[jira] [Assigned] (AMBARI-19109) Ambari-server: Encrypt clear text passwords and store in DB and command files
[ https://issues.apache.org/jira/browse/AMBARI-19109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram reassigned AMBARI-19109: -- Assignee: Sumit Mohanty (was: Nahappan Somasundaram) > Ambari-server: Encrypt clear text passwords and store in DB and command files > - > > Key: AMBARI-19109 > URL: https://issues.apache.org/jira/browse/AMBARI-19109 > Project: Ambari > Issue Type: Improvement > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Sumit Mohanty > Fix For: 3.0.0 > > > * Properties that are passwords should be encrypted and base64 encoded and > stored in the database. > * Ambari agent should decrypt encrypted passwords coming from the server and > store it in the service's command file and configuration's JCEKS provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Assigned] (AMBARI-18650) Ambari should be able to manage passwords using a credential store
[ https://issues.apache.org/jira/browse/AMBARI-18650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram reassigned AMBARI-18650: -- Assignee: Sumit Mohanty (was: Nahappan Somasundaram) > Ambari should be able to manage passwords using a credential store > -- > > Key: AMBARI-18650 > URL: https://issues.apache.org/jira/browse/AMBARI-18650 > Project: Ambari > Issue Type: Improvement > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Sumit Mohanty > Fix For: 2.5.0 > > Attachments: AmbariSupportforCredentialStore.pdf > > > With Credential API many Hadoop components allow referring to password that > are encrypted and stored in a credential store. > Example: SSL Passwords for HBase, Oozie, etc > Ambari should support the use of hadoop credential store to manage such > passwords. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (AMBARI-19806) After setting up hadoop credential, cannot start Hive Metastore
[
https://issues.apache.org/jira/browse/AMBARI-19806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19806:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
Committed to branch-2.5 and trunk
> After setting up hadoop credential, cannot start Hive Metastore
> ---
>
> Key: AMBARI-19806
> URL: https://issues.apache.org/jira/browse/AMBARI-19806
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: AMBARI-19806_servlet_api.patch, rb56142.patch
>
>
> In HIVE, after javax.jdo.option.ConnectionPassword property and value is
> moved into a JCEKS file using hadoop credential store, hive-site.xml looks
> like this:
> {quote}
> hadoop.security.credential.provider.path
> jceks://file/usr/lib/hive/conf/hive.jceks
> {quote}
> instead of:
> {quote}
> javax.jdo.option.ConnectionPassword
> MyHiveConnectionPassword
> {quote}
> However, after the above change, HIVE fails to start. This is an Ambari
> deployed cluster.
> {quote}Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 259, in
> HiveMetastore().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 287, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 59, in start
> self.configure(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 73, in configure
> hive(name = 'metastore')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in thunk
> return fn(*args, **kwargs)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
> line 326, in hive
> create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ;
> "
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 95, in format
> return ConfigurationFormatter().format(format_string, args, **result)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 62, in format
> result_unprotected = self.vformat(format_string, args, all_params)
> File "/usr/lib64/python2.6/string.py", line 549, in vformat
> result = self._vformat(format_string, args, kwargs, used_args, 2)
> File "/usr/lib64/python2.6/string.py", line 575, in _vformat
> obj = self.convert_field(obj, conversion)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 70, in convert_field_unprotected
> return self._convert_field(value, conversion, False)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 85, in _convert_field
> return utils.PASSWORDS_HIDE_STRING if is_protected else
> self._convert_field(value, 'e', is_protected)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 81, in _convert_field
> return quote_bash_args(unicode(value))
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 73, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found in
> configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'javax.jdo.option.ConnectionPassword' was not found in configurations
> dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Assigned] (AMBARI-16030) Ambari operation history: Add ambari_operation_history table for record keeping history of ambari versions and operations
[
https://issues.apache.org/jira/browse/AMBARI-16030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram reassigned AMBARI-16030:
--
Assignee: Sumit Mohanty (was: Nahappan Somasundaram)
> Ambari operation history: Add ambari_operation_history table for record
> keeping history of ambari versions and operations
> -
>
> Key: AMBARI-16030
> URL: https://issues.apache.org/jira/browse/AMBARI-16030
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.4.0
>Reporter: Nahappan Somasundaram
>Assignee: Sumit Mohanty
> Fix For: 3.0.0
>
>
> When investigating upgrade issues, information about history about Ambari
> versions is missing. Also information about when the Ambari upgrades actually
> happened in the past is completely missing.
> Instead of relying on this information to be provided, Ambari should record
> Ambari upgrade history in Ambari DB.
> {noformat}
> ambari_version_history
> VersionDateNotes
> 2.2.2.0-102/09/2015 01:00:00Clean Install
> 2.2.3.0-203/10/2015 01:00:00Upgraded 2.2.2.0-1 ->
> 2.2.3.0-2
> 2.4.0.0-306/09/2015 01:00:00Upgraded 2.2.3.0-2 ->
> 2.4.0.0-3
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Assigned] (AMBARI-12811) Disable old APIs to manage baseurl values
[
https://issues.apache.org/jira/browse/AMBARI-12811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram reassigned AMBARI-12811:
--
Assignee: Sumit Mohanty (was: Nahappan Somasundaram)
> Disable old APIs to manage baseurl values
> -
>
> Key: AMBARI-12811
> URL: https://issues.apache.org/jira/browse/AMBARI-12811
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.1.1
>Reporter: Nahappan Somasundaram
>Assignee: Sumit Mohanty
>Priority: Critical
> Labels: ambari-server, newbie
> Fix For: 2.3.0
>
>
> Starting Ambari-2.0 and HDP-2.2, the baseurl for HDP/HDP-UTILS are being
> tracked in the repo_version table. However, the API to manage baseurls
> through metainfo are still working and it causes confusion for people who
> have been using these APIs.
> The following API should throw an error if HDP version is 2.2 or higher. Note
> that this is an error only if HDP version is 2.2. or higher and the property
> being modified is "base_url".
> {code}
> curl -u admin:admin -H "X-Requested-By: ambari" -X PUT -d
> '{"Repositories":{"base_url":"http://public-repo-1.hortonworks.com/HDP/centos6/2.x/GA/2.2.0.0","verify_base_url":true}}'
>
> http://localhost:8080/api/v1/stacks/HDP/versions/2.2/operating_systems/redhat6/repositories/HDP-2.2
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Assigned] (AMBARI-17069) Recovery Manager: Refactor desired state transitions into a state table
[ https://issues.apache.org/jira/browse/AMBARI-17069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram reassigned AMBARI-17069: -- Assignee: Sumit Mohanty (was: Nahappan Somasundaram) > Recovery Manager: Refactor desired state transitions into a state table > --- > > Key: AMBARI-17069 > URL: https://issues.apache.org/jira/browse/AMBARI-17069 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.4.0 >Reporter: Nahappan Somasundaram >Assignee: Sumit Mohanty > Fix For: 3.0.0 > > > The desired state transitions for various auto start types are computed using > a big if-else block which is difficult to maintain as we keep adding newer > features. Move the state transition to a state machine for easy lookup. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
[
https://issues.apache.org/jira/browse/AMBARI-19865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15852284#comment-15852284
]
Nahappan Somasundaram commented on AMBARI-19865:
Committed to branch-2.5 and trunk
> Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
> -
>
> Key: AMBARI-19865
> URL: https://issues.apache.org/jira/browse/AMBARI-19865
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb56281.patch
>
>
> CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This
> causes a failure during ambari-server logon:
> {code}
> 02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
> Error for /api/v1/clusters
> java.lang.NoSuchMethodError:
> javax.servlet.http.HttpServletResponse.getStatus()I
> at
> org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> {code}
> This happens because of classpath collision between multiple servlet api
> versions. The org.apache.hadoop:hadoop-common depends on an old version of
> servlet api (2.5).
