -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1109) DefaultDispatch should have extension points for customizing requests
[ https://issues.apache.org/jira/browse/KNOX-1109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-1109: -- Fix Version/s: 0.15.0 > DefaultDispatch should have extension points for customizing requests > - > > Key: KNOX-1109 > URL: https://issues.apache.org/jira/browse/KNOX-1109 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Jeff Storck >Assignee: Jeff Storck >Priority: Minor > Fix For: 0.15.0 > > > To customize requests, a developer must override default implementation > methods and possibly duplicate code. The default implementations should have > some extension points/methods that extending classes can implement without > having to override default functionality. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (KNOX-1096) Documentation for HA-Enabled Services and Provider Config References
[ https://issues.apache.org/jira/browse/KNOX-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay resolved KNOX-1096. --- Resolution: Duplicate > Documentation for HA-Enabled Services and Provider Config References > > > Key: KNOX-1096 > URL: https://issues.apache.org/jira/browse/KNOX-1096 > Project: Apache Knox > Issue Type: Sub-task > Components: Site >Reporter: Larry McCay >Assignee: Phil Zampino > Labels: kip-8 > Fix For: 0.14.0 > > > Make sure that Ambari ServiceDiscovery correctly supports scenarios involving > HA-enabled Hadoop services. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1110) Simple Descriptors Must Accommodate Application elements
[ https://issues.apache.org/jira/browse/KNOX-1110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1110: --- Attachment: KNOX-1110.patch Added support for applications in YAML and JSON simple descriptors, and the propagation thereof into the generated topology XML files. > Simple Descriptors Must Accommodate Application elements > > > Key: KNOX-1110 > URL: https://issues.apache.org/jira/browse/KNOX-1110 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Attachments: KNOX-1110.patch > > > Simple descriptors do no currently support application topology elements > (e.g., knoxauth). > The topology schema dictates that an application can have: > * Exactly one name > * Zero or more URLs > * Zero or more params -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Work started] (KNOX-1110) Simple Descriptors Must Accommodate Application elements
[ https://issues.apache.org/jira/browse/KNOX-1110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on KNOX-1110 started by Phil Zampino. -- > Simple Descriptors Must Accommodate Application elements > > > Key: KNOX-1110 > URL: https://issues.apache.org/jira/browse/KNOX-1110 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > > Simple descriptors do no currently support application topology elements > (e.g., knoxauth). > The topology schema dictates that an application can have: > * Exactly one name > * Zero or more URLs > * Zero or more params -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KNOX-1110) Simple Descriptors Must Accommodate Application elements
[ https://issues.apache.org/jira/browse/KNOX-1110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1110: --- Fix Version/s: 0.14.0 Status: Patch Available (was: In Progress) > Simple Descriptors Must Accommodate Application elements > > > Key: KNOX-1110 > URL: https://issues.apache.org/jira/browse/KNOX-1110 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0 >Reporter: Phil Zampino >Assignee: Phil Zampino > Fix For: 0.14.0 > > Attachments: KNOX-1110.patch > > > Simple descriptors do no currently support application topology elements > (e.g., knoxauth). > The topology schema dictates that an application can have: > * Exactly one name > * Zero or more URLs > * Zero or more params -- This message was sent by Atlassian JIRA (v6.4.14#64029)
