ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-11179) Kerberos: Oozie auth rules do not look correct
Date Mon, 18 May 2015 17:10:00 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-11179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14548303#comment-14548303
] 

Hudson commented on AMBARI-11179:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #2634 (See [https://builds.apache.org/job/Ambari-trunk-Commit/2634/])
AMBARI-11179. Kerberos: Oozie auth rules do not look correct (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=2dd80b90379663265e5e1001b32f18f1c6be23ee)
* ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml
* ambari-server/src/main/resources/common-services/OOZIE/5.0.0.2.3/configuration/oozie-site.xml


> Kerberos: Oozie auth rules do not look correct
> ----------------------------------------------
>
>                 Key: AMBARI-11179
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11179
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: keberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11179_01.patch
>
>
> 0) create cluster, hDP 2.2, build 1203
> 1) Kerb cluster (hdfs, yarn,zk)
> 2) add ozzie
> 3) add hbase
> 4) everything seems ok.
> 5) I went and looked at oozie configs, oozie.authentication.kerberos.name.rules property
looks like this...is this correct?
> {code}
> RULE:[1:$1@$0](ambari-qa-MyCluster@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hbase-MyCluster@EXAMPLE.COM)s/.*/hbase/
> RULE:[1:$1@$0](hdfs-MyCluster@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@.*TODO-KERBEROS-DOMAIN)s/@.*//
> RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUSER/
> RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/
> RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
> RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
> RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
> RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
> DEFAULT
> {code}
> *Solution*
> Remove the following values for oozie-site/oozie.authentication.kerberos.name.rules
> {code:title=common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml:145}
>       RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUxSER/
>       RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
>       RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
>       RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
>       DEFAULT
> {code}
> {code:title=common-services/OOZIE/5.0.0.2.3/configuration/oozie-site.xml:24}
>       RULE:[2:$1@$0]([jt]t@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-MAPREDUxSER/
>       RULE:[2:$1@$0]([nd]n@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HDFSUSER/
>       RULE:[2:$1@$0](hm@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
>       RULE:[2:$1@$0](rs@.*TODO-KERBEROS-DOMAIN)s/.*/TODO-HBASE-USER/
>       DEFAULT
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message