[jira] [Commented] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL

2019-04-16 Thread Andras Salamon (JIRA)


[ 
https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16818823#comment-16818823
 ] 

Andras Salamon commented on OOZIE-2972:
---

[~dionusos] [~kmarton] We still support WAR creation, but it's not really 
tested since we started to use embedded Jetty. The documentation is definitely 
not useful, I've already opened OOZIE-3428 about that.

> Server goes inconsistent when prepare war called with secure without SSL
> 
>
> Key: OOZIE-2972
> URL: https://issues.apache.org/jira/browse/OOZIE-2972
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Affects Versions: 4.3.0
>Reporter: Prabhu Joseph
>Priority: Major
>
> When prepare-war with secure is called by some user by mistake on a Oozie 
> Server which is not configured with SSL causes inconsistent state. Oozie 
> Server runs fine but the oozie clients are failed with Authentication failure 
> status 302. Checking curl verbose, Oozie Server redirects client to https 
> port even though it is not listening. We need to validate the prepare-war 
> command when SSL is not configured instead of going to inconsistent state.
> Repro:
> {code}
> Oozie Server without SSL
> /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure
> Start Oozie Server
>  curl -ikv -L --negotiate -u: 
> http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
> * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
> *   Trying 172.26.93.73... connected
> * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> > GET /oozie/v1/admin/status HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 
> > zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> > Host: prabhuzeppelin2.openstacklocal:11000
> > Accept: */*
> > 
> < HTTP/1.1 302 Found
> HTTP/1.1 302 Found
> < Server: Apache-Coyote/1.1
> Server: Apache-Coyote/1.1
> < Pragma: No-cache
> Pragma: No-cache
> < Cache-Control: no-cache
> Cache-Control: no-cache
> < Expires: Thu, 01 Jan 1970 00:00:00 UTC
> Expires: Thu, 01 Jan 1970 00:00:00 UTC
> < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> < Content-Length: 0
> Content-Length: 0
> < Date: Tue, 27 Jun 2017 11:05:45 GMT
> Date: Tue, 27 Jun 2017 11:05:45 GMT
> < 
> * Connection #0 to host prabhuzeppelin2.openstacklocal left intact
> * Issue another request to this URL: 
> 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
> * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
> *   Trying 172.26.93.73... Connection refused
> * couldn't connect to host
> * Closing connection #1
> curl: (7) couldn't connect to host
> * Closing connection #0
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Commented] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL

2019-04-16 Thread Julia Kinga Marton (JIRA)


[ 
https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16818782#comment-16818782
 ] 

Julia Kinga Marton commented on OOZIE-2972:
---

[~dionusos], it needs to be checked with the actual master, because we still 
support war creation.

> Server goes inconsistent when prepare war called with secure without SSL
> 
>
> Key: OOZIE-2972
> URL: https://issues.apache.org/jira/browse/OOZIE-2972
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Affects Versions: 4.3.0
>Reporter: Prabhu Joseph
>Priority: Major
>
> When prepare-war with secure is called by some user by mistake on a Oozie 
> Server which is not configured with SSL causes inconsistent state. Oozie 
> Server runs fine but the oozie clients are failed with Authentication failure 
> status 302. Checking curl verbose, Oozie Server redirects client to https 
> port even though it is not listening. We need to validate the prepare-war 
> command when SSL is not configured instead of going to inconsistent state.
> Repro:
> {code}
> Oozie Server without SSL
> /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure
> Start Oozie Server
>  curl -ikv -L --negotiate -u: 
> http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
> * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
> *   Trying 172.26.93.73... connected
> * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> > GET /oozie/v1/admin/status HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 
> > zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> > Host: prabhuzeppelin2.openstacklocal:11000
> > Accept: */*
> > 
> < HTTP/1.1 302 Found
> HTTP/1.1 302 Found
> < Server: Apache-Coyote/1.1
> Server: Apache-Coyote/1.1
> < Pragma: No-cache
> Pragma: No-cache
> < Cache-Control: no-cache
> Cache-Control: no-cache
> < Expires: Thu, 01 Jan 1970 00:00:00 UTC
> Expires: Thu, 01 Jan 1970 00:00:00 UTC
> < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> < Content-Length: 0
> Content-Length: 0
> < Date: Tue, 27 Jun 2017 11:05:45 GMT
> Date: Tue, 27 Jun 2017 11:05:45 GMT
> < 
> * Connection #0 to host prabhuzeppelin2.openstacklocal left intact
> * Issue another request to this URL: 
> 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
> * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
> *   Trying 172.26.93.73... Connection refused
> * couldn't connect to host
> * Closing connection #1
> curl: (7) couldn't connect to host
> * Closing connection #0
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Commented] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL

2019-04-16 Thread Denes Bodo (JIRA)


[ 
https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16818771#comment-16818771
 ] 

Denes Bodo commented on OOZIE-2972:
---

[~asalamon74] Am I right that with eliminating Tomcat and using Jetty instead 
this situation is no more possible? Thanks

> Server goes inconsistent when prepare war called with secure without SSL
> 
>
> Key: OOZIE-2972
> URL: https://issues.apache.org/jira/browse/OOZIE-2972
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Affects Versions: 4.3.0
>Reporter: Prabhu Joseph
>Priority: Major
>
> When prepare-war with secure is called by some user by mistake on a Oozie 
> Server which is not configured with SSL causes inconsistent state. Oozie 
> Server runs fine but the oozie clients are failed with Authentication failure 
> status 302. Checking curl verbose, Oozie Server redirects client to https 
> port even though it is not listening. We need to validate the prepare-war 
> command when SSL is not configured instead of going to inconsistent state.
> Repro:
> {code}
> Oozie Server without SSL
> /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure
> Start Oozie Server
>  curl -ikv -L --negotiate -u: 
> http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
> * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
> *   Trying 172.26.93.73... connected
> * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> > GET /oozie/v1/admin/status HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 
> > zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> > Host: prabhuzeppelin2.openstacklocal:11000
> > Accept: */*
> > 
> < HTTP/1.1 302 Found
> HTTP/1.1 302 Found
> < Server: Apache-Coyote/1.1
> Server: Apache-Coyote/1.1
> < Pragma: No-cache
> Pragma: No-cache
> < Cache-Control: no-cache
> Cache-Control: no-cache
> < Expires: Thu, 01 Jan 1970 00:00:00 UTC
> Expires: Thu, 01 Jan 1970 00:00:00 UTC
> < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> < Content-Length: 0
> Content-Length: 0
> < Date: Tue, 27 Jun 2017 11:05:45 GMT
> Date: Tue, 27 Jun 2017 11:05:45 GMT
> < 
> * Connection #0 to host prabhuzeppelin2.openstacklocal left intact
> * Issue another request to this URL: 
> 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
> * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
> *   Trying 172.26.93.73... Connection refused
> * couldn't connect to host
> * Closing connection #1
> curl: (7) couldn't connect to host
> * Closing connection #0
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)