> {code}
> [INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
> [INFO] | +- xmlenc:xmlenc:jar:0.52:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
> [INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
> [INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
> [INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
[
https://issues.apache.org/jira/browse/AMBARI-19865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19865:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
> -
>
> Key: AMBARI-19865
> URL: https://issues.apache.org/jira/browse/AMBARI-19865
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb56281.patch
>
>
> CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This
> causes a failure during ambari-server logon:
> {code}
> 02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
> Error for /api/v1/clusters
> java.lang.NoSuchMethodError:
> javax.servlet.http.HttpServletResponse.getStatus()I
> at
> org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> {code}
> This happens because of classpath collision between multiple servlet api
> versions. The org.apache.hadoop:hadoop-common depends on an old version of
> servlet api (2.5).
> {code}
> [INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
> [INFO] | +- xmlenc:xmlenc:jar:0.52:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
> [INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
> [INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
> [INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
[
https://issues.apache.org/jira/browse/AMBARI-19865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19865:
---
Status: Patch Available (was: Open)
> Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
> -
>
> Key: AMBARI-19865
> URL: https://issues.apache.org/jira/browse/AMBARI-19865
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Attachments: rb56281.patch
>
>
> CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This
> causes a failure during ambari-server logon:
> {code}
> 02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
> Error for /api/v1/clusters
> java.lang.NoSuchMethodError:
> javax.servlet.http.HttpServletResponse.getStatus()I
> at
> org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> {code}
> This happens because of classpath collision between multiple servlet api
> versions. The org.apache.hadoop:hadoop-common depends on an old version of
> servlet api (2.5).
> {code}
> [INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
> [INFO] | +- xmlenc:xmlenc:jar:0.52:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
> [INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
> [INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
> [INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
[
https://issues.apache.org/jira/browse/AMBARI-19865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19865:
---
Affects Version/s: 2.5.0
Fix Version/s: 2.5.0
Component/s: ambari-server
> Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
> -
>
> Key: AMBARI-19865
> URL: https://issues.apache.org/jira/browse/AMBARI-19865
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb56281.patch
>
>
> CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This
> causes a failure during ambari-server logon:
> {code}
> 02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
> Error for /api/v1/clusters
> java.lang.NoSuchMethodError:
> javax.servlet.http.HttpServletResponse.getStatus()I
> at
> org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> {code}
> This happens because of classpath collision between multiple servlet api
> versions. The org.apache.hadoop:hadoop-common depends on an old version of
> servlet api (2.5).
> {code}
> [INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
> [INFO] | +- xmlenc:xmlenc:jar:0.52:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
> [INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
> [INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
> [INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
[
https://issues.apache.org/jira/browse/AMBARI-19865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19865:
---
Attachment: rb56281.patch
> Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
> -
>
> Key: AMBARI-19865
> URL: https://issues.apache.org/jira/browse/AMBARI-19865
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb56281.patch
>
>
> CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This
> causes a failure during ambari-server logon:
> {code}
> 02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
> Error for /api/v1/clusters
> java.lang.NoSuchMethodError:
> javax.servlet.http.HttpServletResponse.getStatus()I
> at
> org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> {code}
> This happens because of classpath collision between multiple servlet api
> versions. The org.apache.hadoop:hadoop-common depends on an old version of
> servlet api (2.5).
> {code}
> [INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
> [INFO] | +- xmlenc:xmlenc:jar:0.52:compile
> [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
> [INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
> [INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
> [INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
> [INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
[
https://issues.apache.org/jira/browse/AMBARI-19865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19865:
---
Description:
CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This causes
a failure during ambari-server logon:
{code}
02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
Error for /api/v1/clusters
java.lang.NoSuchMethodError: javax.servlet.http.HttpServletResponse.getStatus()I
at
org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
{code}
This happens because of classpath collision between multiple servlet api
versions. The org.apache.hadoop:hadoop-common depends on an old version of
servlet api (2.5).
{code}
[INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
[INFO] | +- xmlenc:xmlenc:jar:0.52:compile
[INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
{code}
was:
{code}
02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
Error for /api/v1/clusters
java.lang.NoSuchMethodError: javax.servlet.http.HttpServletResponse.getStatus()I
at
org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
{code}
This happens because of classpath collision between multiple servlet api
versions. The org.apache.hadoop:hadoop-common depends on an old version of
servlet api (2.5).
{code}
[INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
[INFO] | +- xmlenc:xmlenc:jar:0.52:compile
[INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
{code}
> Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
> -
>
> Key: AMBARI-19865
> URL: https://issues.apache.org/jira/browse/AMBARI-19865
> Project: Ambari
> Issue Type: Bug
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>
> CredentialUtil uses hadoop-common which depends on servlet-api 2.5. This
> causes a failure during ambari-server logon:
> {code}
> 02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
> Error for /api/v1/clusters
> java.lang.NoSuchMethodError:
> javax.servlet.http.HttpServletResponse.getStatus()I
> at
> org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
[jira] [Created] (AMBARI-19865) Ambari-server logon failure: Hadoop-common dependency on servlet-api 2.5
Nahappan Somasundaram created AMBARI-19865:
--
Summary: Ambari-server logon failure: Hadoop-common dependency on
servlet-api 2.5
Key: AMBARI-19865
URL: https://issues.apache.org/jira/browse/AMBARI-19865
Project: Ambari
Issue Type: Bug
Reporter: Nahappan Somasundaram
Assignee: Nahappan Somasundaram
{code}
02 Feb 2017 13:15:57,992 WARN [ambari-client-thread-25] ServletHandler:592 -
Error for /api/v1/clusters
java.lang.NoSuchMethodError: javax.servlet.http.HttpServletResponse.getStatus()I
at
org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter.doFilter(AmbariAuthorizationFilter.java:277)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
{code}
This happens because of classpath collision between multiple servlet api
versions. The org.apache.hadoop:hadoop-common depends on an old version of
servlet api (2.5).
{code}
[INFO] +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
[INFO] | +- xmlenc:xmlenc:jar:0.52:compile
[INFO] | +- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO] | +- javax.servlet.jsp:jsp-api:jar:2.1:runtime
{code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Commented] (AMBARI-19806) After setting up hadoop credential, cannot start Hive Metastore
[
https://issues.apache.org/jira/browse/AMBARI-19806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15849097#comment-15849097
]
Nahappan Somasundaram commented on AMBARI-19806:
Committed to branch-2.5 and trunk.
> After setting up hadoop credential, cannot start Hive Metastore
> ---
>
> Key: AMBARI-19806
> URL: https://issues.apache.org/jira/browse/AMBARI-19806
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb56142.patch
>
>
> In HIVE, after javax.jdo.option.ConnectionPassword property and value is
> moved into a JCEKS file using hadoop credential store, hive-site.xml looks
> like this:
> {quote}
> hadoop.security.credential.provider.path
> jceks://file/usr/lib/hive/conf/hive.jceks
> {quote}
> instead of:
> {quote}
> javax.jdo.option.ConnectionPassword
> MyHiveConnectionPassword
> {quote}
> However, after the above change, HIVE fails to start. This is an Ambari
> deployed cluster.
> {quote}Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 259, in
> HiveMetastore().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 287, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 59, in start
> self.configure(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 73, in configure
> hive(name = 'metastore')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in thunk
> return fn(*args, **kwargs)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
> line 326, in hive
> create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ;
> "
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 95, in format
> return ConfigurationFormatter().format(format_string, args, **result)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 62, in format
> result_unprotected = self.vformat(format_string, args, all_params)
> File "/usr/lib64/python2.6/string.py", line 549, in vformat
> result = self._vformat(format_string, args, kwargs, used_args, 2)
> File "/usr/lib64/python2.6/string.py", line 575, in _vformat
> obj = self.convert_field(obj, conversion)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 70, in convert_field_unprotected
> return self._convert_field(value, conversion, False)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 85, in _convert_field
> return utils.PASSWORDS_HIDE_STRING if is_protected else
> self._convert_field(value, 'e', is_protected)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 81, in _convert_field
> return quote_bash_args(unicode(value))
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 73, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found in
> configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'javax.jdo.option.ConnectionPassword' was not found in configurations
> dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19806) After setting up hadoop credential, cannot start Hive Metastore
[
https://issues.apache.org/jira/browse/AMBARI-19806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19806:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
> After setting up hadoop credential, cannot start Hive Metastore
> ---
>
> Key: AMBARI-19806
> URL: https://issues.apache.org/jira/browse/AMBARI-19806
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb56142.patch
>
>
> In HIVE, after javax.jdo.option.ConnectionPassword property and value is
> moved into a JCEKS file using hadoop credential store, hive-site.xml looks
> like this:
> {quote}
> hadoop.security.credential.provider.path
> jceks://file/usr/lib/hive/conf/hive.jceks
> {quote}
> instead of:
> {quote}
> javax.jdo.option.ConnectionPassword
> MyHiveConnectionPassword
> {quote}
> However, after the above change, HIVE fails to start. This is an Ambari
> deployed cluster.
