[jira] [Commented] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL
[ https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818823#comment-16818823 ] Andras Salamon commented on OOZIE-2972: --- [~dionusos] [~kmarton] We still support WAR creation, but it's not really tested since we started to use embedded Jetty. The documentation is definitely not useful, I've already opened OOZIE-3428 about that. > Server goes inconsistent when prepare war called with secure without SSL > > > Key: OOZIE-2972 > URL: https://issues.apache.org/jira/browse/OOZIE-2972 > Project: Oozie > Issue Type: Bug > Components: security >Affects Versions: 4.3.0 >Reporter: Prabhu Joseph >Priority: Major > > When prepare-war with secure is called by some user by mistake on a Oozie > Server which is not configured with SSL causes inconsistent state. Oozie > Server runs fine but the oozie clients are failed with Authentication failure > status 302. Checking curl verbose, Oozie Server redirects client to https > port even though it is not listening. We need to validate the prepare-war > command when SSL is not configured instead of going to inconsistent state. > Repro: > {code} > Oozie Server without SSL > /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure > Start Oozie Server > curl -ikv -L --negotiate -u: > http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status > * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0) > * Trying 172.26.93.73... connected > * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0) > > GET /oozie/v1/admin/status HTTP/1.1 > > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 > > zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > > Host: prabhuzeppelin2.openstacklocal:11000 > > Accept: */* > > > < HTTP/1.1 302 Found > HTTP/1.1 302 Found > < Server: Apache-Coyote/1.1 > Server: Apache-Coyote/1.1 > < Pragma: No-cache > Pragma: No-cache > < Cache-Control: no-cache > Cache-Control: no-cache > < Expires: Thu, 01 Jan 1970 00:00:00 UTC > Expires: Thu, 01 Jan 1970 00:00:00 UTC > < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status > Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status > < Content-Length: 0 > Content-Length: 0 > < Date: Tue, 27 Jun 2017 11:05:45 GMT > Date: Tue, 27 Jun 2017 11:05:45 GMT > < > * Connection #0 to host prabhuzeppelin2.openstacklocal left intact > * Issue another request to this URL: > 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status' > * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1) > * Trying 172.26.93.73... Connection refused > * couldn't connect to host > * Closing connection #1 > curl: (7) couldn't connect to host > * Closing connection #0 > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL
[ https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818782#comment-16818782 ] Julia Kinga Marton commented on OOZIE-2972: --- [~dionusos], it needs to be checked with the actual master, because we still support war creation. > Server goes inconsistent when prepare war called with secure without SSL > > > Key: OOZIE-2972 > URL: https://issues.apache.org/jira/browse/OOZIE-2972 > Project: Oozie > Issue Type: Bug > Components: security >Affects Versions: 4.3.0 >Reporter: Prabhu Joseph >Priority: Major > > When prepare-war with secure is called by some user by mistake on a Oozie > Server which is not configured with SSL causes inconsistent state. Oozie > Server runs fine but the oozie clients are failed with Authentication failure > status 302. Checking curl verbose, Oozie Server redirects client to https > port even though it is not listening. We need to validate the prepare-war > command when SSL is not configured instead of going to inconsistent state. > Repro: > {code} > Oozie Server without SSL > /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure > Start Oozie Server > curl -ikv -L --negotiate -u: > http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status > * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0) > * Trying 172.26.93.73... connected > * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0) > > GET /oozie/v1/admin/status HTTP/1.1 > > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 > > zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > > Host: prabhuzeppelin2.openstacklocal:11000 > > Accept: */* > > > < HTTP/1.1 302 Found > HTTP/1.1 302 Found > < Server: Apache-Coyote/1.1 > Server: Apache-Coyote/1.1 > < Pragma: No-cache > Pragma: No-cache > < Cache-Control: no-cache > Cache-Control: no-cache > < Expires: Thu, 01 Jan 1970 00:00:00 UTC > Expires: Thu, 01 Jan 1970 00:00:00 UTC > < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status > Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status > < Content-Length: 0 > Content-Length: 0 > < Date: Tue, 27 Jun 2017 11:05:45 GMT > Date: Tue, 27 Jun 2017 11:05:45 GMT > < > * Connection #0 to host prabhuzeppelin2.openstacklocal left intact > * Issue another request to this URL: > 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status' > * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1) > * Trying 172.26.93.73... Connection refused > * couldn't connect to host > * Closing connection #1 > curl: (7) couldn't connect to host > * Closing connection #0 > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL
[ https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818771#comment-16818771 ] Denes Bodo commented on OOZIE-2972: --- [~asalamon74] Am I right that with eliminating Tomcat and using Jetty instead this situation is no more possible? Thanks > Server goes inconsistent when prepare war called with secure without SSL > > > Key: OOZIE-2972 > URL: https://issues.apache.org/jira/browse/OOZIE-2972 > Project: Oozie > Issue Type: Bug > Components: security >Affects Versions: 4.3.0 >Reporter: Prabhu Joseph >Priority: Major > > When prepare-war with secure is called by some user by mistake on a Oozie > Server which is not configured with SSL causes inconsistent state. Oozie > Server runs fine but the oozie clients are failed with Authentication failure > status 302. Checking curl verbose, Oozie Server redirects client to https > port even though it is not listening. We need to validate the prepare-war > command when SSL is not configured instead of going to inconsistent state. > Repro: > {code} > Oozie Server without SSL > /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure > Start Oozie Server > curl -ikv -L --negotiate -u: > http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status > * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0) > * Trying 172.26.93.73... connected > * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0) > > GET /oozie/v1/admin/status HTTP/1.1 > > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 > > zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > > Host: prabhuzeppelin2.openstacklocal:11000 > > Accept: */* > > > < HTTP/1.1 302 Found > HTTP/1.1 302 Found > < Server: Apache-Coyote/1.1 > Server: Apache-Coyote/1.1 > < Pragma: No-cache > Pragma: No-cache > < Cache-Control: no-cache > Cache-Control: no-cache > < Expires: Thu, 01 Jan 1970 00:00:00 UTC > Expires: Thu, 01 Jan 1970 00:00:00 UTC > < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status > Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status > < Content-Length: 0 > Content-Length: 0 > < Date: Tue, 27 Jun 2017 11:05:45 GMT > Date: Tue, 27 Jun 2017 11:05:45 GMT > < > * Connection #0 to host prabhuzeppelin2.openstacklocal left intact > * Issue another request to this URL: > 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status' > * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1) > * Trying 172.26.93.73... Connection refused > * couldn't connect to host > * Closing connection #1 > curl: (7) couldn't connect to host > * Closing connection #0 > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)