ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Review Request 34281: Kerberos: Oozie auth rules do not look correct
Date Fri, 15 May 2015 17:03:38 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34281/
-----------------------------------------------------------

Review request for Ambari, Costel Radulescu and Emil Anca.


Bugs: AMBARI-11179
    https://issues.apache.org/jira/browse/AMBARI-11179


Repository: ambari


Description
-------

0) create cluster, hDP 2.2, build 1203
1) Kerb cluster (hdfs, yarn,zk)
2) add ozzie
3) add hbase
4) everything seems ok.
5) I went and looked at oozie configs, oozie.authentication.kerberos.name.rules property looks
like this...is this correct?

```
RULE:[1:$1@$0](ambari-qa-MyCluster@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hbase-MyCluster@EXAMPLE.COM)s/.*/hbase/
RULE:[1:$1@$0](hdfs-MyCluster@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[1:$1@$0](.*@.*TODO-KERBEROS-DOMAIN)s/@.*//
RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUSER/
RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/
RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
DEFAULT
```


#Solution
Remove the following values for oozie-site/oozie.authentication.kerberos.name.rules

_common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml:145_
```
      RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUxSER/
      RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
      RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
      RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
      DEFAULT
```

_common-services/OOZIE/5.0.0.2.3/configuration/oozie-site.xml:24_
```
      RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUxSER/
      RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
      RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
      RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
      DEFAULT
```


Diffs
-----

  ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml
d7ae0e9 
  ambari-server/src/main/resources/common-services/OOZIE/5.0.0.2.3/configuration/oozie-site.xml
b17e4cd 

Diff: https://reviews.apache.org/r/34281/diff/


Testing
-------


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message