> {quote}Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 259, in
> HiveMetastore().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 287, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 59, in start
> self.configure(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 73, in configure
> hive(name = 'metastore')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in thunk
> return fn(*args, **kwargs)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
> line 326, in hive
> create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ;
> "
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 95, in format
> return ConfigurationFormatter().format(format_string, args, **result)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 62, in format
> result_unprotected = self.vformat(format_string, args, all_params)
> File "/usr/lib64/python2.6/string.py", line 549, in vformat
> result = self._vformat(format_string, args, kwargs, used_args, 2)
> File "/usr/lib64/python2.6/string.py", line 575, in _vformat
> obj = self.convert_field(obj, conversion)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 70, in convert_field_unprotected
> return self._convert_field(value, conversion, False)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 85, in _convert_field
> return utils.PASSWORDS_HIDE_STRING if is_protected else
> self._convert_field(value, 'e', is_protected)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 81, in _convert_field
> return quote_bash_args(unicode(value))
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 73, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found in
> configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'javax.jdo.option.ConnectionPassword' was not found in configurations
> dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19806) After setting up hadoop credential, cannot start Hive Metastore
[
https://issues.apache.org/jira/browse/AMBARI-19806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19806:
---
Status: Patch Available (was: Open)
> After setting up hadoop credential, cannot start Hive Metastore
> ---
>
> Key: AMBARI-19806
> URL: https://issues.apache.org/jira/browse/AMBARI-19806
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb56142.patch
>
>
> In HIVE, after javax.jdo.option.ConnectionPassword property and value is
> moved into a JCEKS file using hadoop credential store, hive-site.xml looks
> like this:
> {quote}
> hadoop.security.credential.provider.path
> jceks://file/usr/lib/hive/conf/hive.jceks
> {quote}
> instead of:
> {quote}
> javax.jdo.option.ConnectionPassword
> MyHiveConnectionPassword
> {quote}
> However, after the above change, HIVE fails to start. This is an Ambari
> deployed cluster.
> {quote}Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 259, in
> HiveMetastore().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 287, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 59, in start
> self.configure(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 73, in configure
> hive(name = 'metastore')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in thunk
> return fn(*args, **kwargs)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
> line 326, in hive
> create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ;
> "
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 95, in format
> return ConfigurationFormatter().format(format_string, args, **result)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 62, in format
> result_unprotected = self.vformat(format_string, args, all_params)
> File "/usr/lib64/python2.6/string.py", line 549, in vformat
> result = self._vformat(format_string, args, kwargs, used_args, 2)
> File "/usr/lib64/python2.6/string.py", line 575, in _vformat
> obj = self.convert_field(obj, conversion)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 70, in convert_field_unprotected
> return self._convert_field(value, conversion, False)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 85, in _convert_field
> return utils.PASSWORDS_HIDE_STRING if is_protected else
> self._convert_field(value, 'e', is_protected)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 81, in _convert_field
> return quote_bash_args(unicode(value))
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 73, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found in
> configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'javax.jdo.option.ConnectionPassword' was not found in configurations
> dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19806) After setting up hadoop credential, cannot start Hive Metastore
[
https://issues.apache.org/jira/browse/AMBARI-19806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19806:
---
Attachment: rb56142.patch
> After setting up hadoop credential, cannot start Hive Metastore
> ---
>
> Key: AMBARI-19806
> URL: https://issues.apache.org/jira/browse/AMBARI-19806
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb56142.patch
>
>
> In HIVE, after javax.jdo.option.ConnectionPassword property and value is
> moved into a JCEKS file using hadoop credential store, hive-site.xml looks
> like this:
> {quote}
> hadoop.security.credential.provider.path
> jceks://file/usr/lib/hive/conf/hive.jceks
> {quote}
> instead of:
> {quote}
> javax.jdo.option.ConnectionPassword
> MyHiveConnectionPassword
> {quote}
> However, after the above change, HIVE fails to start. This is an Ambari
> deployed cluster.
> {quote}Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 259, in
> HiveMetastore().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 287, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 59, in start
> self.configure(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 73, in configure
> hive(name = 'metastore')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in thunk
> return fn(*args, **kwargs)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
> line 326, in hive
> create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ;
> "
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 95, in format
> return ConfigurationFormatter().format(format_string, args, **result)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 62, in format
> result_unprotected = self.vformat(format_string, args, all_params)
> File "/usr/lib64/python2.6/string.py", line 549, in vformat
> result = self._vformat(format_string, args, kwargs, used_args, 2)
> File "/usr/lib64/python2.6/string.py", line 575, in _vformat
> obj = self.convert_field(obj, conversion)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 70, in convert_field_unprotected
> return self._convert_field(value, conversion, False)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 85, in _convert_field
> return utils.PASSWORDS_HIDE_STRING if is_protected else
> self._convert_field(value, 'e', is_protected)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 81, in _convert_field
> return quote_bash_args(unicode(value))
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 73, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found in
> configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'javax.jdo.option.ConnectionPassword' was not found in configurations
> dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19806) After setting up hadoop credential, cannot start Hive Metastore
[
https://issues.apache.org/jira/browse/AMBARI-19806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19806:
---
Summary: After setting up hadoop credential, cannot start Hive Metastore
(was: After setting up hadoop credential, can't start Hive Metastore)
> After setting up hadoop credential, cannot start Hive Metastore
> ---
>
> Key: AMBARI-19806
> URL: https://issues.apache.org/jira/browse/AMBARI-19806
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
>
> In HIVE, after javax.jdo.option.ConnectionPassword property and value is
> moved into a JCEKS file using hadoop credential store, hive-site.xml looks
> like this:
> {quote}
> hadoop.security.credential.provider.path
> jceks://file/usr/lib/hive/conf/hive.jceks
> {quote}
> instead of:
> {quote}
> javax.jdo.option.ConnectionPassword
> MyHiveConnectionPassword
> {quote}
> However, after the above change, HIVE fails to start. This is an Ambari
> deployed cluster.
> {quote}Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 259, in
> HiveMetastore().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 287, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 59, in start
> self.configure(env)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
> line 73, in configure
> hive(name = 'metastore')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in thunk
> return fn(*args, **kwargs)
> File
> "/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
> line 326, in hive
> create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ;
> "
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 95, in format
> return ConfigurationFormatter().format(format_string, args, **result)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 62, in format
> result_unprotected = self.vformat(format_string, args, all_params)
> File "/usr/lib64/python2.6/string.py", line 549, in vformat
> result = self._vformat(format_string, args, kwargs, used_args, 2)
> File "/usr/lib64/python2.6/string.py", line 575, in _vformat
> obj = self.convert_field(obj, conversion)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 70, in convert_field_unprotected
> return self._convert_field(value, conversion, False)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 85, in _convert_field
> return utils.PASSWORDS_HIDE_STRING if is_protected else
> self._convert_field(value, 'e', is_protected)
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
> line 81, in _convert_field
> return quote_bash_args(unicode(value))
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 73, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found in
> configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'javax.jdo.option.ConnectionPassword' was not found in configurations
> dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Created] (AMBARI-19806) After setting up hadoop credential, can't start Hive Metastore
Nahappan Somasundaram created AMBARI-19806:
--
Summary: After setting up hadoop credential, can't start Hive
Metastore
Key: AMBARI-19806
URL: https://issues.apache.org/jira/browse/AMBARI-19806
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.5.0
Reporter: Nahappan Somasundaram
Assignee: Nahappan Somasundaram
Priority: Critical
Fix For: 2.5.0
In HIVE, after javax.jdo.option.ConnectionPassword property and value is moved
into a JCEKS file using hadoop credential store, hive-site.xml looks like this:
{quote}
hadoop.security.credential.provider.path
jceks://file/usr/lib/hive/conf/hive.jceks
{quote}
instead of:
{quote}
javax.jdo.option.ConnectionPassword
MyHiveConnectionPassword
{quote}
However, after the above change, HIVE fails to start. This is an Ambari
deployed cluster.
