[jira] Subscription: Oozie Patch Available

[jira]

Issue Subscription
Filter: Oozie Patch Available (111 issues)

Subscriber: ooziedaily

Key Summary
OOZIE-3129  Fix test TestConfigurationService.testOozieConfig
https://issues-test.apache.org/jira/browse/OOZIE-3129
OOZIE-3127  Remove redundant check for user
https://issues-test.apache.org/jira/browse/OOZIE-3127
OOZIE-3126  Add option to allow list of users to access system config
https://issues-test.apache.org/jira/browse/OOZIE-3126
OOZIE-3121  bump all maven plugins to latest versions
https://issues-test.apache.org/jira/browse/OOZIE-3121
OOZIE-3118  fix for error: self-closing element not allowed
https://issues-test.apache.org/jira/browse/OOZIE-3118
OOZIE-3117  fix for warning: no @throws for
https://issues-test.apache.org/jira/browse/OOZIE-3117
OOZIE-3116  fix for warning: no description for @throws
https://issues-test.apache.org/jira/browse/OOZIE-3116
OOZIE-3115  fix for javadoc warning: empty  tag
https://issues-test.apache.org/jira/browse/OOZIE-3115
OOZIE-3113  Retry for ZK lock release
https://issues-test.apache.org/jira/browse/OOZIE-3113
OOZIE-3112  SparkConfigrationService overwrites properties provided via 
--properties-file option in SparkAction
https://issues-test.apache.org/jira/browse/OOZIE-3112
OOZIE-3105  testJMXInstrumentation from the 
org.apache.oozie.util.TestMetricsInstrumentation class is flaky
https://issues-test.apache.org/jira/browse/OOZIE-3105
OOZIE-3094  fix for grammar mistake
https://issues-test.apache.org/jira/browse/OOZIE-3094
OOZIE-3091  Oozie Sqoop Avro Import fails with "java.lang.NoClassDefFoundError: 
org/apache/avro/mapred/AvroWrapper"
https://issues-test.apache.org/jira/browse/OOZIE-3091
OOZIE-3083  Make improved version Info backward compatible
https://issues-test.apache.org/jira/browse/OOZIE-3083
OOZIE-3071  Oozie 4.3 Spark sharelib ueses a different version of commons-lang3 
than Spark 2.2.0
https://issues-test.apache.org/jira/browse/OOZIE-3071
OOZIE-3063  Sanitizing variables that are part of openjpa.ConnectionProperties
https://issues-test.apache.org/jira/browse/OOZIE-3063
OOZIE-3062  Set HADOOP_CONF_DIR for spark action
https://issues-test.apache.org/jira/browse/OOZIE-3062
OOZIE-3002  address findbugs errors in client lib
https://issues-test.apache.org/jira/browse/OOZIE-3002
OOZIE-2975  code clean up in pig sharelib, replace Exception with more 
explicit, add try with resources, StringBuilder instead of StringBuffer
https://issues-test.apache.org/jira/browse/OOZIE-2975
OOZIE-2973  Make sure Oozie works with Hadoop 3 
https://issues-test.apache.org/jira/browse/OOZIE-2973
OOZIE-2969  Drop support for Java 1.7
https://issues-test.apache.org/jira/browse/OOZIE-2969
OOZIE-2957  Documentation states that starting a coordinator is possible
https://issues-test.apache.org/jira/browse/OOZIE-2957
OOZIE-2956  Fix Findbugs warnings related to reliance on default encoding in 
oozie-core
https://issues-test.apache.org/jira/browse/OOZIE-2956
OOZIE-2955  Fix Findbugs warnings related to reliance on default encoding in 
oozie-client
https://issues-test.apache.org/jira/browse/OOZIE-2955
OOZIE-2954  Fix Checkstyle issues in oozie-client
https://issues-test.apache.org/jira/browse/OOZIE-2954
OOZIE-2953  Fix Checkstyle issues in oozie-tools
https://issues-test.apache.org/jira/browse/OOZIE-2953
OOZIE-2952  Fix Findbugs warnings in oozie-sharelib-oozie
https://issues-test.apache.org/jira/browse/OOZIE-2952
OOZIE-2949  Escape quotes whitespaces in Sqoop  field
https://issues-test.apache.org/jira/browse/OOZIE-2949
OOZIE-2942  Fix Findbugs warnings in oozie-examples
https://issues-test.apache.org/jira/browse/OOZIE-2942
OOZIE-2937  Remove redundant groupId from the child pom's
https://issues-test.apache.org/jira/browse/OOZIE-2937
OOZIE-2934  Fix "Exceptional return value of java.io.File.mkdirs() ignored" 
Findbugs error in oozie-sharelib-spark
https://issues-test.apache.org/jira/browse/OOZIE-2934
OOZIE-2927  Append new line character for Hive2 query using query tag
https://issues-test.apache.org/jira/browse/OOZIE-2927
OOZIE-2914  Consolidate Trim 
https://issues-test.apache.org/jira/browse/OOZIE-2914
OOZIE-2883  OOZIE throw the error "Missing 
[oozie.service.ProxyUserService.proxyuser.oozie.service.ProxyUserService.proxyuser.mr.groups]
 property"
https://issues-test.apache.org/jira/browse/OOZIE-2883
OOZIE-2877  Oozie Git Action
https://issues-test.apache.org/jira/browse/OOZIE-2877
OOZIE-2867  Timezone handling for Coordinators: emphasize "Continent/City" 
format
https://issues-test.apache.org/jira/browse/OOZIE-2867
OOZIE-2834  ParameterVerifier logging 

[jira] Subscription: Oozie Patch Available

[jira]

Issue Subscription
Filter: Oozie Patch Available (103 issues)

Subscriber: ooziedaily

Key Summary
OOZIE-3168  Remove -secure option from DG_QuickStart.twiki and from 
oozie-setup.sh 
https://issues.apache.org/jira/browse/OOZIE-3168
OOZIE-3163  improve documentation rendering: use fluido skin and better config
https://issues.apache.org/jira/browse/OOZIE-3163
OOZIE-3157  Setup truststore so that it also works in HTTP only mode
https://issues.apache.org/jira/browse/OOZIE-3157
OOZIE-3135  Configure log4j2 in SqoopMain
https://issues.apache.org/jira/browse/OOZIE-3135
OOZIE-3121  bump all maven plugins to latest versions
https://issues.apache.org/jira/browse/OOZIE-3121
OOZIE-3105  testJMXInstrumentation from the 
org.apache.oozie.util.TestMetricsInstrumentation class is flaky
https://issues.apache.org/jira/browse/OOZIE-3105
OOZIE-3094  fix for grammar mistake
https://issues.apache.org/jira/browse/OOZIE-3094
OOZIE-3091  Oozie Sqoop Avro Import fails with "java.lang.NoClassDefFoundError: 
org/apache/avro/mapred/AvroWrapper"
https://issues.apache.org/jira/browse/OOZIE-3091
OOZIE-3071  Oozie 4.3 Spark sharelib ueses a different version of commons-lang3 
than Spark 2.2.0
https://issues.apache.org/jira/browse/OOZIE-3071
OOZIE-3063  Sanitizing variables that are part of openjpa.ConnectionProperties
https://issues.apache.org/jira/browse/OOZIE-3063
OOZIE-3062  Set HADOOP_CONF_DIR for spark action
https://issues.apache.org/jira/browse/OOZIE-3062
OOZIE-3002  address findbugs errors in client lib
https://issues.apache.org/jira/browse/OOZIE-3002
OOZIE-2975  code clean up in pig sharelib, replace Exception with more 
explicit, add try with resources, StringBuilder instead of StringBuffer
https://issues.apache.org/jira/browse/OOZIE-2975
OOZIE-2957  Documentation states that starting a coordinator is possible
https://issues.apache.org/jira/browse/OOZIE-2957
OOZIE-2956  Fix Findbugs warnings related to reliance on default encoding in 
oozie-core
https://issues.apache.org/jira/browse/OOZIE-2956
OOZIE-2955  Fix Findbugs warnings related to reliance on default encoding in 
oozie-client
https://issues.apache.org/jira/browse/OOZIE-2955
OOZIE-2954  Fix Checkstyle issues in oozie-client
https://issues.apache.org/jira/browse/OOZIE-2954
OOZIE-2953  Fix Checkstyle issues in oozie-tools
https://issues.apache.org/jira/browse/OOZIE-2953
OOZIE-2952  Fix Findbugs warnings in oozie-sharelib-oozie
https://issues.apache.org/jira/browse/OOZIE-2952
OOZIE-2949  Escape quotes whitespaces in Sqoop  field
https://issues.apache.org/jira/browse/OOZIE-2949
OOZIE-2942  Fix Findbugs warnings in oozie-examples
https://issues.apache.org/jira/browse/OOZIE-2942
OOZIE-2937  Remove redundant groupId from the child pom's
https://issues.apache.org/jira/browse/OOZIE-2937
OOZIE-2934  Fix "Exceptional return value of java.io.File.mkdirs() ignored" 
Findbugs error in oozie-sharelib-spark
https://issues.apache.org/jira/browse/OOZIE-2934
OOZIE-2927  Append new line character for Hive2 query using query tag
https://issues.apache.org/jira/browse/OOZIE-2927
OOZIE-2914  Consolidate Trim 
https://issues.apache.org/jira/browse/OOZIE-2914
OOZIE-2883  OOZIE throw the error "Missing 
[oozie.service.ProxyUserService.proxyuser.oozie.service.ProxyUserService.proxyuser.mr.groups]
 property"
https://issues.apache.org/jira/browse/OOZIE-2883
OOZIE-2877  Oozie Git Action
https://issues.apache.org/jira/browse/OOZIE-2877
OOZIE-2867  Timezone handling for Coordinators: emphasize "Continent/City" 
format
https://issues.apache.org/jira/browse/OOZIE-2867
OOZIE-2834  ParameterVerifier logging non-useful warning for workflow definition
https://issues.apache.org/jira/browse/OOZIE-2834
OOZIE-2833  when using uber mode the regex pattern used in the 
extractHeapSizeMB method does not allow heap sizes specified in bytes.
https://issues.apache.org/jira/browse/OOZIE-2833
OOZIE-2829  Improve sharelib upload to accept multiple source folders
https://issues.apache.org/jira/browse/OOZIE-2829
OOZIE-2826  Falcon feed fails to aws s3; Oozie joda time version does not meet 
required jar version 2.2 or later
https://issues.apache.org/jira/browse/OOZIE-2826
OOZIE-2812  SparkConfigurationService should support loading configurations 
from multiple Spark versions
https://issues.apache.org/jira/browse/OOZIE-2812
OOZIE-2795  Create lib directory or symlink for Oozie CLI during packaging
https://issues.apache.org/jira/browse/OOZIE-2795
OOZIE-2791  ShareLib installation may fail on busy Hadoop clusters
https://issues.apache.org/jira/browse/OOZIE-2791
OOZIE-2784  Include WEEK as a parameter in the 

