You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/09/24 14:24:18 UTC
Review Request 38715: kdc_type lost when updating kerberos-env via
Kerberos service configuration page
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38715/
-----------------------------------------------------------
Review request for Ambari, Jaimin Jetly, Mahadev Konar, and Yusaku Sako.
Bugs: AMBARI-13222
https://issues.apache.org/jira/browse/AMBARI-13222
Repository: ambari
Description
-------
After editing the kerberos-env configuration using Ambari's Kerberos service configuration page and saving the new configuration, the `kdc_type` property is lost and not saved with the new configuration.
*By loosing this value, any future Kerberos-related operations will fail with errors since the mandatory kerberos-env/kdc_type property will be missing.*
kerberos-env before update
```
{
"kdc_type": "mit-kdc",
"password_min_uppercase_letters": "1",
"password_min_whitespace": "0",
"password_min_punctuation": "1",
"password_min_digits": "1",
"encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
"kdc_create_attributes": "",
"admin_server_host": "host1",
"password_min_lowercase_letters": "1",
"container_dn": "",
"password_length": "20",
"case_insensitive_username_rules": "false",
"manage_identities": "true",
"service_check_principal_name": "${cluster_name}-${short_date}",
"kdc_host": "host1",
"ad_create_attributes_template": "\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_name\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}",
"install_packages": "true",
"realm": "EXAMPLE.COM",
"ldap_url": "",
"executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
```
kerberos-env after update
```
{
"password_min_uppercase_letters": "1",
"password_min_whitespace": "0",
"password_min_punctuation": "1",
"password_min_digits": "1",
"encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
"kdc_create_attributes": "",
"admin_server_host": "hist1:88",
"password_min_lowercase_letters": "1",
"container_dn": "",
"password_length": "20",
"case_insensitive_username_rules": "false",
"manage_identities": "true",
"service_check_principal_name": "${cluster_name}-${short_date}",
"kdc_host": "host1:88",
"ad_create_attributes_template": "\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_name\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}",
"install_packages": "true",
"realm": "EXAMPLE.COM",
"ldap_url": "",
"executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
```
Javascript Error
```
Uncaught TypeError: Cannot read property 'get' of undefined
App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
Em.Object.extend.send.opt.success @ app.js:154010
f.Callbacks.o @ vendor.js:125
f.Callbacks.p.fireWith @ vendor.js:125
w @ vendor.js:127
f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
app.js:55160 App.componentConfigMapper execution time: 1.048ms
```
*Steps to reproduce*
1. Create cluster (Zookeeper-only is fine)
2. Enable Kerberos (any KDC, MIT KDC is fine)
3. Browse to Kerberos service configuration page
4. Change a value (maybe add or remove the port for the KDC server value)
5. Save the configuration
6. After view refreshes, the waiting icon appears and does not go away
*Workaround*
Manually add the `kerberos-env/kdc_type` property back to the current kerberos-env configuration. The value must be either "mit-kdc" or "active-directory" and must be the correct one for the configuration. Once this is done, Ambari should be restarted so that any cached configuration data is refreshed.
This can also be fixed using `/var/lib/ambari-server/resources/scripts/configs.sh`.
Diffs
-----
ambari-web/app/mixins/common/configs/configs_saver.js 2b97f59
Diff: https://reviews.apache.org/r/38715/diff/
Testing
-------
Manually tested
Thanks,
Robert Levas
Re: Review Request 38715: kdc_type lost when updating kerberos-env via
Kerberos service configuration page
Posted by Yusaku Sako <yu...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38715/#review100466
-----------------------------------------------------------
Ship it!
Ship It!
- Yusaku Sako
On Sept. 24, 2015, 12:24 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38715/
> -----------------------------------------------------------
>
> (Updated Sept. 24, 2015, 12:24 p.m.)
>
>
> Review request for Ambari, Jaimin Jetly, Mahadev Konar, and Yusaku Sako.
>
>
> Bugs: AMBARI-13222
> https://issues.apache.org/jira/browse/AMBARI-13222
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After editing the kerberos-env configuration using Ambari's Kerberos service configuration page and saving the new configuration, the `kdc_type` property is lost and not saved with the new configuration.
>
> *By loosing this value, any future Kerberos-related operations will fail with errors since the mandatory kerberos-env/kdc_type property will be missing.*
>
> kerberos-env before update
> ```
> {
> "kdc_type": "mit-kdc",
> "password_min_uppercase_letters": "1",
> "password_min_whitespace": "0",
> "password_min_punctuation": "1",
> "password_min_digits": "1",
> "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
> "kdc_create_attributes": "",
> "admin_server_host": "host1",
> "password_min_lowercase_letters": "1",
> "container_dn": "",
> "password_length": "20",
> "case_insensitive_username_rules": "false",
> "manage_identities": "true",
> "service_check_principal_name": "${cluster_name}-${short_date}",
> "kdc_host": "host1",
> "ad_create_attributes_template": "\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_name\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}",
> "install_packages": "true",
> "realm": "EXAMPLE.COM",
> "ldap_url": "",
> "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
> }
> ```
> kerberos-env after update
> ```
> {
> "password_min_uppercase_letters": "1",
> "password_min_whitespace": "0",
> "password_min_punctuation": "1",
> "password_min_digits": "1",
> "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
> "kdc_create_attributes": "",
> "admin_server_host": "hist1:88",
> "password_min_lowercase_letters": "1",
> "container_dn": "",
> "password_length": "20",
> "case_insensitive_username_rules": "false",
> "manage_identities": "true",
> "service_check_principal_name": "${cluster_name}-${short_date}",
> "kdc_host": "host1:88",
> "ad_create_attributes_template": "\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_name\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}",
> "install_packages": "true",
> "realm": "EXAMPLE.COM",
> "ldap_url": "",
> "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
> }
> ```
> Javascript Error
> ```
> Uncaught TypeError: Cannot read property 'get' of undefined
> App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
> App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
> App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
> Em.Object.extend.send.opt.success @ app.js:154010
> f.Callbacks.o @ vendor.js:125
> f.Callbacks.p.fireWith @ vendor.js:125
> w @ vendor.js:127
> f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
> app.js:55160 App.componentConfigMapper execution time: 1.048ms
> ```
> *Steps to reproduce*
> 1. Create cluster (Zookeeper-only is fine)
> 2. Enable Kerberos (any KDC, MIT KDC is fine)
> 3. Browse to Kerberos service configuration page
> 4. Change a value (maybe add or remove the port for the KDC server value)
> 5. Save the configuration
> 6. After view refreshes, the waiting icon appears and does not go away
>
> *Workaround*
> Manually add the `kerberos-env/kdc_type` property back to the current kerberos-env configuration. The value must be either "mit-kdc" or "active-directory" and must be the correct one for the configuration. Once this is done, Ambari should be restarted so that any cached configuration data is refreshed.
>
> This can also be fixed using `/var/lib/ambari-server/resources/scripts/configs.sh`.
>
>
> Diffs
> -----
>
> ambari-web/app/mixins/common/configs/configs_saver.js 2b97f59
>
> Diff: https://reviews.apache.org/r/38715/diff/
>
>
> Testing
> -------
>
> Manually tested
>
>
> Thanks,
>
> Robert Levas
>
>