ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-11629) Falcon version command failed on secure runs
Date Wed, 03 Jun 2015 18:02:38 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-11629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-11629:
----------------------------------
    Description: 
After enabling Kerberos, the value for property *.falcon.http.authentication.kerberos.name.rules
is set to 
{code}
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
DEFAULT
{code}

This is incorrect. The correct value should be 
{code}
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/ \
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ \
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ \
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/ \
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ \
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ \
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ \
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ \
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ \
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ \
DEFAULT
{code}

Please notice the "\" at end of each RULE. This is needed because of the type of configuration
file the data is in - a (Java) properties file, where properties values must be a single line
or escaped if multi-lined. 

*Solution*
Convert the multi-line auth-to-local rule to meet the requirements of the configuration file
type by allowing the _concatenation type_ to be specified in the Kerberos descriptor.  The
following concatenation types are allowed:
* *new lines* - each rule is separated by a new line 
* *new_lines_escaped* - each rule is separated by an escaped new line
* *spaces* - each rule is separated by a whitespace charater





  was:
After enabling Kerberos, the value for property *.falcon.http.authentication.kerberos.name.rules
is set to 
{code}
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
DEFAULT
{code}

This is incorrect. The correct value should be 
{code}
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/ \
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ \
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ \
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/ \
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ \
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ \
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ \
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ \
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ \
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ \
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ \
DEFAULT
{code}

Please notice the "\" at end of each RULE. This is needed because of the type of configuration
file the data is in - a (Java) properties file, where properties values must be a single line
or escaped if multi-lined. 

*Solution*
Convert the multi-line auth-to-local rule to meet the requirements of the configuration file
type.





> Falcon version command failed on secure runs
> --------------------------------------------
>
>                 Key: AMBARI-11629
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11629
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Blocker
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11629_01.patch
>
>
> After enabling Kerberos, the value for property *.falcon.http.authentication.kerberos.name.rules
is set to 
> {code}
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/
> RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/
> RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
> RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
> RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
> RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
> DEFAULT
> {code}
> This is incorrect. The correct value should be 
> {code}
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/ \
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/ \
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
> RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ \
> RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ \
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ \
> RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/ \
> RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ \
> RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ \
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ \
> RULE:[2:$1@$0](nfs@EXAMPLE.COM)s/.*/hdfs/ \
> RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ \
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ \
> RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ \
> RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ \
> RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ \
> DEFAULT
> {code}
> Please notice the "\" at end of each RULE. This is needed because of the type of configuration
file the data is in - a (Java) properties file, where properties values must be a single line
or escaped if multi-lined. 
> *Solution*
> Convert the multi-line auth-to-local rule to meet the requirements of the configuration
file type by allowing the _concatenation type_ to be specified in the Kerberos descriptor.
 The following concatenation types are allowed:
> * *new lines* - each rule is separated by a new line 
> * *new_lines_escaped* - each rule is separated by an escaped new line
> * *spaces* - each rule is separated by a whitespace charater



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message