Re: [VOTE] Release Oozie 4.3.1 (candidate 2)

[satish saley]

Thank you Robert. I will add that patch.I have java 1.8.0_101-b13, but I didn't 
face any issues. I will check with Java 8u91 before and after patch.
@Artem, you can use 4.3 branch https://github.com/apache/oozie/tree/branch-4.3 
. I haven't created separate branch for this release. 

 

On Wednesday, January 24, 2018 5:50 PM, Robert Kanter 
 wrote:
 

 Here's what I did:
- Verified md5
- Verified signature (gpg)
- Looked at rat report
- Looked at release log
- Verified Tomcat is version 6.0.53
- Built Oozie against Hadoop 2.7.2, using an empty local maven repo


I ran into another problem: OOZIE-2533.  Basically, newer versions of Java
+ newer versions of Tomcat 6 break JSP compilation so the Oozie Web UI is
completely broken.  The JIRA cites Java 8u91 and later, but I still ran
into this even when I tried with Java 7u79.  I guess whatever breaks this
in 8u91 must have been backported to 7u79.  I heard that it was for some
Java security fix so there's not a lot of detail on it.  Applying the patch
from OOZIE-2533 appears to fix it.  We've actually been using that patch in
CDH for almost 2 years now.  I apologize for forgetting about this when I
reported that we should upgrade Tomcat in RC1.  The patch is pretty minor
and basically just replaces the jsp page with a static html page.  The only
downside is that the SLA, Instrumentation, and Metrics pages are always
showing, even if those features are disabled (because that's what JSP was
used for).


- Robert

On Wed, Jan 24, 2018 at 4:18 PM, Artem Ervits  wrote:

> Satish, I have ansible scripts to pull a git branch and run through
> mkdistro and install steps and I wrote another recipe to stand up a cluster
> based on binary release. The problem I just realized is that my compile
> from source script relies on a branch which doesn't exist, is it your
> private repo? If so, can you publish that and I'll test it with my script?
> Otherwise, can you publish the binary release and I'll try to test it as
> well. I have more confidence with compile from source script but that won't
> work on 4.3.1 until you create the branch on github. That said, results of
> my test are the following
>
> verified md5 +1
> tried to build with
>
> *bin/mkdistro.sh -DskipTests -Dhadoop.version=2.7.5*
>
> found the following error
>
> Downloading:
> http://repo1.maven.org/maven2/org/apache/apache-jar-
> resource-bundle/1.4/apache-jar-resource-bundle-1.4.jar
> Downloaded:
> http://repo1.maven.org/maven2/org/apache/apache-jar-
> resource-bundle/1.4/apache-jar-resource-bundle-1.4.jar
> (13 KB at 325.1 KB/sec)
> [INFO]
> 
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Apache Oozie Main . FAILURE
> [24.265s]
> [INFO] Apache Oozie Hadoop Utils hadoop-2-4.3.1 .. SKIPPED
> [INFO] Apache Oozie Hadoop Distcp hadoop-2-4.3.1 . SKIPPED
> [INFO] Apache Oozie Hadoop Auth hadoop-2-4.3.1 Test .. SKIPPED
> [INFO] Apache Oozie Hadoop Libs .. SKIPPED
> [INFO] Apache Oozie Client ... SKIPPED
> [INFO] Apache Oozie Share Lib Oozie .. SKIPPED
> [INFO] Apache Oozie Share Lib HCatalog ... SKIPPED
> [INFO] Apache Oozie Share Lib Distcp . SKIPPED
> [INFO] Apache Oozie Core . SKIPPED
> [INFO] Apache Oozie Share Lib Streaming .. SKIPPED
> [INFO] Apache Oozie Share Lib Pig  SKIPPED
> [INFO] Apache Oozie Share Lib Hive ... SKIPPED
> [INFO] Apache Oozie Share Lib Hive 2 . SKIPPED
> [INFO] Apache Oozie Share Lib Sqoop .. SKIPPED
> [INFO] Apache Oozie Examples . SKIPPED
> [INFO] Apache Oozie Share Lib Spark .. SKIPPED
> [INFO] Apache Oozie Share Lib  SKIPPED
> [INFO] Apache Oozie Docs . SKIPPED
> [INFO] Apache Oozie WebApp ... SKIPPED
> [INFO] Apache Oozie Tools  SKIPPED
> [INFO] Apache Oozie MiniOozie  SKIPPED
> [INFO] Apache Oozie Distro ... SKIPPED
> [INFO] Apache Oozie ZooKeeper Security Tests . SKIPPED
> [INFO]
> 
> [INFO] BUILD FAILURE
> [INFO]
> 
> [INFO] Total time: 55.955s
> [INFO] Finished at: Thu Jan 25 00:14:08 UTC 2018
> [INFO] Final Memory: 20M/48M
> [INFO]
> 
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-remote-resources-plugin:1.5:process
> (default) on project oozie-main: Error finding remote resources manifests:
> 

Re: [VOTE] Release Oozie 4.3.1 (candidate 2)

[Robert Kanter]

Here's what I did:
- Verified md5
- Verified signature (gpg)
- Looked at rat report
- Looked at release log
- Verified Tomcat is version 6.0.53
- Built Oozie against Hadoop 2.7.2, using an empty local maven repo


I ran into another problem: OOZIE-2533.  Basically, newer versions of Java
+ newer versions of Tomcat 6 break JSP compilation so the Oozie Web UI is
completely broken.  The JIRA cites Java 8u91 and later, but I still ran
into this even when I tried with Java 7u79.  I guess whatever breaks this
in 8u91 must have been backported to 7u79.  I heard that it was for some
Java security fix so there's not a lot of detail on it.  Applying the patch
from OOZIE-2533 appears to fix it.  We've actually been using that patch in
CDH for almost 2 years now.  I apologize for forgetting about this when I
reported that we should upgrade Tomcat in RC1.  The patch is pretty minor
and basically just replaces the jsp page with a static html page.  The only
downside is that the SLA, Instrumentation, and Metrics pages are always
showing, even if those features are disabled (because that's what JSP was
used for).


- Robert

On Wed, Jan 24, 2018 at 4:18 PM, Artem Ervits  wrote:

> Satish, I have ansible scripts to pull a git branch and run through
> mkdistro and install steps and I wrote another recipe to stand up a cluster
> based on binary release. The problem I just realized is that my compile
> from source script relies on a branch which doesn't exist, is it your
> private repo? If so, can you publish that and I'll test it with my script?
> Otherwise, can you publish the binary release and I'll try to test it as
> well. I have more confidence with compile from source script but that won't
> work on 4.3.1 until you create the branch on github. That said, results of
> my test are the following
>
> verified md5 +1
> tried to build with
>
> *bin/mkdistro.sh -DskipTests -Dhadoop.version=2.7.5*
>
> found the following error
>
> Downloading:
> http://repo1.maven.org/maven2/org/apache/apache-jar-
> resource-bundle/1.4/apache-jar-resource-bundle-1.4.jar
> Downloaded:
> http://repo1.maven.org/maven2/org/apache/apache-jar-
> resource-bundle/1.4/apache-jar-resource-bundle-1.4.jar
> (13 KB at 325.1 KB/sec)
> [INFO]
> 
> [INFO] Reactor Summary:
> [INFO]
> [INFO] Apache Oozie Main . FAILURE
> [24.265s]
> [INFO] Apache Oozie Hadoop Utils hadoop-2-4.3.1 .. SKIPPED
> [INFO] Apache Oozie Hadoop Distcp hadoop-2-4.3.1 . SKIPPED
> [INFO] Apache Oozie Hadoop Auth hadoop-2-4.3.1 Test .. SKIPPED
> [INFO] Apache Oozie Hadoop Libs .. SKIPPED
> [INFO] Apache Oozie Client ... SKIPPED
> [INFO] Apache Oozie Share Lib Oozie .. SKIPPED
> [INFO] Apache Oozie Share Lib HCatalog ... SKIPPED
> [INFO] Apache Oozie Share Lib Distcp . SKIPPED
> [INFO] Apache Oozie Core . SKIPPED
> [INFO] Apache Oozie Share Lib Streaming .. SKIPPED
> [INFO] Apache Oozie Share Lib Pig  SKIPPED
> [INFO] Apache Oozie Share Lib Hive ... SKIPPED
> [INFO] Apache Oozie Share Lib Hive 2 . SKIPPED
> [INFO] Apache Oozie Share Lib Sqoop .. SKIPPED
> [INFO] Apache Oozie Examples . SKIPPED
> [INFO] Apache Oozie Share Lib Spark .. SKIPPED
> [INFO] Apache Oozie Share Lib  SKIPPED
> [INFO] Apache Oozie Docs . SKIPPED
> [INFO] Apache Oozie WebApp ... SKIPPED
> [INFO] Apache Oozie Tools  SKIPPED
> [INFO] Apache Oozie MiniOozie  SKIPPED
> [INFO] Apache Oozie Distro ... SKIPPED
> [INFO] Apache Oozie ZooKeeper Security Tests . SKIPPED
> [INFO]
> 
> [INFO] BUILD FAILURE
> [INFO]
> 
> [INFO] Total time: 55.955s
> [INFO] Finished at: Thu Jan 25 00:14:08 UTC 2018
> [INFO] Final Memory: 20M/48M
> [INFO]
> 
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-remote-resources-plugin:1.5:process
> (default) on project oozie-main: Error finding remote resources manifests:
> /opt/oozie/oozie-4.3.1/target/maven-shared-archive-
> resources/META-INF/NOTICE
> (No such file or directory) -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e
> switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the 

