ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-11780) Ambari creation of oozie/conf/adminusers.txt breaks oozie role seperation for Kerberos
Date Mon, 22 Jun 2015 17:26:01 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-11780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14596275#comment-14596275
] 

Hadoop QA commented on AMBARI-11780:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12741046/AMBARI-11780_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified
tests.
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:red}-1 core tests{color}.  The test build failed in ambari-server 

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/3224//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3224//console

This message is automatically generated.

> Ambari creation of oozie/conf/adminusers.txt breaks oozie role seperation for Kerberos
> --------------------------------------------------------------------------------------
>
>                 Key: AMBARI-11780
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11780
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11780_01.patch, AMBARI-11780_02.patch
>
>
> Oozie restart from Ambari rewrites oozie/conf/adminusers.txt
> To support role separation for Kerberos, we need an additional line added to the end
of this file.
> The new line is:
> {noformat}
> oozie-admin
> {noformat}
> The new file should be generated as:
> {code}
> #
> # Licensed to the Apache Software Foundation (ASF) under one
> # or more contributor license agreements.  See the NOTICE file
> # distributed with this work for additional information
> # regarding copyright ownership.  The ASF licenses this file
> # to you under the Apache License, Version 2.0 (the
> # "License"); you may not use this file except in compliance
> # with the License.  You may obtain a copy of the License at
> #
> #   http://www.apache.org/licenses/LICENSE-2.0
> #
> # Unless required by applicable law or agreed to in writing, software
> # distributed under the License is distributed on an "AS IS" BASIS,
> # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> # See the License for the specific language governing permissions and
> # limitations under the License.
> #
> # Users should be set using following rules:
> #
> #     One user name per line
> #     Empty lines and lines starting with '#' are ignored
> oozie
> oozie-admin
> {code}
> *Solution*
> 1. Replace
> {code:title=common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2}
> {{oozie_user}}
> {code}
> with 
> {code:title=common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2}
> {% if oozie_admin_users %}
> {% for oozie_admin_user in oozie_admin_users.split(',') %}
>   {{oozie_admin_user}}
> {% endfor %}
> {% endif %}
> {code}
> 2. Add new property
> {code:title=common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml}
>   <property>
>     <name>oozie_admin_users</name>
>     <value>oozie, oozie-admin</value>
>     <description>Oozie admin users.</description>
>   </property>
> {code}
> 3. If the admin user list needs to change when enabling Kerberos, oozie-env/oozie_admin_users
can be set in Oozie's Kerberos descriptor (kerberos.json).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message