{quote}Traceback (most recent call last):
File
"/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
line 259, in
HiveMetastore().execute()
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
line 287, in execute
method(env)
File
"/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
line 59, in start
self.configure(env)
File
"/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py",
line 73, in configure
hive(name = 'metastore')
File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
line 89, in thunk
return fn(*args, **kwargs)
File
"/var/lib/ambari-agent/cache/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py",
line 326, in hive
create_schema_cmd = format("export HIVE_CONF_DIR={hive_server_conf_dir} ; "
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
line 95, in format
return ConfigurationFormatter().format(format_string, args, **result)
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
line 62, in format
result_unprotected = self.vformat(format_string, args, all_params)
File "/usr/lib64/python2.6/string.py", line 549, in vformat
result = self._vformat(format_string, args, kwargs, used_args, 2)
File "/usr/lib64/python2.6/string.py", line 575, in _vformat
obj = self.convert_field(obj, conversion)
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
line 70, in convert_field_unprotected
return self._convert_field(value, conversion, False)
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
line 85, in _convert_field
return utils.PASSWORDS_HIDE_STRING if is_protected else
self._convert_field(value, 'e', is_protected)
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/format.py",
line 81, in _convert_field
return quote_bash_args(unicode(value))
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
line 73, in __getattr__
raise Fail("Configuration parameter '" + self.name + "' was not found in
configurations dictionary!")
resource_management.core.exceptions.Fail: Configuration parameter
'javax.jdo.option.ConnectionPassword' was not found in configurations
dictionary!{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Updated] (AMBARI-19751) Credential Store params should be in the command json for RESTART
[ https://issues.apache.org/jira/browse/AMBARI-19751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19751: --- Committed to branch-2.5 and trunk > Credential Store params should be in the command json for RESTART > - > > Key: AMBARI-19751 > URL: https://issues.apache.org/jira/browse/AMBARI-19751 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb56029.patch > > > Command json doesn't contain Credential Store related params > (credentialStoreEnabled, configuration_credentials) for RESTART operation. > Only AmbariManagementControllerimpl:createHostAction enters these parameters, > while for the RESTART operations > AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command > json, it should also take care of Credential Store related params. As there > are several other locations where the command json is created they may as > well need to be modified. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19751) Credential Store params should be in the command json for RESTART
[ https://issues.apache.org/jira/browse/AMBARI-19751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19751: --- Attachment: rb56029.patch > Credential Store params should be in the command json for RESTART > - > > Key: AMBARI-19751 > URL: https://issues.apache.org/jira/browse/AMBARI-19751 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb56029.patch > > > Command json doesn't contain Credential Store related params > (credentialStoreEnabled, configuration_credentials) for RESTART operation. > Only AmbariManagementControllerimpl:createHostAction enters these parameters, > while for the RESTART operations > AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command > json, it should also take care of Credential Store related params. As there > are several other locations where the command json is created they may as > well need to be modified. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19751) Credential Store params should be in the command json for RESTART
[ https://issues.apache.org/jira/browse/AMBARI-19751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19751: --- Status: Patch Available (was: Open) > Credential Store params should be in the command json for RESTART > - > > Key: AMBARI-19751 > URL: https://issues.apache.org/jira/browse/AMBARI-19751 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb56029.patch > > > Command json doesn't contain Credential Store related params > (credentialStoreEnabled, configuration_credentials) for RESTART operation. > Only AmbariManagementControllerimpl:createHostAction enters these parameters, > while for the RESTART operations > AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command > json, it should also take care of Credential Store related params. As there > are several other locations where the command json is created they may as > well need to be modified. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19751) Credential Store params should be in the command json for RESTART
[ https://issues.apache.org/jira/browse/AMBARI-19751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19751: --- Description: Command json doesn't contain Credential Store related params (credentialStoreEnabled, configuration_credentials) for RESTART operation. Only AmbariManagementControllerimpl:createHostAction enters these parameters, while for the RESTART operations AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command json, it should also take care of Credential Store related params. As there are several other locations where the command json is created they may as well need to be modified. > Credential Store params should be in the command json for RESTART > - > > Key: AMBARI-19751 > URL: https://issues.apache.org/jira/browse/AMBARI-19751 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > > Command json doesn't contain Credential Store related params > (credentialStoreEnabled, configuration_credentials) for RESTART operation. > Only AmbariManagementControllerimpl:createHostAction enters these parameters, > while for the RESTART operations > AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command > json, it should also take care of Credential Store related params. As there > are several other locations where the command json is created they may as > well need to be modified. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19751) Credential Store params should be in the command json for RESTART
[ https://issues.apache.org/jira/browse/AMBARI-19751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19751: --- Environment: (was: Command json doesn't contain Credential Store related params (credentialStoreEnabled, configuration_credentials) for RESTART operation. Only AmbariManagementControllerimpl:createHostAction enters these parameters, while for the RESTART operations AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command json, it should also take care of Credential Store related params. As there are several other locations where the command json is created they may as well need to be modified.) > Credential Store params should be in the command json for RESTART > - > > Key: AMBARI-19751 > URL: https://issues.apache.org/jira/browse/AMBARI-19751 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (AMBARI-19751) Credential Store params should be in the command json for RESTART
Nahappan Somasundaram created AMBARI-19751: -- Summary: Credential Store params should be in the command json for RESTART Key: AMBARI-19751 URL: https://issues.apache.org/jira/browse/AMBARI-19751 Project: Ambari Issue Type: Bug Components: ambari-server Affects Versions: 2.5.0 Environment: Command json doesn't contain Credential Store related params (credentialStoreEnabled, configuration_credentials) for RESTART operation. Only AmbariManagementControllerimpl:createHostAction enters these parameters, while for the RESTART operations AmbariCustomCommandExecutionHelper:addCustomCommandAction creates the command json, it should also take care of Credential Store related params. As there are several other locations where the command json is created they may as well need to be modified. Reporter: Nahappan Somasundaram Assignee: Nahappan Somasundaram Priority: Critical Fix For: 2.5.0 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19681) Credential Store should add hadoop credential provider path property to all affected configuration types
[
https://issues.apache.org/jira/browse/AMBARI-19681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19681:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
Committed to branch-2.5 and trunk
> Credential Store should add hadoop credential provider path property to all
> affected configuration types
>
>
> Key: AMBARI-19681
> URL: https://issues.apache.org/jira/browse/AMBARI-19681
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55853.patch
>
>
> CustomServiceOrchestrator.py function generateJceks adds the property
> 'hadoop.security.credential.provider.path' only to the last configuration
> type that requires it. The function iterates over the configtype_credentials
> dictionary, and at each iteration it updates the variable named config (line
> 272):
> {code}
> config = commandJson['configurations'][config_type]
> {code}
> After the iteration is over, and the provider_paths variable is set the
> function adds the provider paths to the dictionary with the key
> 'hadoop.security.credential.provider.path' (line 292)
> {code}
> config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
> {code}
> The problem is that at this point the variable config contains the latest
> config type that needs this property to be set up, while all of them should
> have it! So if both config_type_1, and config_type_2 have passwords
> properties present in configtype_credentials, only config_type_2 will have
> the dictionary entry set for the key
> 'hadoop.security.credential.provider.path', and it will contain a reference
> to both of their jceks files!