Re: [VOTE] Release Oozie 4.3.1 (candidate 2)

[Artem Ervits]

Satish, I have ansible scripts to pull a git branch and run through
mkdistro and install steps and I wrote another recipe to stand up a cluster
based on binary release. The problem I just realized is that my compile
from source script relies on a branch which doesn't exist, is it your
private repo? If so, can you publish that and I'll test it with my script?
Otherwise, can you publish the binary release and I'll try to test it as
well. I have more confidence with compile from source script but that won't
work on 4.3.1 until you create the branch on github. That said, results of
my test are the following

verified md5 +1
tried to build with

*bin/mkdistro.sh -DskipTests -Dhadoop.version=2.7.5*

found the following error

Downloading:
http://repo1.maven.org/maven2/org/apache/apache-jar-resource-bundle/1.4/apache-jar-resource-bundle-1.4.jar
Downloaded:
http://repo1.maven.org/maven2/org/apache/apache-jar-resource-bundle/1.4/apache-jar-resource-bundle-1.4.jar
(13 KB at 325.1 KB/sec)
[INFO]

[INFO] Reactor Summary:
[INFO]
[INFO] Apache Oozie Main . FAILURE [24.265s]
[INFO] Apache Oozie Hadoop Utils hadoop-2-4.3.1 .. SKIPPED
[INFO] Apache Oozie Hadoop Distcp hadoop-2-4.3.1 . SKIPPED
[INFO] Apache Oozie Hadoop Auth hadoop-2-4.3.1 Test .. SKIPPED
[INFO] Apache Oozie Hadoop Libs .. SKIPPED
[INFO] Apache Oozie Client ... SKIPPED
[INFO] Apache Oozie Share Lib Oozie .. SKIPPED
[INFO] Apache Oozie Share Lib HCatalog ... SKIPPED
[INFO] Apache Oozie Share Lib Distcp . SKIPPED
[INFO] Apache Oozie Core . SKIPPED
[INFO] Apache Oozie Share Lib Streaming .. SKIPPED
[INFO] Apache Oozie Share Lib Pig  SKIPPED
[INFO] Apache Oozie Share Lib Hive ... SKIPPED
[INFO] Apache Oozie Share Lib Hive 2 . SKIPPED
[INFO] Apache Oozie Share Lib Sqoop .. SKIPPED
[INFO] Apache Oozie Examples . SKIPPED
[INFO] Apache Oozie Share Lib Spark .. SKIPPED
[INFO] Apache Oozie Share Lib  SKIPPED
[INFO] Apache Oozie Docs . SKIPPED
[INFO] Apache Oozie WebApp ... SKIPPED
[INFO] Apache Oozie Tools  SKIPPED
[INFO] Apache Oozie MiniOozie  SKIPPED
[INFO] Apache Oozie Distro ... SKIPPED
[INFO] Apache Oozie ZooKeeper Security Tests . SKIPPED
[INFO]

[INFO] BUILD FAILURE
[INFO]

[INFO] Total time: 55.955s
[INFO] Finished at: Thu Jan 25 00:14:08 UTC 2018
[INFO] Final Memory: 20M/48M
[INFO]

[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-remote-resources-plugin:1.5:process
(default) on project oozie-main: Error finding remote resources manifests:
/opt/oozie/oozie-4.3.1/target/maven-shared-archive-resources/META-INF/NOTICE
(No such file or directory) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

ERROR, Oozie distro creation failed

again, I just wrote this ansible script and may have missed something.

Thanks

On Wed, Jan 24, 2018 at 2:05 PM, Rohini Palaniswamy 
wrote:

> +1 (binding)
>
> - Verified md5, signature, release log and rat report
> - Ran the unit tests and they are good.
> - Executed a simple workflow
> - Verified that the tomcat is now 6.0.53
>
> Regards,
> Rohini
>
> On Tue, Jan 23, 2018 at 4:27 PM, Satish Saley 
> wrote:
>
> > Hi,
> >
> > I have created a build for Oozie 4.3.1, candidate 2.
> >
> > It includes all the changes decided earlier except OOZIE-3018 and
> > OOZIE-3072. OOZIE-3018 makes changes to SchemaCheckerService which we are
> > not picking. OOZIE-3072 makes changes to files created in OOZIE-1770.
> >
> > Keys to verify the signature of the release artifact are available at
> >   http://www.apache.org/dist/oozie/KEYS
> >
> > Please download, test, and try it out:
> >
> > http://people.apache.org/~satishsaley/oozie-4.3.1-rc-2/
> >
> >
> > The release, md5 signature, gpg signature, and rat report can be found at
> > the above address.
> >
> > Vote closes on 01/26/2018 11:59 PM PT.
> >
>

[jira] [Commented] (OOZIE-3163) improve documentation rendering: use fluido skin and better config

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16338157#comment-16338157
 ] 

Hadoop QA commented on OOZIE-3163:
--


Testing JIRA OOZIE-3163

Cleaning local git workspace



{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any line longer than 
132
.{color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT 
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} the patch does not seem to introduce new Javadoc 
warnings
.{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s)
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac 
warnings
{color:green}+1{color} There are no new bugs found in total.
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:green}+1{color} There are no new bugs found in [sharelib/distcp].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive].
. {color:green}+1{color} There are no new bugs found in [sharelib/spark].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive2].
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:green}+1{color} There are no new bugs found in [sharelib/pig].
. {color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
. {color:green}+1{color} There are no new bugs found in [sharelib/oozie].
. {color:green}+1{color} There are no new bugs found in [examples].
. {color:green}+1{color} There are no new bugs found in [client].
. {color:green}+1{color} There are no new bugs found in [core].
. {color:green}+1{color} There are no new bugs found in [tools].
. {color:green}+1{color} There are no new bugs found in [server].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA 
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:green}+1 TESTS{color}
.Tests run: 2087
.{color:orange}Tests failed at first run:{color}
TestJavaActionExecutor#testCredentialsSkip
TestJMSJobEventListener#testConnectionDrop
TestCoordMaterializeTriggerService#testCoordMaterializeTriggerService3
.For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
{color:green}+1 DISTRO{color}
.{color:green}+1{color} distro tarball builds with the patch 


{color:red}*-1 Overall result, please check the reported -1(s)*{color}

{color:red}. There is at least one warning, please check{color}

The full output of the test-patch run is available at

. https://builds.apache.org/job/PreCommit-OOZIE-Build/347/



> improve documentation rendering: use fluido skin and better config
> --
>
> Key: OOZIE-3163
> URL: https://issues.apache.org/jira/browse/OOZIE-3163
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Assignee: Hervé Boutemy
>Priority: Major
> Fix For: 5.0.0
>
> Attachments: 34.patch
>
>
> Current output is really ugly: as Maven maintainer, I can't let Oozie with 
> such awful result :)
> Even with old maven-site-plugin 2.0-beta-6 (we'll see later how to upgrade), 
> using Fluido skin would improve output a lot
> Pull Request coming



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Failed: OOZIE-3163 PreCommit Build #347

[Apache Jenkins Server]

Jira: https://issues.apache.org/jira/browse/OOZIE-3163
Build: https://builds.apache.org/job/PreCommit-OOZIE-Build/347/

###
## LAST 100 LINES OF THE CONSOLE 
###
[...truncated 1.58 MB...]
[DEBUG] There are no new bugs found in [sharelib/sqoop].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/oozie].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [examples].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [client].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [core].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [tools].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [server].
[INFO] There are no new bugs found totally].
[TRACE] FindBugs diffs checked and reports created
[TRACE] Summary file size is 2187 bytes
[TRACE] Full summary file size is 1248 bytes
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar]
 removed
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar.md5sum]
 removed
  Running test-patch task BACKWARDS_COMPATIBILITY
  Running test-patch task TESTS
  Running test-patch task DISTRO


