ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-13222) kdc-type lost when updating kerberos-env via Kerberos service configuration page
Date Thu, 24 Sep 2015 10:58:04 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-13222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-13222:
----------------------------------
    Description: 
After editing the kerberos-env configuration using Ambari's Kerberos service configuration
page and saving the new configuration, the {{kdc-type}} property is lost and not saved with
the new configuration.

*By loosing this value, any future Kerberos-related operations will fail with errors since
the mandatory kerberos-env/kdc-type property will be missing.*

{code:title=kerberos-env before update}
{
  "kdc_type": "mit-kdc",
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "host1",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "host1",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\",
\"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\":
\"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\":
\"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=kerberos-env after update}
{
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "hist1:88",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "host1:88",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\",
\"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\":
\"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\":
\"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=Javascript Error}
Uncaught TypeError: Cannot read property 'get' of undefined
App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
Em.Object.extend.send.opt.success @ app.js:154010
f.Callbacks.o @ vendor.js:125
f.Callbacks.p.fireWith @ vendor.js:125
w @ vendor.js:127
f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
app.js:55160 App.componentConfigMapper execution time: 1.048ms
{code}

*Steps to reproduce*
# Create cluster (Zookeeper-only is fine)
# Enable Kerberos (any KDC, MIT KDC is fine)
# Browse to Kerberos service configuration page
# Change a value (maybe add or remove the port for the KDC server value)
# Save the configuration
# After view refreshes, the waiting icon appears and does not go away

*Workaround*
Manually add the {{kerberos-env/kdc-type}} property back to the current kerberos-env configuration.
 The value must be either "mit-kdc" or "active-directory" and must be the correct one for
the configuration.  Once this is done, Ambari should be restarted so that any cached configuration
data is refreshed. 

This can also be fixed using {{/var/lib/ambari-server/resources/scripts/configs.sh}}.

  was:
After editing the kerberos-env configuration using Ambari's Kerberos service configuration
page and saving the new configuration, the {{kdc-type}} property is lost and not saved with
the new configuration.

*By loosing this value, any future Kerberos-related operations will fail with errors since
the mandatory kerberos-env/kdc-type property will be missing.*

{code:title=kerberos-env before update}
{
  "kdc_type": "mit-kdc",
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "host1",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "levas-45007-1.c.pramod-thangali.internal",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\",
\"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\":
\"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\":
\"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=kerberos-env after update}
{
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "levas-45007-1.c.pramod-thangali.internal:88",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "levas-45007-1.c.pramod-thangali.internal:88",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\",
\"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\":
\"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\":
\"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=Javascript Error}
Uncaught TypeError: Cannot read property 'get' of undefined
App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
Em.Object.extend.send.opt.success @ app.js:154010
f.Callbacks.o @ vendor.js:125
f.Callbacks.p.fireWith @ vendor.js:125
w @ vendor.js:127
f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
app.js:55160 App.componentConfigMapper execution time: 1.048ms
{code}

*Steps to reproduce*
# Create cluster (Zookeeper-only is fine)
# Enable Kerberos (any KDC, MIT KDC is fine)
# Browse to Kerberos service configuration page
# Change a value (maybe add or remove the port for the KDC server value)
# Save the configuration
# After view refreshes, the waiting icon appears and does not go away

*Workaround*
Manually add the {{kerberos-env/kdc-type}} property back to the current kerberos-env configuration.
 The value must be either "mit-kdc" or "active-directory" and must be the correct one for
the configuration.  Once this is done, Ambari should be restarted so that any cached configuration
data is refreshed. 

This can also be fixed using {{/var/lib/ambari-server/resources/scripts/configs.sh}}.


> kdc-type lost when updating kerberos-env via Kerberos service configuration page
> --------------------------------------------------------------------------------
>
>                 Key: AMBARI-13222
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13222
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.1.1
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: regression
>             Fix For: 2.1.2
>
>
> After editing the kerberos-env configuration using Ambari's Kerberos service configuration
page and saving the new configuration, the {{kdc-type}} property is lost and not saved with
the new configuration.
> *By loosing this value, any future Kerberos-related operations will fail with errors
since the mandatory kerberos-env/kdc-type property will be missing.*
> {code:title=kerberos-env before update}
> {
>   "kdc_type": "mit-kdc",
>   "password_min_uppercase_letters": "1",
>   "password_min_whitespace": "0",
>   "password_min_punctuation": "1",
>   "password_min_digits": "1",
>   "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
>   "kdc_create_attributes": "",
>   "admin_server_host": "host1",
>   "password_min_lowercase_letters": "1",
>   "container_dn": "",
>   "password_length": "20",
>   "case_insensitive_username_rules": "false",
>   "manage_identities": "true",
>   "service_check_principal_name": "${cluster_name}-${short_date}",
>   "kdc_host": "host1",
>   "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\",
\"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\":
\"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\":
\"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
>   "install_packages": "true",
>   "realm": "EXAMPLE.COM",
>   "ldap_url": "",
>   "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin,
/usr/lib/mit/sbin"
> }
> {code}
> {code:title=kerberos-env after update}
> {
>   "password_min_uppercase_letters": "1",
>   "password_min_whitespace": "0",
>   "password_min_punctuation": "1",
>   "password_min_digits": "1",
>   "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
>   "kdc_create_attributes": "",
>   "admin_server_host": "hist1:88",
>   "password_min_lowercase_letters": "1",
>   "container_dn": "",
>   "password_length": "20",
>   "case_insensitive_username_rules": "false",
>   "manage_identities": "true",
>   "service_check_principal_name": "${cluster_name}-${short_date}",
>   "kdc_host": "host1:88",
>   "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\",
\"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\":
\"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\":
\"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
>   "install_packages": "true",
>   "realm": "EXAMPLE.COM",
>   "ldap_url": "",
>   "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin,
/usr/lib/mit/sbin"
> }
> {code}
> {code:title=Javascript Error}
> Uncaught TypeError: Cannot read property 'get' of undefined
> App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
> App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
> App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
> Em.Object.extend.send.opt.success @ app.js:154010
> f.Callbacks.o @ vendor.js:125
> f.Callbacks.p.fireWith @ vendor.js:125
> w @ vendor.js:127
> f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
> app.js:55160 App.componentConfigMapper execution time: 1.048ms
> {code}
> *Steps to reproduce*
> # Create cluster (Zookeeper-only is fine)
> # Enable Kerberos (any KDC, MIT KDC is fine)
> # Browse to Kerberos service configuration page
> # Change a value (maybe add or remove the port for the KDC server value)
> # Save the configuration
> # After view refreshes, the waiting icon appears and does not go away
> *Workaround*
> Manually add the {{kerberos-env/kdc-type}} property back to the current kerberos-env
configuration.  The value must be either "mit-kdc" or "active-directory" and must be the correct
one for the configuration.  Once this is done, Ambari should be restarted so that any cached
configuration data is refreshed. 
> This can also be fixed using {{/var/lib/ambari-server/resources/scripts/configs.sh}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message