> Another issue is that there is no reason to collect the provider paths to an
> array, each config_type should have a reference only to it's own provider.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19681) Credential Store should add hadoop credential provider path property to all affected configuration types
[
https://issues.apache.org/jira/browse/AMBARI-19681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19681:
---
Attachment: (was: BUG-72951.patch)
> Credential Store should add hadoop credential provider path property to all
> affected configuration types
>
>
> Key: AMBARI-19681
> URL: https://issues.apache.org/jira/browse/AMBARI-19681
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55853.patch
>
>
> CustomServiceOrchestrator.py function generateJceks adds the property
> 'hadoop.security.credential.provider.path' only to the last configuration
> type that requires it. The function iterates over the configtype_credentials
> dictionary, and at each iteration it updates the variable named config (line
> 272):
> {code}
> config = commandJson['configurations'][config_type]
> {code}
> After the iteration is over, and the provider_paths variable is set the
> function adds the provider paths to the dictionary with the key
> 'hadoop.security.credential.provider.path' (line 292)
> {code}
> config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
> {code}
> The problem is that at this point the variable config contains the latest
> config type that needs this property to be set up, while all of them should
> have it! So if both config_type_1, and config_type_2 have passwords
> properties present in configtype_credentials, only config_type_2 will have
> the dictionary entry set for the key
> 'hadoop.security.credential.provider.path', and it will contain a reference
> to both of their jceks files!
> Another issue is that there is no reason to collect the provider paths to an
> array, each config_type should have a reference only to it's own provider.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19681) Credential Store should add hadoop credential provider path property to all affected configuration types
[
https://issues.apache.org/jira/browse/AMBARI-19681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19681:
---
Attachment: rb55853.patch
> Credential Store should add hadoop credential provider path property to all
> affected configuration types
>
>
> Key: AMBARI-19681
> URL: https://issues.apache.org/jira/browse/AMBARI-19681
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: BUG-72951.patch, rb55853.patch
>
>
> CustomServiceOrchestrator.py function generateJceks adds the property
> 'hadoop.security.credential.provider.path' only to the last configuration
> type that requires it. The function iterates over the configtype_credentials
> dictionary, and at each iteration it updates the variable named config (line
> 272):
> {code}
> config = commandJson['configurations'][config_type]
> {code}
> After the iteration is over, and the provider_paths variable is set the
> function adds the provider paths to the dictionary with the key
> 'hadoop.security.credential.provider.path' (line 292)
> {code}
> config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
> {code}
> The problem is that at this point the variable config contains the latest
> config type that needs this property to be set up, while all of them should
> have it! So if both config_type_1, and config_type_2 have passwords
> properties present in configtype_credentials, only config_type_2 will have
> the dictionary entry set for the key
> 'hadoop.security.credential.provider.path', and it will contain a reference
> to both of their jceks files!
> Another issue is that there is no reason to collect the provider paths to an
> array, each config_type should have a reference only to it's own provider.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19681) Credential Store should add hadoop credential provider path property to all affected configuration types
[
https://issues.apache.org/jira/browse/AMBARI-19681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19681:
---
Status: Patch Available (was: Open)
> Credential Store should add hadoop credential provider path property to all
> affected configuration types
>
>
> Key: AMBARI-19681
> URL: https://issues.apache.org/jira/browse/AMBARI-19681
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55853.patch
>
>
> CustomServiceOrchestrator.py function generateJceks adds the property
> 'hadoop.security.credential.provider.path' only to the last configuration
> type that requires it. The function iterates over the configtype_credentials
> dictionary, and at each iteration it updates the variable named config (line
> 272):
> {code}
> config = commandJson['configurations'][config_type]
> {code}
> After the iteration is over, and the provider_paths variable is set the
> function adds the provider paths to the dictionary with the key
> 'hadoop.security.credential.provider.path' (line 292)
> {code}
> config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
> {code}
> The problem is that at this point the variable config contains the latest
> config type that needs this property to be set up, while all of them should
> have it! So if both config_type_1, and config_type_2 have passwords
> properties present in configtype_credentials, only config_type_2 will have
> the dictionary entry set for the key
> 'hadoop.security.credential.provider.path', and it will contain a reference
> to both of their jceks files!
> Another issue is that there is no reason to collect the provider paths to an
> array, each config_type should have a reference only to it's own provider.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19681) Credential Store should add hadoop credential provider path property to all affected configuration types
[
https://issues.apache.org/jira/browse/AMBARI-19681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19681:
---
Status: Open (was: Patch Available)
> Credential Store should add hadoop credential provider path property to all
> affected configuration types
>
>
> Key: AMBARI-19681
> URL: https://issues.apache.org/jira/browse/AMBARI-19681
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55853.patch
>
>
> CustomServiceOrchestrator.py function generateJceks adds the property
> 'hadoop.security.credential.provider.path' only to the last configuration
> type that requires it. The function iterates over the configtype_credentials
> dictionary, and at each iteration it updates the variable named config (line
> 272):
> {code}
> config = commandJson['configurations'][config_type]
> {code}
> After the iteration is over, and the provider_paths variable is set the
> function adds the provider paths to the dictionary with the key
> 'hadoop.security.credential.provider.path' (line 292)
> {code}
> config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
> {code}
> The problem is that at this point the variable config contains the latest
> config type that needs this property to be set up, while all of them should
> have it! So if both config_type_1, and config_type_2 have passwords
> properties present in configtype_credentials, only config_type_2 will have
> the dictionary entry set for the key
> 'hadoop.security.credential.provider.path', and it will contain a reference
> to both of their jceks files!
> Another issue is that there is no reason to collect the provider paths to an
> array, each config_type should have a reference only to it's own provider.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Resolved] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram resolved AMBARI-19427.
Resolution: Fixed
equals(), hashCode() and toString() will be tracked by a separate bug.
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55348.patch
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15830437#comment-15830437
]
Nahappan Somasundaram commented on AMBARI-19427:
This can be addressed as a separate issue.
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55348.patch
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-18687) Ambari-agent: CLI utility to support storing passwords using hadoop credential store
[ https://issues.apache.org/jira/browse/AMBARI-18687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-18687: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Ambari-agent: CLI utility to support storing passwords using hadoop > credential store > > > Key: AMBARI-18687 > URL: https://issues.apache.org/jira/browse/AMBARI-18687 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Affects Versions: 2.4.2 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb53158.patch > > > Some components support the use of Hadoop Credential Store API to read > passwords from a JCEKS provider. If this is enabled, ambari agent must be > able to use the JCEKS provider to store passwords. > This requires writing a command line wrapper utility over the Hadoop > Credential Provider API in Java on the ambari agent side. Whenever a > non-status command is received, ambari agent will use this utility to create > the JCEKS provider for each configuration with the passwords in them. > After that, the configuration XML files will be generated using the path to > their respective JCEKS provider path. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Status: Patch Available (was: Reopened) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Attachment: (was: rb55538.patch) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Attachment: rb55538.patch > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15826623#comment-15826623 ] Nahappan Somasundaram commented on AMBARI-19545: [~adoroszlai] Reverted the fix. > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Status: Patch Available (was: Open) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Status: Open (was: Patch Available) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Attachment: (was: rb55538.patch) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Attachment: rb55538.patch > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Status: Patch Available (was: Open) > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
[ https://issues.apache.org/jira/browse/AMBARI-19545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19545: --- Attachment: rb55538.patch > Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired > location > -- > > Key: AMBARI-19545 > URL: https://issues.apache.org/jira/browse/AMBARI-19545 > Project: Ambari > Issue Type: Bug > Components: ambari-agent >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram >Priority: Critical > Fix For: 2.5.0 > > Attachments: rb55538.patch > > > Ambari agent generates the JCEKS provider files as > /var/lib/ambari-agent/cred/conf//.jceks. > OOZIE and HIVE scripts should specify a location of their choice and set the > desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (AMBARI-19545) Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
Nahappan Somasundaram created AMBARI-19545: -- Summary: Ambari-agent: In HIVE and OOZIE stack scripts, copy JCEKS file to desired location Key: AMBARI-19545 URL: https://issues.apache.org/jira/browse/AMBARI-19545 Project: Ambari Issue Type: Bug Components: ambari-agent Affects Versions: 2.5.0 Reporter: Nahappan Somasundaram Assignee: Nahappan Somasundaram Priority: Critical Fix For: 2.5.0 Ambari agent generates the JCEKS provider files as /var/lib/ambari-agent/cred/conf//.jceks. OOZIE and HIVE scripts should specify a location of their choice and set the desired ACLs, instead of using the default location. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19525) Unit Test failure during schema verification of configuration files
[
https://issues.apache.org/jira/browse/AMBARI-19525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19525:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Unit Test failure during schema verification of configuration files
> ---
>
> Key: AMBARI-19525
> URL: https://issues.apache.org/jira/browse/AMBARI-19525
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb55502.patch
>
>
> {code}
> validatePropertySchemaOfServiceXMLs(org.apache.ambari.server.state.ServicePropertiesTest)
> Time elapsed: 2.622 sec <<< ERROR!