Testing JIRA OOZIE-3163

Cleaning local git workspace



+1 PATCH_APPLIES
+1 CLEAN
-1 RAW_PATCH_ANALYSIS
+1 the patch does not introduce any @author tags
+1 the patch does not introduce any tabs
+1 the patch does not introduce any trailing spaces
+1 the patch does not introduce any line longer than 132
-1 the patch does not add/modify any testcase
+1 RAT
+1 the patch does not seem to introduce new RAT warnings
+1 JAVADOC
+1 the patch does not seem to introduce new Javadoc warnings
WARNING: the current HEAD has 100 Javadoc warning(s)
+1 COMPILE
+1 HEAD compiles
+1 patch compiles
+1 the patch does not seem to introduce new javac warnings
+1 There are no new bugs found in total.
 +1 There are no new bugs found in [docs].
 +1 There are no new bugs found in [sharelib/distcp].
 +1 There are no new bugs found in [sharelib/hive].
 +1 There are no new bugs found in [sharelib/spark].
 +1 There are no new bugs found in [sharelib/hive2].
 +1 There are no new bugs found in [sharelib/hcatalog].
 +1 There are no new bugs found in [sharelib/streaming].
 +1 There are no new bugs found in [sharelib/pig].
 +1 There are no new bugs found in [sharelib/sqoop].
 +1 There are no new bugs found in [sharelib/oozie].
 +1 There are no new bugs found in [examples].
 +1 There are no new bugs found in [client].
 +1 There are no new bugs found in [core].
 +1 There are no new bugs found in [tools].
 +1 There are no new bugs found in [server].
+1 BACKWARDS_COMPATIBILITY
+1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient 
annotations
+1 the patch does not modify JPA files
+1 TESTS
Tests run: 2087
Tests failed at first run:
TestJavaActionExecutor#testCredentialsSkip
TestJMSJobEventListener#testConnectionDrop
TestCoordMaterializeTriggerService#testCoordMaterializeTriggerService3
For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
+1 DISTRO
+1 distro tarball builds with the patch 


-1 Overall result, please check the reported -1(s)

 There is at least one warning, please check

The full output of the test-patch run is available at

 https://builds.apache.org/job/PreCommit-OOZIE-Build/347/

Adding comment to JIRA
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 
0100  31890 0  100  3189  0   3485 --:--:-- --:--:-- --:--:--  
3485{"self":"https://issues.apache.org/jira/rest/api/2/issue/13132441/comment/16338157","id":"16338157","author":{"self":"https://issues.apache.org/jira/rest/api/2/user?username=hadoopqa","name":"hadoopqa","key":"hadoopqa","emailAddress":"blackhole
 at hadoop dot apache dot 
org","avatarUrls":{"48x48":"https://issues.apache.org/jira/secure/useravatar?ownerId=hadoopqa=10393","24x24":"https://issues.apache.org/jira/secure/useravatar?size=small=hadoopqa=10393","16x16":"https://issues.apache.org/jira/secure/useravatar?size=xsmall=hadoopqa=10393","32x32":"https://issues.apache.org/jira/secure/useravatar?size=medium=hadoopqa=10393"},"displayName":"Hadoop

Re: [VOTE] Release Oozie 4.3.1 (candidate 2)

[Rohini Palaniswamy]

+1 (binding)

- Verified md5, signature, release log and rat report
- Ran the unit tests and they are good.
- Executed a simple workflow
- Verified that the tomcat is now 6.0.53

Regards,
Rohini

On Tue, Jan 23, 2018 at 4:27 PM, Satish Saley 
wrote:

> Hi,
>
> I have created a build for Oozie 4.3.1, candidate 2.
>
> It includes all the changes decided earlier except OOZIE-3018 and
> OOZIE-3072. OOZIE-3018 makes changes to SchemaCheckerService which we are
> not picking. OOZIE-3072 makes changes to files created in OOZIE-1770.
>
> Keys to verify the signature of the release artifact are available at
>   http://www.apache.org/dist/oozie/KEYS
>
> Please download, test, and try it out:
>
> http://people.apache.org/~satishsaley/oozie-4.3.1-rc-2/
>
>
> The release, md5 signature, gpg signature, and rat report can be found at
> the above address.
>
> Vote closes on 01/26/2018 11:59 PM PT.
>

[jira] [Commented] (OOZIE-3163) improve documentation rendering: use fluido skin and better config

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16338050#comment-16338050
 ] 

Hadoop QA commented on OOZIE-3163:
--

PreCommit-OOZIE-Build started


> improve documentation rendering: use fluido skin and better config
> --
>
> Key: OOZIE-3163
> URL: https://issues.apache.org/jira/browse/OOZIE-3163
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Assignee: Hervé Boutemy
>Priority: Major
> Fix For: 5.0.0
>
> Attachments: 34.patch
>
>
> Current output is really ugly: as Maven maintainer, I can't let Oozie with 
> such awful result :)
> Even with old maven-site-plugin 2.0-beta-6 (we'll see later how to upgrade), 
> using Fluido skin would improve output a lot
> Pull Request coming



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3163) improve documentation rendering: use fluido skin and better config

[JIRA]

[ 
https://issues.apache.org/jira/browse/OOZIE-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337981#comment-16337981
 ] 

Hervé Boutemy commented on OOZIE-3163:
--

patch attached

thanks for merging: I'm eager to see an improved documentation for a next 
release :)

> improve documentation rendering: use fluido skin and better config
> --
>
> Key: OOZIE-3163
> URL: https://issues.apache.org/jira/browse/OOZIE-3163
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Assignee: Hervé Boutemy
>Priority: Major
> Fix For: 4.3.1
>
> Attachments: 34.patch
>
>
> Current output is really ugly: as Maven maintainer, I can't let Oozie with 
> such awful result :)
> Even with old maven-site-plugin 2.0-beta-6 (we'll see later how to upgrade), 
> using Fluido skin would improve output a lot
> Pull Request coming



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (OOZIE-3163) improve documentation rendering: use fluido skin and better config

[JIRA]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Hervé Boutemy updated OOZIE-3163:
-
Attachment: 34.patch

> improve documentation rendering: use fluido skin and better config
> --
>
> Key: OOZIE-3163
> URL: https://issues.apache.org/jira/browse/OOZIE-3163
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Assignee: Hervé Boutemy
>Priority: Major
> Fix For: 4.3.1
>
> Attachments: 34.patch
>
>
> Current output is really ugly: as Maven maintainer, I can't let Oozie with 
> such awful result :)
> Even with old maven-site-plugin 2.0-beta-6 (we'll see later how to upgrade), 
> using Fluido skin would improve output a lot
> Pull Request coming



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337962#comment-16337962
 ] 

Hadoop QA commented on OOZIE-3157:
--


Testing JIRA OOZIE-3157

Cleaning local git workspace



{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:green}+1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any line longer than 
132
.{color:green}+1{color} the patch adds/modifies 2 testcase(s)
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT 
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} the patch does not seem to introduce new Javadoc 
warnings
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac 
warnings
{color:green}+1{color} There are no new bugs found in total.
. {color:green}+1{color} There are no new bugs found in [core].
. {color:green}+1{color} There are no new bugs found in [tools].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive2].
. {color:green}+1{color} There are no new bugs found in [sharelib/distcp].
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
. {color:green}+1{color} There are no new bugs found in [sharelib/oozie].
. {color:green}+1{color} There are no new bugs found in [sharelib/pig].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive].
. {color:green}+1{color} There are no new bugs found in [sharelib/spark].
. {color:green}+1{color} There are no new bugs found in [client].
. {color:green}+1{color} There are no new bugs found in [examples].
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:green}+1{color} There are no new bugs found in [server].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA 
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:green}+1 TESTS{color}
.Tests run: 2090
.{color:orange}Tests failed at first run:{color}
TestJavaActionExecutor#testCredentialsSkip
TestCoordActionsKillXCommand#testActionKillCommandActionNumbers
TestHiveActionExecutor#testHiveAction
.For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
{color:green}+1 DISTRO{color}
.{color:green}+1{color} distro tarball builds with the patch 


{color:green}*+1 Overall result, good!, no -1s*{color}


The full output of the test-patch run is available at

. https://builds.apache.org/job/PreCommit-OOZIE-Build/346/



> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch, 
> OOZIE-3157-003.patch, OOZIE-3157-004.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> 

Success: OOZIE-3157 PreCommit Build #346

[Apache Jenkins Server]

Jira: https://issues.apache.org/jira/browse/OOZIE-3157
Build: https://builds.apache.org/job/PreCommit-OOZIE-Build/346/

###
## LAST 100 LINES OF THE CONSOLE 
###
[...truncated 1.58 MB...]
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/oozie].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/pig].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/hive].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/spark].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [client].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [examples].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [docs].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [server].
[INFO] There are no new bugs found totally].
[TRACE] FindBugs diffs checked and reports created
[TRACE] Summary file size is 2110 bytes
[TRACE] Full summary file size is 1248 bytes
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar]
 removed
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar.md5sum]
 removed
  Running test-patch task BACKWARDS_COMPATIBILITY
  Running test-patch task TESTS
  Running test-patch task DISTRO


