----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42743/#review116335 -----------------------------------------------------------
Ship it! Ship It! - Oliver Szabo On Jan. 26, 2016, 12:56 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42743/ > ----------------------------------------------------------- > > (Updated Jan. 26, 2016, 12:56 a.m.) > > > Review request for Ambari, Jonathan Hurley, Oliver Szabo, and Robert > Nettleton. > > > Bugs: AMBARI-14702 > https://issues.apache.org/jira/browse/AMBARI-14702 > > > Repository: ambari > > > Description > ------- > > After disabling Kerberos to fix a user generated issue with a principal name > pattern, the auth-to-local mapping(s) were not removed and thus not _fixing_ > the issues that were caused: > > #Invalid hadoop.security.auth_to_local value# > ``` > <property> > <name>hadoop.security.auth_to_local</name> > <value>RULE:[1:$1@$0](${hbase_user}@EXAMPLE.COM)s/.*/hbase/ > RULE:[1:$1@$0](${hdfs_user}@EXAMPLE.COM)s/.*/hdfs/ > RULE:[1:$1@$0](${smokeuser}@EXAMPLE.COM)s/.*/ambari-qa/ > RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// > RULE:[2:$1@$0](amshb...@example.com)s/.*/ams/ > RULE:[2:$1@$0](am...@example.com)s/.*/ams/ > RULE:[2:$1@$0](d...@example.com)s/.*/hdfs/ > RULE:[2:$1@$0](hb...@example.com)s/.*/hbase/ > RULE:[2:$1@$0](h...@example.com)s/.*/hive/ > RULE:[2:$1@$0](j...@example.com)s/.*/mapred/ > RULE:[2:$1@$0](j...@example.com)s/.*/hdfs/ > RULE:[2:$1@$0](n...@example.com)s/.*/yarn/ > RULE:[2:$1@$0](n...@example.com)s/.*/hdfs/ > RULE:[2:$1@$0](oo...@example.com)s/.*/oozie/ > RULE:[2:$1@$0](r...@example.com)s/.*/yarn/ > RULE:[2:$1@$0](y...@example.com)s/.*/yarn/ > DEFAULT</value> > </property> > ``` > #Errors in log# > ``` > 2016-01-13 21:51:17,825 FATAL datanode.DataNode > (DataNode.java:secureMain(2429)) - Exception in secureMain > java.util.regex.PatternSyntaxException: Illegal repetition near index 0 > ${hbase_user}@EXAMPLE.COM > ^ > at java.util.regex.Pattern.error(Pattern.java:1924) > at java.util.regex.Pattern.closure(Pattern.java:3104) > at java.util.regex.Pattern.sequence(Pattern.java:2101) > at java.util.regex.Pattern.expr(Pattern.java:1964) > at java.util.regex.Pattern.compile(Pattern.java:1665) > at java.util.regex.Pattern.<init>(Pattern.java:1337) > at java.util.regex.Pattern.compile(Pattern.java:1022) > at > org.apache.hadoop.security.authentication.util.KerberosName$Rule.<init>(KerberosName.java:193) > at > org.apache.hadoop.security.authentication.util.KerberosName.parseRules(KerberosName.java:336) > at > org.apache.hadoop.security.authentication.util.KerberosName.setRules(KerberosName.java:397) > at > org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:75) > at > org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:275) > at > org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:311) > at > org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:2192) > at > org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:2242) > at > org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2422) > at > org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2446) > 2016-01-13 21:51:17,830 INFO util.ExitUtil (ExitUtil.java:terminate(124)) - > Exiting with status 1 > 2016-01-13 21:51:17,832 INFO datanode.DataNode (LogAdapter.java:info(45)) - > SHUTDOWN_MSG: > /************************************************************ > ``` > > The auth-to-local mappings should be removed when Kerberos is disabled. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 019fb3b > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java > f0a5440 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java > 874e331 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java > 1c44789 > > ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java > d6a6f41 > > Diff: https://reviews.apache.org/r/42743/diff/ > > > Testing > ------- > > Manually tested > > # Local test results: > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 53:35.983s > [INFO] Finished at: Mon Jan 25 16:27:30 EST 2016 > [INFO] Final Memory: 68M/1312M > [INFO] > ------------------------------------------------------------------------ > > # Jenkins test results: > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 01:29 h > [INFO] Finished at: 2016-01-26T00:17:13+00:00 > [INFO] Final Memory: 137M/507M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