> org.apache.ambari.server.AmbariException: File
> /home/jenkins/jenkins-slave/workspace/Ambari-trunk-Commit/ambari-server/target/test-classes/TestAmbaryServer.samples/../../../src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml
> didn't pass the validation. Error message is : cvc-complex-type.2.4.a:
> Invalid content was found starting with element 'keystore'. One of '{maximum,
> minimum, unit, delete, visible, empty-value-valid, ui-only-property,
> read-only, editable-only-at-install, show-property-name, increment-step,
> entries, hidden, entries_editable, selection-cardinality, property-file-name,
> property-file-type}' is expected.
> at
> org.apache.ambari.server.state.ServicePropertiesTest.validatePropertySchemaOfServiceXMLs(ServicePropertiesTest.java:49)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19525) Unit Test failure during schema verification of configuration files
[
https://issues.apache.org/jira/browse/AMBARI-19525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19525:
---
Attachment: rb55502.patch
> Unit Test failure during schema verification of configuration files
> ---
>
> Key: AMBARI-19525
> URL: https://issues.apache.org/jira/browse/AMBARI-19525
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb55502.patch
>
>
> {code}
> validatePropertySchemaOfServiceXMLs(org.apache.ambari.server.state.ServicePropertiesTest)
> Time elapsed: 2.622 sec <<< ERROR!
> org.apache.ambari.server.AmbariException: File
> /home/jenkins/jenkins-slave/workspace/Ambari-trunk-Commit/ambari-server/target/test-classes/TestAmbaryServer.samples/../../../src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml
> didn't pass the validation. Error message is : cvc-complex-type.2.4.a:
> Invalid content was found starting with element 'keystore'. One of '{maximum,
> minimum, unit, delete, visible, empty-value-valid, ui-only-property,
> read-only, editable-only-at-install, show-property-name, increment-step,
> entries, hidden, entries_editable, selection-cardinality, property-file-name,
> property-file-type}' is expected.
> at
> org.apache.ambari.server.state.ServicePropertiesTest.validatePropertySchemaOfServiceXMLs(ServicePropertiesTest.java:49)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19525) Unit Test failure during schema verification of configuration files
[
https://issues.apache.org/jira/browse/AMBARI-19525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19525:
---
Status: Patch Available (was: Open)
> Unit Test failure during schema verification of configuration files
> ---
>
> Key: AMBARI-19525
> URL: https://issues.apache.org/jira/browse/AMBARI-19525
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
>Priority: Critical
> Fix For: 2.5.0
>
> Attachments: rb55502.patch
>
>
> {code}
> validatePropertySchemaOfServiceXMLs(org.apache.ambari.server.state.ServicePropertiesTest)
> Time elapsed: 2.622 sec <<< ERROR!
> org.apache.ambari.server.AmbariException: File
> /home/jenkins/jenkins-slave/workspace/Ambari-trunk-Commit/ambari-server/target/test-classes/TestAmbaryServer.samples/../../../src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml
> didn't pass the validation. Error message is : cvc-complex-type.2.4.a:
> Invalid content was found starting with element 'keystore'. One of '{maximum,
> minimum, unit, delete, visible, empty-value-valid, ui-only-property,
> read-only, editable-only-at-install, show-property-name, increment-step,
> entries, hidden, entries_editable, selection-cardinality, property-file-name,
> property-file-type}' is expected.
> at
> org.apache.ambari.server.state.ServicePropertiesTest.validatePropertySchemaOfServiceXMLs(ServicePropertiesTest.java:49)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (AMBARI-19525) Unit Test failure during schema verification of configuration files
Nahappan Somasundaram created AMBARI-19525:
--
Summary: Unit Test failure during schema verification of
configuration files
Key: AMBARI-19525
URL: https://issues.apache.org/jira/browse/AMBARI-19525
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.5.0
Reporter: Nahappan Somasundaram
Assignee: Nahappan Somasundaram
Priority: Critical
Fix For: 2.5.0
{code}
validatePropertySchemaOfServiceXMLs(org.apache.ambari.server.state.ServicePropertiesTest)
Time elapsed: 2.622 sec <<< ERROR!
org.apache.ambari.server.AmbariException: File
/home/jenkins/jenkins-slave/workspace/Ambari-trunk-Commit/ambari-server/target/test-classes/TestAmbaryServer.samples/../../../src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml
didn't pass the validation. Error message is : cvc-complex-type.2.4.a: Invalid
content was found starting with element 'keystore'. One of '{maximum, minimum,
unit, delete, visible, empty-value-valid, ui-only-property, read-only,
editable-only-at-install, show-property-name, increment-step, entries, hidden,
entries_editable, selection-cardinality, property-file-name,
property-file-type}' is expected.
at
org.apache.ambari.server.state.ServicePropertiesTest.validatePropertySchemaOfServiceXMLs(ServicePropertiesTest.java:49)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19471) Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties that need to be stored in a JCEKS provider
[
https://issues.apache.org/jira/browse/AMBARI-19471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19471:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties
> that need to be stored in a JCEKS provider
>
>
> Key: AMBARI-19471
> URL: https://issues.apache.org/jira/browse/AMBARI-19471
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55432.patch
>
>
> In OOZIE and HIVE configs, annotate PASSWORD properties with *keystore*
> attribute to indicate that the value of the property has to be stored in a
> JCEKS file when credential store is enabled.
> {quote}
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
>*true*
>
>
> {quote}
> {quote}
> javax.jdo.option.ConnectionPassword
>
> PASSWORD
> Database Password
> password to use against metastore database
>
> password
> false
> HIVE_CLIENT,WEBHCAT_SERVER,HCAT,CONFIG_DOWNLOAD
> *true*
>
>
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19471) Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties that need to be stored in a JCEKS provider
[
https://issues.apache.org/jira/browse/AMBARI-19471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19471:
---
Attachment: rb55432.patch
> Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties
> that need to be stored in a JCEKS provider
>
>
> Key: AMBARI-19471
> URL: https://issues.apache.org/jira/browse/AMBARI-19471
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55432.patch
>
>
> In OOZIE and HIVE configs, annotate PASSWORD properties with *keystore*
> attribute to indicate that the value of the property has to be stored in a
> JCEKS file when credential store is enabled.
> {quote}
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
>*true*
>
>
> {quote}
> {quote}
> javax.jdo.option.ConnectionPassword
>
> PASSWORD
> Database Password
> password to use against metastore database
>
> password
> false
> HIVE_CLIENT,WEBHCAT_SERVER,HCAT,CONFIG_DOWNLOAD
> *true*
>
>
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19471) Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties that need to be stored in a JCEKS provider
[
https://issues.apache.org/jira/browse/AMBARI-19471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19471:
---
Status: Patch Available (was: Open)
> Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties
> that need to be stored in a JCEKS provider
>
>
> Key: AMBARI-19471
> URL: https://issues.apache.org/jira/browse/AMBARI-19471
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55432.patch
>
>
> In OOZIE and HIVE configs, annotate PASSWORD properties with *keystore*
> attribute to indicate that the value of the property has to be stored in a
> JCEKS file when credential store is enabled.