Testing JIRA OOZIE-3157

Cleaning local git workspace



+1 PATCH_APPLIES
+1 CLEAN
+1 RAW_PATCH_ANALYSIS
+1 the patch does not introduce any @author tags
+1 the patch does not introduce any tabs
+1 the patch does not introduce any trailing spaces
+1 the patch does not introduce any line longer than 132
+1 the patch adds/modifies 2 testcase(s)
+1 RAT
+1 the patch does not seem to introduce new RAT warnings
+1 JAVADOC
+1 the patch does not seem to introduce new Javadoc warnings
+1 COMPILE
+1 HEAD compiles
+1 patch compiles
+1 the patch does not seem to introduce new javac warnings
+1 There are no new bugs found in total.
 +1 There are no new bugs found in [core].
 +1 There are no new bugs found in [tools].
 +1 There are no new bugs found in [sharelib/hive2].
 +1 There are no new bugs found in [sharelib/distcp].
 +1 There are no new bugs found in [sharelib/hcatalog].
 +1 There are no new bugs found in [sharelib/streaming].
 +1 There are no new bugs found in [sharelib/sqoop].
 +1 There are no new bugs found in [sharelib/oozie].
 +1 There are no new bugs found in [sharelib/pig].
 +1 There are no new bugs found in [sharelib/hive].
 +1 There are no new bugs found in [sharelib/spark].
 +1 There are no new bugs found in [client].
 +1 There are no new bugs found in [examples].
 +1 There are no new bugs found in [docs].
 +1 There are no new bugs found in [server].
+1 BACKWARDS_COMPATIBILITY
+1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient 
annotations
+1 the patch does not modify JPA files
+1 TESTS
Tests run: 2090
Tests failed at first run:
TestJavaActionExecutor#testCredentialsSkip
TestCoordActionsKillXCommand#testActionKillCommandActionNumbers
TestHiveActionExecutor#testHiveAction
For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
+1 DISTRO
+1 distro tarball builds with the patch 


+1 Overall result, good!, no -1s


The full output of the test-patch run is available at

 https://builds.apache.org/job/PreCommit-OOZIE-Build/346/

Adding comment to JIRA
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 
0{"self":"https://issues.apache.org/jira/rest/api/2/issue/13130246/comment/16337962","id":"16337962","author":{"self":"https://issues.apache.org/jira/rest/api/2/user?username=hadoopqa","name":"hadoopqa","key":"hadoopqa","emailAddress":"blackhole
 at hadoop dot apache dot 

[jira] [Commented] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337807#comment-16337807
 ] 

Hadoop QA commented on OOZIE-3157:
--

PreCommit-OOZIE-Build started


> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch, 
> OOZIE-3157-003.patch, OOZIE-3157-004.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
> at 
> org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
> 

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Kinga Marton via Review Board]

> On Jan. 24, 2018, 1:54 p.m., Attila Sasvari wrote:
> > server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
> > Lines 169 (patched)
> > 
> >
> > What happens if a truststore password starts/ends with whitespaces on 
> > purpose? trim() would remove leading and trailing whitespaces and Oozie 
> > won't be able to open the truststore?

Actually this is how it was in the SSlServerConnectorFactory and I believed 
that that trim was for a purpose there. But as we discussed I removed it, and I 
corrected the keystore part as well from SSlServerConnectorFactory


- Kinga


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/#review196112
---


On Jan. 24, 2018, 3:53 p.m., Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65287/
> ---
> 
> (Updated Jan. 24, 2018, 3:53 p.m.)
> 
> 
> Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> oozie.https.truststore.file is not read and used when oozie.https.enabled is 
> false in oozie-site xml. As a result, the Oozie server will be unable to 
> communicate with servers with unsigned certificate. It is a critical problem 
> as authentication may involve external servers (for example KMS with 
> self-signed certificate). Submitting a workflow in such an environment can 
> result in an exception like:
> 
> `2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
>  

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Kinga Marton via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/
---

(Updated Jan. 24, 2018, 3:53 p.m.)


Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.


Repository: oozie-git


Description
---

oozie.https.truststore.file is not read and used when oozie.https.enabled is 
false in oozie-site xml. As a result, the Oozie server will be unable to 
communicate with servers with unsigned certificate. It is a critical problem as 
authentication may involve external servers (for example KMS with self-signed 
certificate). Submitting a workflow in such an environment can result in an 
exception like:

`2018-01-08 10:13:51,471 WARN 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
IOException: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
at 
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
at 
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
at 
org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
at 
org.apache.hadoop.hdfs.DFSClient.createWrappedInputStream(DFSClient.java:945)
at 
org.apache.hadoop.hdfs.DistributedFileSystem$4.doCall(DistributedFileSystem.java:315)
at 
org.apache.hadoop.hdfs.DistributedFileSystem$4.doCall(DistributedFileSystem.java:310)
at 
org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at 
org.apache.hadoop.hdfs.DistributedFileSystem.open(DistributedFileSystem.java:322)
at org.apache.hadoop.fs.FileSystem.open(FileSystem.java:949)
at 

[jira] [Updated] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Julia Kinga Marton (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julia Kinga Marton updated OOZIE-3157:
--
Attachment: OOZIE-3157-004.patch

> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch, 
> OOZIE-3157-003.patch, OOZIE-3157-004.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
> at 
> org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
> at 
> 

[jira] [Updated] (OOZIE-3087) Add option to rerun "failed and subsequent nodes" to rerun

[Peter Cseh (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Cseh updated OOZIE-3087:
--
Description: 
§Right now rerun has two options:
 - rerun failed
 - rerun all but specify which nodes to skip

We should create an option that says "start from the last failed node and force 
rerun everything after". 
 Imagine a scenario where there is a fork where every action in the fork goes 
to the join node in both the  and the  transition. This can happen 
to avoid killing every action in the fork when one of them fails. Later they 
can use a decision node to check if any of the actions failed in the fork.

If one of the actions in the fork fails and the WF is rerun with the "failed 
only" option, the decision node won't get re-executed as it haven't failed 
before. The new option would solve this issue

  was:
Right now rerun has two options:
- rerun failed
- rerun all but specify which nodes to skip

We should create an option that says "start from the last  failed node and 
force rerun everything after". 
Imagine a scenario where there is a fork where every action in the fork goes to 
the join node in both the  and the  transition. This can happen to 
avoid killing every action in the fork when one of them fails. Later they can 
use a decision node to check if any of the actions failed in the fork.

If one of the actions in the fork fails and the WF is rerun with the "failed 
only" option, the decision node won't get re-executed as it haven't failed 
before. The new option would solve this issue



> Add option to rerun "failed and subsequent nodes" to rerun
> --
>
> Key: OOZIE-3087
> URL: https://issues.apache.org/jira/browse/OOZIE-3087
> Project: Oozie
>  Issue Type: New Feature
>  Components: core
>Reporter: Peter Cseh
>Priority: Major
>
> §Right now rerun has two options:
>  - rerun failed
>  - rerun all but specify which nodes to skip
> We should create an option that says "start from the last failed node and 
> force rerun everything after". 
>  Imagine a scenario where there is a fork where every action in the fork goes 
> to the join node in both the  and the  transition. This can happen 
> to avoid killing every action in the fork when one of them fails. Later they 
> can use a decision node to check if any of the actions failed in the fork.
> If one of the actions in the fork fails and the WF is rerun with the "failed 
> only" option, the decision node won't get re-executed as it haven't failed 
> before. The new option would solve this issue



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Kinga Marton via Review Board]

> On Jan. 23, 2018, 3:17 p.m., Attila Sasvari wrote:
> > Please update documentation and mention truststore related things: it might 
> > be needed even for scenarios without HTTPS (if Oozie needs to talk with 
> > servers with self-signed certificates), config properties can be overriden 
> > via system properties.

Done.


- Kinga


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/#review196011
---


On Jan. 24, 2018, 12:19 p.m., Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65287/
> ---
> 
> (Updated Jan. 24, 2018, 12:19 p.m.)
> 
> 
> Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> oozie.https.truststore.file is not read and used when oozie.https.enabled is 
> false in oozie-site xml. As a result, the Oozie server will be unable to 
> communicate with servers with unsigned certificate. It is a critical problem 
> as authentication may involve external servers (for example KMS with 
> self-signed certificate). Submitting a workflow in such an environment can 
> result in an exception like:
> 
> `2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> 

[jira] [Updated] (OOZIE-3087) Add option to rerun "failed and subsequent nodes" to rerun

[Peter Cseh (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Cseh updated OOZIE-3087:
--
Issue Type: New Feature  (was: Bug)

> Add option to rerun "failed and subsequent nodes" to rerun
> --
>
> Key: OOZIE-3087
> URL: https://issues.apache.org/jira/browse/OOZIE-3087
> Project: Oozie
>  Issue Type: New Feature
>  Components: core
>Reporter: Peter Cseh
>Priority: Major
>
> Right now rerun has two options:
> - rerun failed
> - rerun all but specify which nodes to skip
> We should create an option that says "start from the last  failed node and 
> force rerun everything after". 
> Imagine a scenario where there is a fork where every action in the fork goes 
> to the join node in both the  and the  transition. This can happen 
> to avoid killing every action in the fork when one of them fails. Later they 
> can use a decision node to check if any of the actions failed in the fork.
> If one of the actions in the fork fails and the WF is rerun with the "failed 
> only" option, the decision node won't get re-executed as it haven't failed 
> before. The new option would solve this issue



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Failed: OOZIE-3168 PreCommit Build #345

[Apache Jenkins Server]

Jira: https://issues.apache.org/jira/browse/OOZIE-3168
Build: https://builds.apache.org/job/PreCommit-OOZIE-Build/345/

