ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-9020) Ambari agent script should not kinit with Oozie service credentials on behalf of the Oozie service
Date Wed, 07 Jan 2015 11:02:34 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-9020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-9020:
---------------------------------
    Description: 
Ambari agent script should not kinit with Oozie service credentials on behalf of the Oozie
service.

This is occurring in 

{code:title=oozie_service.py (around line 26)}
  kinit_if_needed = format("{kinit_path_local} -kt {oozie_keytab} {oozie_principal};") if
params.security_enabled else ""
{code}

{code:title=oozie_service.py (around line 40)}
    cmd2 =  format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop --config {hadoop_conf_dir}
dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")
{code}

{code:title=oozie_service.py (around line 60)}
    Execute( cmd2,
      user = params.oozie_user,
      not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs -ls /user/oozie/share
| awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if (count > 0) {{exit 0}} else {{exit
1}}}}'"),
      path = params.execute_path
    )
{code}

  was:
Ambari agent script should not kinit with Oozie service credentials on behalf of the Oozie
service.

This is occurring in 

{code:title=oozie_service.py (around line 40)}
    cmd2 =  format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop --config {hadoop_conf_dir}
dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")
{code}

{code:title=oozie_service.py (around line 60)}
    Execute( cmd2,
      user = params.oozie_user,
      not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs -ls /user/oozie/share
| awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if (count > 0) {{exit 0}} else {{exit
1}}}}'"),
      path = params.execute_path
    )
{code}


> Ambari agent script should not kinit with Oozie service credentials on behalf of the
Oozie service
> --------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-9020
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9020
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>              Labels: kerberos, oozie, security, stack
>             Fix For: 2.0.0
>
>
> Ambari agent script should not kinit with Oozie service credentials on behalf of the
Oozie service.
> This is occurring in 
> {code:title=oozie_service.py (around line 26)}
>   kinit_if_needed = format("{kinit_path_local} -kt {oozie_keytab} {oozie_principal};")
if params.security_enabled else ""
> {code}
> {code:title=oozie_service.py (around line 40)}
>     cmd2 =  format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop --config
{hadoop_conf_dir} dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")
> {code}
> {code:title=oozie_service.py (around line 60)}
>     Execute( cmd2,
>       user = params.oozie_user,
>       not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs -ls /user/oozie/share
| awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if (count > 0) {{exit 0}} else {{exit
1}}}}'"),
>       path = params.execute_path
>     )
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message