> {quote}
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
>*true*
>
>
> {quote}
> {quote}
> javax.jdo.option.ConnectionPassword
>
> PASSWORD
> Database Password
> password to use against metastore database
>
> password
> false
> HIVE_CLIENT,WEBHCAT_SERVER,HCAT,CONFIG_DOWNLOAD
> *true*
>
>
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (AMBARI-19471) Ambari-server: In HIVE and OOZIE configurations, annotate PASSWORD properties that need to be stored in a JCEKS provider
Nahappan Somasundaram created AMBARI-19471:
--
Summary: Ambari-server: In HIVE and OOZIE configurations, annotate
PASSWORD properties that need to be stored in a JCEKS provider
Key: AMBARI-19471
URL: https://issues.apache.org/jira/browse/AMBARI-19471
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.5.0
Reporter: Nahappan Somasundaram
Assignee: Nahappan Somasundaram
Fix For: 2.5.0
In OOZIE and HIVE configs, annotate PASSWORD properties with *keystore*
attribute to indicate that the value of the property has to be stored in a
JCEKS file when credential store is enabled.
{quote}
oozie.service.JPAService.jdbc.password
Database Password
PASSWORD
DB user password.
IMPORTANT: if password is emtpy leave a 1 space string, the service trims
the value,
if empty Configuration assumes it is NULL.
password
false
*true*
{quote}
{quote}
javax.jdo.option.ConnectionPassword
PASSWORD
Database Password
password to use against metastore database
password
false
HIVE_CLIENT,WEBHCAT_SERVER,HCAT,CONFIG_DOWNLOAD
*true*
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19427:
---
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55348.patch
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19427:
---
Status: Patch Available (was: Open)
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55348.patch
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19427:
---
Attachment: rb55348.patch
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
> Attachments: rb55348.patch
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19427:
---
Fix Version/s: 2.5.0
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19427:
---
Component/s: ambari-server
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
Nahappan Somasundaram created AMBARI-19427:
--
Summary: Ambari-server: Annotate PASSWORD properties with an
attribute to indicate that they are credential store aware properties
Key: AMBARI-19427
URL: https://issues.apache.org/jira/browse/AMBARI-19427
Project: Ambari
Issue Type: Task
Reporter: Nahappan Somasundaram
Assignee: Nahappan Somasundaram
In service configuration files, password properties are of type PASSWORD. When
credential store usage is enabled for the feature, all such properties will be
encrypted and placed in the configuration's JCEKS provider and will not be
available in plain text in the command JSON.
However, there are situations where certain password properties should not be
moved into the configuration's JCEKS provider but left as plain text in the
command JSON for clients which are not credential store aware to consume.
To take of this, password properties that are to be moved to JCEKS provider
should be annotated with a new attribute, "keystore" to explicitly indicate
that these properties are credential store aware.
{code}
oozie.service.JPAService.jdbc.password
Database Password
PASSWORD
DB user password.
IMPORTANT: if password is emtpy leave a 1 space string, the service trims
the value,
if empty Configuration assumes it is NULL.
password
false
*true*
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
[
https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nahappan Somasundaram updated AMBARI-19427:
---
Affects Version/s: 2.5.0
> Ambari-server: Annotate PASSWORD properties with an attribute to indicate
> that they are credential store aware properties
> -
>
> Key: AMBARI-19427
> URL: https://issues.apache.org/jira/browse/AMBARI-19427
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Nahappan Somasundaram
>Assignee: Nahappan Somasundaram
> Fix For: 2.5.0
>
>
> In service configuration files, password properties are of type PASSWORD.
> When credential store usage is enabled for the feature, all such properties
> will be encrypted and placed in the configuration's JCEKS provider and will
> not be available in plain text in the command JSON.
> However, there are situations where certain password properties should not be
> moved into the configuration's JCEKS provider but left as plain text in the
> command JSON for clients which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider
> should be annotated with a new attribute, "keystore" to explicitly indicate
> that these properties are credential store aware.
> {code}
>
> oozie.service.JPAService.jdbc.password
>
> Database Password
> PASSWORD
>
> DB user password.
> IMPORTANT: if password is emtpy leave a 1 space string, the service
> trims the value,
> if empty Configuration assumes it is NULL.
>
>
> password
> false
> *true*
>
>
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (AMBARI-19077) Ambari-server: Gather dependent configuration types and password properties for a service component
[ https://issues.apache.org/jira/browse/AMBARI-19077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19077: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Ambari-server: Gather dependent configuration types and password properties > for a service component > --- > > Key: AMBARI-19077 > URL: https://issues.apache.org/jira/browse/AMBARI-19077 > Project: Ambari > Issue Type: Task > Components: ambari-agent, ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54357.patch > > > In the command JSON, we need the list of configurations and the corresponding > password properties on which a service component is dependent upon. This will > help ambari agent create the JCEKS provider files for just those affected > configuration types instead of for all configuration types that contain > password properties. > We also need to provide the password properties and the properties that use > it. This will ensure that we are able to correctly map the value provided by > the user property to the value provided by the password property. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19077) Ambari-server: Gather dependent configuration types and password properties for a service component
[ https://issues.apache.org/jira/browse/AMBARI-19077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19077: --- Status: Patch Available (was: Open) > Ambari-server: Gather dependent configuration types and password properties > for a service component > --- > > Key: AMBARI-19077 > URL: https://issues.apache.org/jira/browse/AMBARI-19077 > Project: Ambari > Issue Type: Task > Components: ambari-agent, ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54357.patch > > > In the command JSON, we need the list of configurations and the corresponding > password properties on which a service component is dependent upon. This will > help ambari agent create the JCEKS provider files for just those affected > configuration types instead of for all configuration types that contain > password properties. > We also need to provide the password properties and the properties that use > it. This will ensure that we are able to correctly map the value provided by > the user property to the value provided by the password property. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19077) Ambari-server: Gather dependent configuration types and password properties for a service component
[ https://issues.apache.org/jira/browse/AMBARI-19077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19077: --- Attachment: rb54357.patch > Ambari-server: Gather dependent configuration types and password properties > for a service component > --- > > Key: AMBARI-19077 > URL: https://issues.apache.org/jira/browse/AMBARI-19077 > Project: Ambari > Issue Type: Task > Components: ambari-agent, ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54357.patch > > > In the command JSON, we need the list of configurations and the corresponding > password properties on which a service component is dependent upon. This will > help ambari agent create the JCEKS provider files for just those affected > configuration types instead of for all configuration types that contain > password properties. > We also need to provide the password properties and the properties that use > it. This will ensure that we are able to correctly map the value provided by > the user property to the value provided by the password property. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (AMBARI-19109) Ambari-server: Encrypt clear text passwords and store in DB and command files
Nahappan Somasundaram created AMBARI-19109: -- Summary: Ambari-server: Encrypt clear text passwords and store in DB and command files Key: AMBARI-19109 URL: https://issues.apache.org/jira/browse/AMBARI-19109 Project: Ambari Issue Type: Bug Components: ambari-server Affects Versions: 2.5.0 Reporter: Nahappan Somasundaram Assignee: Nahappan Somasundaram Fix For: 3.0.0 * Properties that are passwords should be encrypted and base64 encoded and stored in the database. * Ambari agent should decrypt encrypted passwords coming from the server and store it in the service's command file and configuration's JCEKS provider. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (AMBARI-19077) Ambari-server: Gather dependent configuration types and password properties for a service component
Nahappan Somasundaram created AMBARI-19077: -- Summary: Ambari-server: Gather dependent configuration types and password properties for a service component Key: AMBARI-19077 URL: https://issues.apache.org/jira/browse/AMBARI-19077 Project: Ambari Issue Type: Task Components: ambari-agent, ambari-server Affects Versions: 2.5.0 Reporter: Nahappan Somasundaram Assignee: Nahappan Somasundaram Fix For: 2.5.0 In the command JSON, we need the list of configurations and the corresponding password properties on which a service component is dependent upon. This will help ambari agent create the JCEKS provider files for just those affected configuration types instead of for all configuration types that contain password properties. We also need to provide the password properties and the properties that use it. This will ensure that we are able to correctly map the value provided by the user property to the value provided by the password property. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Open) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Open (was: Patch Available) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: (was: rb53747.patch) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Reopened) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: (was: rb53747.patch) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: (was: rb53747.patch) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Open) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Open (was: Patch Available) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19042) Ambari-server: OOZIE stack definition changes required to support credential store