###
## LAST 100 LINES OF THE CONSOLE 
###
[...truncated 1.58 MB...]
[DEBUG] There are no new bugs found in [sharelib/oozie].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/pig].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/hive].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/spark].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [client].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [examples].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [docs].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [server].
[INFO] There are no new bugs found totally].
[TRACE] FindBugs diffs checked and reports created
[TRACE] Summary file size is 2111 bytes
[TRACE] Full summary file size is 1248 bytes
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar]
 removed
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar.md5sum]
 removed
  Running test-patch task BACKWARDS_COMPATIBILITY
  Running test-patch task TESTS
  Running test-patch task DISTRO


Testing JIRA OOZIE-3168

Cleaning local git workspace



+1 PATCH_APPLIES
+1 CLEAN
-1 RAW_PATCH_ANALYSIS
+1 the patch does not introduce any @author tags
+1 the patch does not introduce any tabs
+1 the patch does not introduce any trailing spaces
+1 the patch does not introduce any line longer than 132
-1 the patch does not add/modify any testcase
+1 RAT
+1 the patch does not seem to introduce new RAT warnings
+1 JAVADOC
+1 the patch does not seem to introduce new Javadoc warnings
+1 COMPILE
+1 HEAD compiles
+1 patch compiles
+1 the patch does not seem to introduce new javac warnings
+1 There are no new bugs found in total.
 +1 There are no new bugs found in [core].
 +1 There are no new bugs found in [tools].
 +1 There are no new bugs found in [sharelib/hive2].
 +1 There are no new bugs found in [sharelib/distcp].
 +1 There are no new bugs found in [sharelib/hcatalog].
 +1 There are no new bugs found in [sharelib/streaming].
 +1 There are no new bugs found in [sharelib/sqoop].
 +1 There are no new bugs found in [sharelib/oozie].
 +1 There are no new bugs found in [sharelib/pig].
 +1 There are no new bugs found in [sharelib/hive].
 +1 There are no new bugs found in [sharelib/spark].
 +1 There are no new bugs found in [client].
 +1 There are no new bugs found in [examples].
 +1 There are no new bugs found in [docs].
 +1 There are no new bugs found in [server].
+1 BACKWARDS_COMPATIBILITY
+1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient 
annotations
+1 the patch does not modify JPA files
+1 TESTS
Tests run: 2087
Tests failed at first run:
TestJavaActionExecutor#testCredentialsSkip
TestJMSAccessorService#testConnectionRetryExceptionListener
TestHiveActionExecutor#testHiveAction
For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
+1 DISTRO
+1 distro tarball builds with the patch 


-1 Overall result, please check the reported -1(s)


The full output of the test-patch run is available at

 https://builds.apache.org/job/PreCommit-OOZIE-Build/345/

Adding comment to JIRA
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0  
0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 
0{"self":"https://issues.apache.org/jira/rest/api/2/issue/1317/comment/16337660","id":"16337660","author":{"self":"https://issues.apache.org/jira/rest/api/2/user?username=hadoopqa","name":"hadoopqa","key":"hadoopqa","emailAddress":"blackhole
 at hadoop dot apache dot 

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Peter Bacsko via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/#review196114
---




server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
Lines 109-110 (patched)


If the verify() methods above fail, then these two properties will not be 
cleared and can possibly affect the remaining tests.


- Peter Bacsko


On jan. 24, 2018, 12:19 du, Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65287/
> ---
> 
> (Updated jan. 24, 2018, 12:19 du)
> 
> 
> Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> oozie.https.truststore.file is not read and used when oozie.https.enabled is 
> false in oozie-site xml. As a result, the Oozie server will be unable to 
> communicate with servers with unsigned certificate. It is a critical problem 
> as authentication may involve external servers (for example KMS with 
> self-signed certificate). Submitting a workflow in such an environment can 
> result in an exception like:
> 
> `2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> 

Failed: OOZIE-3157 PreCommit Build #344

[Apache Jenkins Server]

Jira: https://issues.apache.org/jira/browse/OOZIE-3157
Build: https://builds.apache.org/job/PreCommit-OOZIE-Build/344/

###
## LAST 100 LINES OF THE CONSOLE 
###
[...truncated 1.58 MB...]
[DEBUG] There are no new bugs found in [tools].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [server].
[INFO] There are no new bugs found totally].
[TRACE] FindBugs diffs checked and reports created
[TRACE] Summary file size is 2186 bytes
[TRACE] Full summary file size is 1248 bytes
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar]
 removed
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/FINDBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar.md5sum]
 removed
  Running test-patch task BACKWARDS_COMPATIBILITY
  Running test-patch task TESTS
  Running test-patch task DISTRO


Testing JIRA OOZIE-3157

Cleaning local git workspace



+1 PATCH_APPLIES
+1 CLEAN
+1 RAW_PATCH_ANALYSIS
+1 the patch does not introduce any @author tags
+1 the patch does not introduce any tabs
+1 the patch does not introduce any trailing spaces
+1 the patch does not introduce any line longer than 132
+1 the patch adds/modifies 2 testcase(s)
+1 RAT
+1 the patch does not seem to introduce new RAT warnings
+1 JAVADOC
+1 the patch does not seem to introduce new Javadoc warnings
WARNING: the current HEAD has 100 Javadoc warning(s)
+1 COMPILE
+1 HEAD compiles
+1 patch compiles
+1 the patch does not seem to introduce new javac warnings
+1 There are no new bugs found in total.
 +1 There are no new bugs found in [docs].
 +1 There are no new bugs found in [sharelib/distcp].
 +1 There are no new bugs found in [sharelib/hive].
 +1 There are no new bugs found in [sharelib/spark].
 +1 There are no new bugs found in [sharelib/hive2].
 +1 There are no new bugs found in [sharelib/hcatalog].
 +1 There are no new bugs found in [sharelib/streaming].
 +1 There are no new bugs found in [sharelib/pig].
 +1 There are no new bugs found in [sharelib/sqoop].
 +1 There are no new bugs found in [sharelib/oozie].
 +1 There are no new bugs found in [examples].
 +1 There are no new bugs found in [client].
 +1 There are no new bugs found in [core].
 +1 There are no new bugs found in [tools].
 +1 There are no new bugs found in [server].
+1 BACKWARDS_COMPATIBILITY
+1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient 
annotations
+1 the patch does not modify JPA files
-1 TESTS
Tests run: 2090
Tests failed: 3
Tests errors: 1

The patch failed the following testcases:

testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerService)
testCoordActionRecoveryServiceForWaitingRegisterPartition(org.apache.oozie.service.TestRecoveryService)
testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerEhcache)

Tests failing with errors:
testConnectionRetry(org.apache.oozie.service.TestJMSAccessorService)

Tests failed at first run:
TestJavaActionExecutor#testCredentialsSkip
For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
+1 DISTRO
+1 distro tarball builds with the patch 


-1 Overall result, please check the reported -1(s)

 There is at least one warning, please check

The full output of the test-patch run is available at

 https://builds.apache.org/job/PreCommit-OOZIE-Build/344/

Adding comment to JIRA
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0  
0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 
0{"self":"https://issues.apache.org/jira/rest/api/2/issue/13130246/comment/16337606","id":"16337606","author":{"self":"https://issues.apache.org/jira/rest/api/2/user?username=hadoopqa","name":"hadoopqa","key":"hadoopqa","emailAddress":"blackhole
 at hadoop dot apache dot 
org","avatarUrls":{"48x48":"https://issues.apache.org/jira/secure/useravatar?ownerId=hadoopqa=10393","24x24":"https://issues.apache.org/jira/secure/useravatar?size=small=hadoopqa=10393","16x16":"https://issues.apache.org/jira/secure/useravatar?size=xsmall=hadoopqa=10393","32x32":"https://issues.apache.org/jira/secure/useravatar?size=medium=hadoopqa=10393"},"displayName":"Hadoop
 QA","active":true,"timeZone":"Etc/UTC"},"body":"\nTesting JIRA 
OOZIE-3157\n\nCleaning local git 
workspace\n\n\n\n{color:green}+1 
PATCH_APPLIES{color}\n{color:green}+1 CLEAN{color}\n{color:green}+1 
RAW_PATCH_ANALYSIS{color}\n.{color:green}+1{color} the patch does not 
introduce 

[jira] [Commented] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337606#comment-16337606
 ] 

Hadoop QA commented on OOZIE-3157:
--


Testing JIRA OOZIE-3157

Cleaning local git workspace



{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:green}+1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any line longer than 
132
.{color:green}+1{color} the patch adds/modifies 2 testcase(s)
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT 
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} the patch does not seem to introduce new Javadoc 
warnings
.{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s)
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac 
warnings
{color:green}+1{color} There are no new bugs found in total.
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:green}+1{color} There are no new bugs found in [sharelib/distcp].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive].
. {color:green}+1{color} There are no new bugs found in [sharelib/spark].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive2].
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:green}+1{color} There are no new bugs found in [sharelib/pig].
. {color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
. {color:green}+1{color} There are no new bugs found in [sharelib/oozie].
. {color:green}+1{color} There are no new bugs found in [examples].
. {color:green}+1{color} There are no new bugs found in [client].
. {color:green}+1{color} There are no new bugs found in [core].
. {color:green}+1{color} There are no new bugs found in [tools].
. {color:green}+1{color} There are no new bugs found in [server].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA 
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
.Tests run: 2090
.Tests failed: 3
.Tests errors: 1

.The patch failed the following testcases:

testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerService)
testCoordActionRecoveryServiceForWaitingRegisterPartition(org.apache.oozie.service.TestRecoveryService)
testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerEhcache)

.Tests failing with errors:
testConnectionRetry(org.apache.oozie.service.TestJMSAccessorService)

.{color:orange}Tests failed at first run:{color}
TestJavaActionExecutor#testCredentialsSkip
.For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
{color:green}+1 DISTRO{color}
.{color:green}+1{color} distro tarball builds with the patch 


{color:red}*-1 Overall result, please check the reported -1(s)*{color}

{color:red}. There is at least one warning, please check{color}

The full output of the test-patch run is available at

. https://builds.apache.org/job/PreCommit-OOZIE-Build/344/



> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch, 
> OOZIE-3157-003.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path 

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Attila Sasvari via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/#review196112
---




server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
Lines 169 (patched)


What happens if a truststore password starts/ends with whitespaces on 
purpose? trim() would remove leading and trailing whitespaces and Oozie won't 
be able to open the truststore?


