ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 32446: Storm service check failed after disabling security
Date Tue, 24 Mar 2015 19:29:06 GMT


> On March 24, 2015, 2:53 p.m., Robert Nettleton wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java,
line 215
> > <https://reviews.apache.org/r/32446/diff/1/?file=904549#file904549line215>
> >
> >     Minor issue: 
> >     
> >     Shouldn't this javadoc read: "Removes a property..."  ?

Thanks for catching that.


> On March 24, 2015, 2:53 p.m., Robert Nettleton wrote:
> > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java,
line 46
> > <https://reviews.apache.org/r/32446/diff/1/?file=904552#file904552line46>
> >
> >     It might be a good idea to add a unit test to verify the OPERATION_TYPE_REMOVE
case.

That is probably a good idea, thanks.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/#review77615
-----------------------------------------------------------


On March 24, 2015, 1:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32446/
> -----------------------------------------------------------
> 
> (Updated March 24, 2015, 1:07 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
> 
> 
> Bugs: AMBARI-10176
>     https://issues.apache.org/jira/browse/AMBARI-10176
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> From nimbus.log
> ```
> java.lang.NullPointerException: null
> 	at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93)
~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_67]
> 	at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
> 	at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
> 	at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
> 	at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215)
~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668)
~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656)
~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156)
~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632)
~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
> ```
> 
> **Solution**
> The solution is to remove configuration properties that do not have default values when
disabling Kerberos.
> 
> ```
> For each property updated per the Kerberos descriptor
>     Look up the default value from the stack definition
>     If a value is found, update the property to that "default" value
>     If a value is not found, remove the value from the configuration
> ```
> 
> For Storm in particular, remove the following properties:
> 
> * storm-site/drpc.authorizer
> * storm-site/nimbus.authorizer
> * storm-site/storm.principal.tolocal
> * storm-site/ui.filter
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
01f7846 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java
db1a1d1 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java
20027bc 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java
eca9b79 
>   ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25

>   ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml
bfe1d26 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java
51822cb 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
f902ba2 
> 
> Diff: https://reviews.apache.org/r/32446/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> **Jenkins test results: PENDING**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message