ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Review Request 35017: Falcon version command failed on secure runs
Date Wed, 03 Jun 2015 18:06:35 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35017/
-----------------------------------------------------------

Review request for Ambari, Arpit Gupta, Raghav Gautam, Robert Nettleton, and Tom Beerbower.


Bugs: AMBARI-11629
    https://issues.apache.org/jira/browse/AMBARI-11629


Repository: ambari


Description
-------

After enabling Kerberos, the value for property *.falcon.http.authentication.kerberos.name.rules
is set to 
```
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
DEFAULT
```

This is incorrect. The correct value should be 
```
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/ \
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ \
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ \
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/ \
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ \
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ \
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ \
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ \
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ \
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ \
DEFAULT
```

Please notice the "\" at end of each RULE. This is needed because of the type of configuration
file the data is in - a (Java) properties file, where properties values must be a single line
or escaped if multi-lined. 

*Solution*
Convert the multi-line auth-to-local rule to meet the requirements of the configuration file
type by allowing the concatenation type to be specified in the Kerberos descriptor. The following
concatenation types are allowed:
- *new lines* - each rule is separated by a new line
- *new_lines_escaped* - each rule is separated by an escaped new line
- *spaces* - each rule is separated by a whitespace charater


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
c599cc1 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
70d08ba 
  ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json df3ba34

  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
58013e2 

Diff: https://reviews.apache.org/r/35017/diff/


Testing
-------

Manually tested to see _fixed_ Falcon startup.properties file and successfully Kerberized
cluster. 

Unit tests passed localled

#Jenkins test results: PENDING


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message