- Attila Sasvari


On Jan. 24, 2018, 12:19 p.m., Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65287/
> ---
> 
> (Updated Jan. 24, 2018, 12:19 p.m.)
> 
> 
> Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> oozie.https.truststore.file is not read and used when oozie.https.enabled is 
> false in oozie-site xml. As a result, the Oozie server will be unable to 
> communicate with servers with unsigned certificate. It is a critical problem 
> as authentication may involve external servers (for example KMS with 
> self-signed certificate). Submitting a workflow in such an environment can 
> result in an exception like:
> 
> `2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> 

[jira] [Commented] (OOZIE-3166) Remove tomcat alias from AG_Install.twiki: To use a Self-Signed Certificate part

[Andras Piros (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337572#comment-16337572
 ] 

Andras Piros commented on OOZIE-3166:
-

Thanks [~kmarton] for pointing this scenario out! I didn't think 
{{addtowar.sh}} still exists. +1

> Remove tomcat alias from AG_Install.twiki: To use a Self-Signed Certificate 
> part
> 
>
> Key: OOZIE-3166
> URL: https://issues.apache.org/jira/browse/OOZIE-3166
> Project: Oozie
>  Issue Type: Bug
>  Components: docs
>Affects Versions: trunk
>Reporter: Julia Kinga Marton
>Assignee: Julia Kinga Marton
>Priority: Minor
> Attachments: OOZIE-3166-001.patch
>
>
> The following description part is wrong because is tomcat specific:
> [https://github.com/apache/oozie/blob/master/docs/src/site/twiki/AG_Install.twiki#L725-L741]
> Here the tomcat alias should be replaced by jetty.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3168) Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337556#comment-16337556
 ] 

Hadoop QA commented on OOZIE-3168:
--

PreCommit-OOZIE-Build started


> Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh 
> ---
>
> Key: OOZIE-3168
> URL: https://issues.apache.org/jira/browse/OOZIE-3168
> Project: Oozie
>  Issue Type: Bug
>  Components: docs, scripts
>Affects Versions: trunk
>Reporter: Julia Kinga Marton
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3168-001.patch
>
>
> The DG_QuickStart.twiki still contains reference to the -secure option from 
> DG_QuickStart.twiki: 
> [https://github.com/apache/oozie/blob/master/docs/src/site/twiki/DG_QuickStart.twiki#L149-L150]
> This is a valid option in the oozie-setup.sh, but is not used anymore.
> oozie-setup.ps1 also contains reference to -prepare-war and -secure options:
> [https://github.com/apache/oozie/blob/master/distro/src/main/bin/oozie-setup.ps1#L26]
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (OOZIE-3168) Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh

[Julia Kinga Marton (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julia Kinga Marton updated OOZIE-3168:
--
Attachment: OOZIE-3168-001.patch

> Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh 
> ---
>
> Key: OOZIE-3168
> URL: https://issues.apache.org/jira/browse/OOZIE-3168
> Project: Oozie
>  Issue Type: Bug
>  Components: docs, scripts
>Affects Versions: trunk
>Reporter: Julia Kinga Marton
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3168-001.patch
>
>
> The DG_QuickStart.twiki still contains reference to the -secure option from 
> DG_QuickStart.twiki: 
> [https://github.com/apache/oozie/blob/master/docs/src/site/twiki/DG_QuickStart.twiki#L149-L150]
> This is a valid option in the oozie-setup.sh, but is not used anymore.
> oozie-setup.ps1 also contains reference to -prepare-war and -secure options:
> [https://github.com/apache/oozie/blob/master/distro/src/main/bin/oozie-setup.ps1#L26]
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3168) Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh

[Julia Kinga Marton (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337532#comment-16337532
 ] 

Julia Kinga Marton commented on OOZIE-3168:
---

oozie-setup.ps1 is adjusted in OOZIE-2836

> Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh 
> ---
>
> Key: OOZIE-3168
> URL: https://issues.apache.org/jira/browse/OOZIE-3168
> Project: Oozie
>  Issue Type: Bug
>  Components: docs, scripts
>Affects Versions: trunk
>Reporter: Julia Kinga Marton
>Assignee: Julia Kinga Marton
>Priority: Major
>
> The DG_QuickStart.twiki still contains reference to the -secure option from 
> DG_QuickStart.twiki: 
> [https://github.com/apache/oozie/blob/master/docs/src/site/twiki/DG_QuickStart.twiki#L149-L150]
> This is a valid option in the oozie-setup.sh, but is not used anymore.
> oozie-setup.ps1 also contains reference to -prepare-war and -secure options:
> [https://github.com/apache/oozie/blob/master/distro/src/main/bin/oozie-setup.ps1#L26]
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3164) upgrade maven-site-plugin to 3.x (2.x does not render reports with Maven 3)

[Andras Piros (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337528#comment-16337528
 ] 

Andras Piros commented on OOZIE-3164:
-

Good idea [~hboutemy]! No information about the TWiki Doxia parser details.

> upgrade maven-site-plugin to 3.x (2.x does not render reports with Maven 3)
> ---
>
> Key: OOZIE-3164
> URL: https://issues.apache.org/jira/browse/OOZIE-3164
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Priority: Major
>
> as seen in OOZIE-3163, even with completely obsolete 2.0-beta-6, you can get 
> decent rendering
> But you really need to upgrade to 3.x since it has been done to be able to 
> run Maven reports
> And latest Skins, with useful features like recent edit icon , will require 
> recent maven-site-plugin
> And if you really want to switch to Markdown OOZIE-2734, you also need recent 
> maven-site-plugin



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (OOZIE-3164) upgrade maven-site-plugin to 3.x (2.x does not render reports with Maven 3)

[Andras Piros (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Piros reassigned OOZIE-3164:
---

Assignee: (was: Hervé Boutemy)

> upgrade maven-site-plugin to 3.x (2.x does not render reports with Maven 3)
> ---
>
> Key: OOZIE-3164
> URL: https://issues.apache.org/jira/browse/OOZIE-3164
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Priority: Major
>
> as seen in OOZIE-3163, even with completely obsolete 2.0-beta-6, you can get 
> decent rendering
> But you really need to upgrade to 3.x since it has been done to be able to 
> run Maven reports
> And latest Skins, with useful features like recent edit icon , will require 
> recent maven-site-plugin
> And if you really want to switch to Markdown OOZIE-2734, you also need recent 
> maven-site-plugin



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (OOZIE-3164) upgrade maven-site-plugin to 3.x (2.x does not render reports with Maven 3)

[Andras Piros (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Piros reassigned OOZIE-3164:
---

Assignee: Hervé Boutemy

> upgrade maven-site-plugin to 3.x (2.x does not render reports with Maven 3)
> ---
>
> Key: OOZIE-3164
> URL: https://issues.apache.org/jira/browse/OOZIE-3164
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Assignee: Hervé Boutemy
>Priority: Major
>
> as seen in OOZIE-3163, even with completely obsolete 2.0-beta-6, you can get 
> decent rendering
> But you really need to upgrade to 3.x since it has been done to be able to 
> run Maven reports
> And latest Skins, with useful features like recent edit icon , will require 
> recent maven-site-plugin
> And if you really want to switch to Markdown OOZIE-2734, you also need recent 
> maven-site-plugin



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (OOZIE-3163) improve documentation rendering: use fluido skin and better config

[Andras Piros (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Piros reassigned OOZIE-3163:
---

Assignee: Hervé Boutemy

> improve documentation rendering: use fluido skin and better config
> --
>
> Key: OOZIE-3163
> URL: https://issues.apache.org/jira/browse/OOZIE-3163
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Assignee: Hervé Boutemy
>Priority: Major
> Fix For: 4.3.1
>
>
> Current output is really ugly: as Maven maintainer, I can't let Oozie with 
> such awful result :)
> Even with old maven-site-plugin 2.0-beta-6 (we'll see later how to upgrade), 
> using Fluido skin would improve output a lot
> Pull Request coming



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3163) improve documentation rendering: use fluido skin and better config

[Andras Piros (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337521#comment-16337521
 ] 

Andras Piros commented on OOZIE-3163:
-

Thanks [~hboutemy]! Can you please also upload [the 
patch|https://patch-diff.githubusercontent.com/raw/apache/oozie/pull/34.patch] 
to the Jira issue as well?

> improve documentation rendering: use fluido skin and better config
> --
>
> Key: OOZIE-3163
> URL: https://issues.apache.org/jira/browse/OOZIE-3163
> Project: Oozie
>  Issue Type: Task
>  Components: docs
>Affects Versions: 4.3.0
>Reporter: Hervé Boutemy
>Priority: Major
> Fix For: 4.3.1
>
>
> Current output is really ugly: as Maven maintainer, I can't let Oozie with 
> such awful result :)
> Even with old maven-site-plugin 2.0-beta-6 (we'll see later how to upgrade), 
> using Fluido skin would improve output a lot
> Pull Request coming



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3166) Remove tomcat alias from AG_Install.twiki: To use a Self-Signed Certificate part

[Andras Piros (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337506#comment-16337506
 ] 

Andras Piros commented on OOZIE-3166:
-

Thanks for the patch [~kmarton]!