[ https://issues.apache.org/jira/browse/AMBARI-19042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19042: --- Status: Patch Available (was: Open) > Ambari-server: OOZIE stack definition changes required to support credential > store > -- > > Key: AMBARI-19042 > URL: https://issues.apache.org/jira/browse/AMBARI-19042 > Project: Ambari > Issue Type: Task > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54239.patch > > > OOZIE protects JDBC passwords using credential store provider API. Stack > definition changes are required for HDP 2.5 and 2.6 to support this. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19042) Ambari-server: OOZIE stack definition changes required to support credential store
[ https://issues.apache.org/jira/browse/AMBARI-19042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19042: --- Attachment: rb54239.patch > Ambari-server: OOZIE stack definition changes required to support credential > store > -- > > Key: AMBARI-19042 > URL: https://issues.apache.org/jira/browse/AMBARI-19042 > Project: Ambari > Issue Type: Task > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54239.patch > > > OOZIE protects JDBC passwords using credential store provider API. Stack > definition changes are required for HDP 2.5 and 2.6 to support this. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (AMBARI-19042) Ambari-server: OOZIE stack definition changes required to support credential store
Nahappan Somasundaram created AMBARI-19042: -- Summary: Ambari-server: OOZIE stack definition changes required to support credential store Key: AMBARI-19042 URL: https://issues.apache.org/jira/browse/AMBARI-19042 Project: Ambari Issue Type: Task Components: ambari-server Affects Versions: 2.5.0 Reporter: Nahappan Somasundaram Assignee: Nahappan Somasundaram Fix For: 2.5.0 OOZIE protects JDBC passwords using credential store provider API. Stack definition changes are required for HDP 2.5 and 2.6 to support this. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Open) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: (was: rb53747.patch) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19022) Ambari-server: Remove credential store from KNOX stack definition since it does not support credential store
[ https://issues.apache.org/jira/browse/AMBARI-19022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19022: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Ambari-server: Remove credential store from KNOX stack definition since it > does not support credential store > > > Key: AMBARI-19022 > URL: https://issues.apache.org/jira/browse/AMBARI-19022 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54186.patch > > > Remove *credential-store* information from HDP-2.5 stack definition for KNOX > since it does not support credential store. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Open) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: (was: rb53747.patch) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Open (was: Patch Available) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Open) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Open (was: Patch Available) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: (was: rb53747.patch) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19022) Ambari-server: Remove credential store from KNOX stack definition since it does not support credential store
[ https://issues.apache.org/jira/browse/AMBARI-19022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19022: --- Status: Patch Available (was: Open) > Ambari-server: Remove credential store from KNOX stack definition since it > does not support credential store > > > Key: AMBARI-19022 > URL: https://issues.apache.org/jira/browse/AMBARI-19022 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54186.patch > > > Remove *credential-store* information from HDP-2.5 stack definition for KNOX > since it does not support credential store. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-19022) Ambari-server: Remove credential store from KNOX stack definition since it does not support credential store
[ https://issues.apache.org/jira/browse/AMBARI-19022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-19022: --- Attachment: rb54186.patch > Ambari-server: Remove credential store from KNOX stack definition since it > does not support credential store > > > Key: AMBARI-19022 > URL: https://issues.apache.org/jira/browse/AMBARI-19022 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb54186.patch > > > Remove *credential-store* information from HDP-2.5 stack definition for KNOX > since it does not support credential store. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (AMBARI-19022) Ambari-server: Remove credential store from KNOX stack definition since it does not support credential store
Nahappan Somasundaram created AMBARI-19022: -- Summary: Ambari-server: Remove credential store from KNOX stack definition since it does not support credential store Key: AMBARI-19022 URL: https://issues.apache.org/jira/browse/AMBARI-19022 Project: Ambari Issue Type: Bug Components: ambari-server Affects Versions: 2.5.0 Reporter: Nahappan Somasundaram Assignee: Nahappan Somasundaram Fix For: 2.5.0 Remove *credential-store* information from HDP-2.5 stack definition for KNOX since it does not support credential store. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Status: Patch Available (was: Open) > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMBARI-18888) Ambari-agent: Create configuration files with JCEKS information
[ https://issues.apache.org/jira/browse/AMBARI-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram updated AMBARI-1: --- Attachment: rb53747.patch > Ambari-agent: Create configuration files with JCEKS information > --- > > Key: AMBARI-1 > URL: https://issues.apache.org/jira/browse/AMBARI-1 > Project: Ambari > Issue Type: Task > Components: ambari-agent >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Attachments: rb53747.patch > > > When a non-status command is received, a command.json file is generated. This > file contains the passwords used in a configuration. When the command is then > executed, ambari agent spawns off a subprocess to execute component-specific > Python scripts to generate the configuration files using the data from the > command.json file. > To avoid storing clear text passwords in command.json file and configuration > files, ambari-agent will first generate the JCEKS files corresponding to the > configuration information in the command JSON blob coming from the server and > then generate the command.json with the path to the JCEKS store instead of > clear text passwords for *password* properties. > Subsequently when executing a command, ambari-agent will generate the > configuration files with the JCEKS path information from command.json. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (AMBARI-18927) Unit test failure: ServiceComponentHostTest
[ https://issues.apache.org/jira/browse/AMBARI-18927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nahappan Somasundaram resolved AMBARI-18927. Resolution: Duplicate > Unit test failure: ServiceComponentHostTest > --- > > Key: AMBARI-18927 > URL: https://issues.apache.org/jira/browse/AMBARI-18927 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb53868.patch > > > *mvn test -DskipPythonTests -Dtest=ServiceComponentHostTest* > --- > T E S T S > --- > Picked up _JAVA_OPTIONS: -Xmx2048m -XX:MaxPermSize=512m > -Djava.awt.headless=true > Running org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest > Tests run: 13, Failures: 1, Errors: 0, Skipped: 2, Time elapsed: 29.64 sec > <<< FAILURE! - in > org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest > testStaleConfigs(org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest) > Time elapsed: 1.879 sec <<< FAILURE! > java.lang.AssertionError > at > org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest.testStaleConfigs(ServiceComponentHostTest.java:858) > Results : > Failed tests: > ServiceComponentHostTest.testStaleConfigs:858 null > Tests run: 13, Failures: 1, Errors: 0, Skipped: 2 > [INFO] > > [INFO] BUILD FAILURE > [INFO] > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (AMBARI-18927) Unit test failure: ServiceComponentHostTest
[ https://issues.apache.org/jira/browse/AMBARI-18927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15676989#comment-15676989 ] Nahappan Somasundaram commented on AMBARI-18927: [~dgrinenko], Thanks for pointing this out. Why weren't the UTs fixed as a part of the feature? On submitting the patch for the feature to Jenkins, Jenkins would have pointed out the failure. > Unit test failure: ServiceComponentHostTest > --- > > Key: AMBARI-18927 > URL: https://issues.apache.org/jira/browse/AMBARI-18927 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.5.0 >Reporter: Nahappan Somasundaram >Assignee: Nahappan Somasundaram > Fix For: 2.5.0 > > Attachments: rb53868.patch > > > *mvn test -DskipPythonTests -Dtest=ServiceComponentHostTest* > --- > T E S T S > --- > Picked up _JAVA_OPTIONS: -Xmx2048m -XX:MaxPermSize=512m > -Djava.awt.headless=true > Running org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest > Tests run: 13, Failures: 1, Errors: 0, Skipped: 2, Time elapsed: 29.64 sec > <<< FAILURE! - in > org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest > testStaleConfigs(org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest) > Time elapsed: 1.879 sec <<< FAILURE! > java.lang.AssertionError > at > org.apache.ambari.server.state.svccomphost.ServiceComponentHostTest.testStaleConfigs(ServiceComponentHostTest.java:858) > Results : > Failed tests: > ServiceComponentHostTest.testStaleConfigs:858 null > Tests run: 13, Failures: 1, Errors: 0, Skipped: 2 > [INFO] > > [INFO] BUILD FAILURE > [INFO] > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
