You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Attila Magyar <am...@hortonworks.com> on 2017/03/02 12:39:46 UTC
Review Request 57238: Ambari shouldn't remove secure ACLs from
/zkdtsm_
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57238/
-----------------------------------------------------------
Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Bugs: AMBARI-20267
https://issues.apache.org/jira/browse/AMBARI-20267
Repository: ambari
Description
-------
This node is used by LLAP to store secret keys and tokens, and used only in secure mode. If the ACL is changed to unsecure, keys/tokens could be exposed.
Diffs
-----
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py a8a8282
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ba610a0
Diff: https://reviews.apache.org/r/57238/diff/1/
Testing
-------
- created a cluster with hive
- turned on kerberos
- turned off kerberos
- checked that ambari didn't touch zkdstm_ znodes
existing tests ran successfully.
Thanks,
Attila Magyar
Re: Review Request 57238: Ambari shouldn't remove secure ACLs from
/zkdtsm_
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57238/#review167675
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On March 2, 2017, 7:39 a.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57238/
> -----------------------------------------------------------
>
> (Updated March 2, 2017, 7:39 a.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-20267
> https://issues.apache.org/jira/browse/AMBARI-20267
>
>
> Repository: ambari
>
>
> Description
> -------
>
> This node is used by LLAP to store secret keys and tokens, and used only in secure mode. If the ACL is changed to unsecure, keys/tokens could be exposed.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py a8a8282
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ba610a0
>
>
> Diff: https://reviews.apache.org/r/57238/diff/1/
>
>
> Testing
> -------
>
> - created a cluster with hive
> - turned on kerberos
> - turned off kerberos
> - checked that ambari didn't touch zkdstm_ znodes
>
> existing tests ran successfully.
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 57238: Ambari shouldn't remove secure ACLs from
/zkdtsm_
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57238/#review167672
-----------------------------------------------------------
Ship it!
Ship It!
- Sebastian Toader
On March 2, 2017, 1:39 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57238/
> -----------------------------------------------------------
>
> (Updated March 2, 2017, 1:39 p.m.)
>
>
> Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-20267
> https://issues.apache.org/jira/browse/AMBARI-20267
>
>
> Repository: ambari
>
>
> Description
> -------
>
> This node is used by LLAP to store secret keys and tokens, and used only in secure mode. If the ACL is changed to unsecure, keys/tokens could be exposed.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py a8a8282
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ba610a0
>
>
> Diff: https://reviews.apache.org/r/57238/diff/1/
>
>
> Testing
> -------
>
> - created a cluster with hive
> - turned on kerberos
> - turned off kerberos
> - checked that ambari didn't touch zkdstm_ znodes
>
> existing tests ran successfully.
>
>
> Thanks,
>
> Attila Magyar
>
>