While you're at it, could you please remove all the other Tomcat references 
from {{AG_Install.twiki}}? Like the whole section *Setting Up Oozie with an 
Alternate Tomcat*. Thanks!

> Remove tomcat alias from AG_Install.twiki: To use a Self-Signed Certificate 
> part
> 
>
> Key: OOZIE-3166
> URL: https://issues.apache.org/jira/browse/OOZIE-3166
> Project: Oozie
>  Issue Type: Bug
>  Components: docs
>Affects Versions: trunk
>Reporter: Julia Kinga Marton
>Assignee: Julia Kinga Marton
>Priority: Minor
> Attachments: OOZIE-3166-001.patch
>
>
> The following description part is wrong because is tomcat specific:
> [https://github.com/apache/oozie/blob/master/docs/src/site/twiki/AG_Install.twiki#L725-L741]
> Here the tomcat alias should be replaced by jetty.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Hadoop QA (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337501#comment-16337501
 ] 

Hadoop QA commented on OOZIE-3157:
--

PreCommit-OOZIE-Build started


> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch, 
> OOZIE-3157-003.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
> at 
> org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
> at 
> 

[jira] [Updated] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Julia Kinga Marton (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julia Kinga Marton updated OOZIE-3157:
--
Attachment: OOZIE-3157-003.patch

> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch, 
> OOZIE-3157-003.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
> at 
> org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
> at 
> 

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Kinga Marton via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/
---

(Updated Jan. 24, 2018, 12:19 p.m.)


Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.


Repository: oozie-git


Description
---

oozie.https.truststore.file is not read and used when oozie.https.enabled is 
false in oozie-site xml. As a result, the Oozie server will be unable to 
communicate with servers with unsigned certificate. It is a critical problem as 
authentication may involve external servers (for example KMS with self-signed 
certificate). Submitting a workflow in such an environment can result in an 
exception like:

`2018-01-08 10:13:51,471 WARN 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
IOException: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
at 
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
at 
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
at 
org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
at 
org.apache.hadoop.hdfs.DFSClient.createWrappedInputStream(DFSClient.java:945)
at 
org.apache.hadoop.hdfs.DistributedFileSystem$4.doCall(DistributedFileSystem.java:315)
at 
org.apache.hadoop.hdfs.DistributedFileSystem$4.doCall(DistributedFileSystem.java:310)
at 
org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at 
org.apache.hadoop.hdfs.DistributedFileSystem.open(DistributedFileSystem.java:322)
at org.apache.hadoop.fs.FileSystem.open(FileSystem.java:949)
at 

Re: Review Request 65287: OOZIE-3157 - Setup truststore so that it also works in HTTP only mode

[Kinga Marton via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65287/
---

(Updated Jan. 24, 2018, 12:17 p.m.)


Review request for oozie, András Piros, Attila Sasvari, and Peter Cseh.


Repository: oozie-git


Description
---

oozie.https.truststore.file is not read and used when oozie.https.enabled is 
false in oozie-site xml. As a result, the Oozie server will be unable to 
communicate with servers with unsigned certificate. It is a critical problem as 
authentication may involve external servers (for example KMS with self-signed 
certificate). Submitting a workflow in such an environment can result in an 
exception like:

`2018-01-08 10:13:51,471 WARN 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
IOException: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
at 
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
at 
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
at 
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
at 
org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
at 
org.apache.hadoop.hdfs.DFSClient.createWrappedInputStream(DFSClient.java:945)
at 
org.apache.hadoop.hdfs.DistributedFileSystem$4.doCall(DistributedFileSystem.java:315)
at 
org.apache.hadoop.hdfs.DistributedFileSystem$4.doCall(DistributedFileSystem.java:310)
at 
org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at 
org.apache.hadoop.hdfs.DistributedFileSystem.open(DistributedFileSystem.java:322)
at org.apache.hadoop.fs.FileSystem.open(FileSystem.java:949)
at 

[jira] [Updated] (OOZIE-3157) Setup truststore so that it also works in HTTP only mode

[Julia Kinga Marton (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OOZIE-3157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julia Kinga Marton updated OOZIE-3157:
--
Attachment: OOZIE-3157-002.patch

> Setup truststore so that it also works in HTTP only mode
> 
>
> Key: OOZIE-3157
> URL: https://issues.apache.org/jira/browse/OOZIE-3157
> Project: Oozie
>  Issue Type: Bug
>Affects Versions: trunk, 5.0.0b1
>Reporter: Attila Sasvari
>Assignee: Julia Kinga Marton
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3157-001.patch, OOZIE-3157-002.patch
>
>
> {{oozie.https.truststore.file}} is not read and used when 
> {{oozie.https.enabled}} is false in {{oozie-site xml}}. As a result, the 
> Oozie server will be unable to communicate with servers with unsigned 
> certificate. It is a critical problem as authentication may involve external 
> servers (for example KMS with self-signed certificate). Submitting a workflow 
> in such an environment can result in an exception like:
> {code}
> 2018-01-08 10:13:51,471 WARN 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider: 
> SERVER[myserver] KMS provider at [https://myserver:16000/kms/v1/] threw an 
> IOException: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>  find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
> at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:144)
> at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
> at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:333)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:477)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:472)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:471)
> at 
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:287)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$5.call(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:123)
> at 
> org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.decryptEncryptedKey(LoadBalancingKMSClientProvider.java:283)
> at 
> org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:532)
> at 
> org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:926)
> at 
> 

[jira] [Created] (OOZIE-3168) Remove -secure option from DG_QuickStart.twiki and from oozie-setup.sh

[Julia Kinga Marton (JIRA)]

Julia Kinga Marton created OOZIE-3168:
-

 Summary: Remove -secure option from DG_QuickStart.twiki and from 
oozie-setup.sh 
 Key: OOZIE-3168
 URL: https://issues.apache.org/jira/browse/OOZIE-3168
 Project: Oozie
  Issue Type: Bug
  Components: docs, scripts
Affects Versions: trunk
Reporter: Julia Kinga Marton
Assignee: Julia Kinga Marton


The DG_QuickStart.twiki still contains reference to the -secure option from 
DG_QuickStart.twiki: 
[https://github.com/apache/oozie/blob/master/docs/src/site/twiki/DG_QuickStart.twiki#L149-L150]

This is a valid option in the oozie-setup.sh, but is not used anymore.

oozie-setup.ps1 also contains reference to -prepare-war and -secure options:

[https://github.com/apache/oozie/blob/master/distro/src/main/bin/oozie-setup.ps1#L26]

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-2681) fix javadoc to compile on JDK8 again

[Attila Sasvari (JIRA)]

[ 
https://issues.apache.org/jira/browse/OOZIE-2681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16337408#comment-16337408
 ] 

Attila Sasvari commented on OOZIE-2681:
---

{{mvn clean deploy -Papache-release -DskipTests fails with the following while 
generating Javadoc:}}
{code:java}
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-javadoc-plugin:2.10.4:jar (attach-javadocs) on 
project oozie-tools: MavenReportException: Error while generating Javadoc:
[ERROR] Exit code: 1 - 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBExportCLI.java:44:
 error: self-closing element not allowed
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBExportCLI.java:44:
 warning: empty  tag
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBExportCLI.java:49:
 error: self-closing element not allowed
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBExportCLI.java:49:
 warning: empty  tag
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBImportCLI.java:82:
 error: self-closing element not allowed
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBImportCLI.java:82:
 warning: empty  tag
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBImportCLI.java:88:
 error: self-closing element not allowed
[ERROR] * 
[ERROR] ^
[ERROR] 
/Users/asasvari/workspace/apache/oozie_master_push/tools/src/main/java/org/apache/oozie/tools/OozieDBImportCLI.java:88:
 warning: empty  tag
[ERROR] * 
[ERROR] ^
[ERROR] 
{code}
 

> fix javadoc to compile on JDK8 again
> 
>
> Key: OOZIE-2681
> URL: https://issues.apache.org/jira/browse/OOZIE-2681
> Project: Oozie
>  Issue Type: Sub-task
>  Components: build
>Affects Versions: 4.3.0
>Reporter: Robert Kanter
>Assignee: Peter Cseh
>Priority: Critical
> Fix For: 5.0.0b1
>
> Attachments: OOZIE-2681-00.patch, OOZIE-2681-01.patch, 
> OOZIE-2681-02.patch, OOZIE-2681-03.patch, OOZIE-2681-04.patch, 
> OOZIE-2681.06.patch, OOZIE-2681.07.patch, OOZIE-2681.08.patch, 
> OOZIE-2681.09.patch, OOZIE-2681.10.patch, OOZIE-2681.11.patch, 
> OOZIE-2681.12.patch, OOZIE-2681.13.patch, OOZIE-2681.14.patch, 
> OOZIE-2681.15.patch
>
>
> We have a lot of Javadoc build failures, which causes Oozie to fail to build 
> on Java 8, which is more strict than Java 6 or 7 was.  OOZIE-2178 fixed all 
> of these that existed at that time, but we've since introduced a lot more.  
> OOZIE-2487 made a workaround to prevent this from causing the build to fail, 
> but we should fix these (again) and remove the OOZIE-2487 workaround.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)