ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Di Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-18071) Ambari Files View needs to have ability to load security configurations
Date Fri, 09 Sep 2016 18:45:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-18071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15477933#comment-15477933
] 

Di Li commented on AMBARI-18071:
--------------------------------

[INFO] Ambari Views ....................................... SUCCESS [  4.923 s]
... ...
[INFO] Ambari Agent ....................................... FAILURE [ 18.543 s]

I don't think the failure was caused by the view code that Keta modified. 

> Ambari Files View needs to have ability to load security configurations
> -----------------------------------------------------------------------
>
>                 Key: AMBARI-18071
>                 URL: https://issues.apache.org/jira/browse/AMBARI-18071
>             Project: Ambari
>          Issue Type: Improvement
>          Components: contrib
>    Affects Versions: trunk
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>         Attachments: AMBARI-18071-Sep6.patch, AMBARI-18071.patch, NoKeyProvider.png
>
>
> When HDFS is configured with Encryption Zones, Files View to browser files will give
"No KeyProvider" error.
> Steps to reproduce this issue:
> 1. Configure an encrypted zone in HDFS (Transparent Data Encryption). You can follow
the link https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.0/bk_hdfs_admin_tools/content/ch_configuring_hdfs_encryption.html
> I have used Hadoop's KMS (installed tar manually).
> 2. Create a Files View instance and provide a user/group the privilege to use the instance.
> 3. Log into the Ambari console as the user with the Files View permission.
> 4. Open the Files View instance.
> 5. Go to the folder which is configured as an encrypted zone.
> 6. Try to open an existing file in this folder.
> 7. This throws an error - java.io.IOException: No KeyProvider is configured, cannot access
an encrypted file. 
> 8. When trying through the shell, opening this file works.
> This happens because Files View doesn't have enough configuration set to browse secured
zone. Files view doesn't even provide an option to add these configurations.This is why we
see errors "No KeyProvider is configured, cannot access an encrypted file", to work around
this, you could download client configuration from HDFS service tab, and copy the core-site.xml
and hdfs-site.xml files to /etc/ambari-server/conf, then restart ambari-server. After this,
the user is able to open the file in the encrypted zone.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message