You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/03/24 18:07:36 UTC
Review Request 32446: Storm service check failed after disabling
security
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/
-----------------------------------------------------------
Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
Bugs: AMBARI-10176
https://issues.apache.org/jira/browse/AMBARI-10176
Repository: ambari
Description
-------
>From nimbus.log
```
java.lang.NullPointerException: null
at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
```
**Solution**
The solution is to remove configuration properties that do not have default values when disabling Kerberos.
```
For each property updated per the Kerberos descriptor
Look up the default value from the stack definition
If a value is found, update the property to that "default" value
If a value is not found, remove the value from the configuration
```
For Storm in particular, remove the following properties:
* storm-site/drpc.authorizer
* storm-site/nimbus.authorizer
* storm-site/storm.principal.tolocal
* storm-site/ui.filter
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
Diff: https://reviews.apache.org/r/32446/diff/
Testing
-------
Manual testing
**Jenkins test results: PENDING**
Thanks,
Robert Levas
Re: Review Request 32446: Storm service check failed after disabling
security
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/
-----------------------------------------------------------
(Updated March 25, 2015, 9:13 a.m.)
Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
Bugs: AMBARI-10176
https://issues.apache.org/jira/browse/AMBARI-10176
Repository: ambari
Description
-------
>From nimbus.log
```
java.lang.NullPointerException: null
at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
```
**Solution**
The solution is to remove configuration properties that do not have default values when disabling Kerberos.
```
For each property updated per the Kerberos descriptor
Look up the default value from the stack definition
If a value is found, update the property to that "default" value
If a value is not found, remove the value from the configuration
```
For Storm in particular, remove the following properties:
* storm-site/drpc.authorizer
* storm-site/nimbus.authorizer
* storm-site/storm.principal.tolocal
* storm-site/ui.filter
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
Diff: https://reviews.apache.org/r/32446/diff/
Testing (updated)
-------
Manual testing
**Local test results**
Running org.apache.ambari.server.serveraction.kerberos.KerberosConfigDataFileTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.093 sec
Running org.apache.ambari.server.serveraction.kerberos.UpdateKerberosConfigsServerActionTest
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.504 sec
Ambari Test Suite
Tests run: 2791, Failures: 0, Errors: 0, Skipped: 15
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 38:47.340s
[INFO] Finished at: Wed Mar 25 07:31:16 EDT 2015
[INFO] Final Memory: 42M/570M
[INFO] ------------------------------------------------------------------------
**Jenkins test results: PENDING**
Thanks,
Robert Levas
Re: Review Request 32446: Storm service check failed after disabling
security
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/
-----------------------------------------------------------
(Updated March 25, 2015, 6:47 a.m.)
Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
Changes
-------
Addressed reviewer concerns
Bugs: AMBARI-10176
https://issues.apache.org/jira/browse/AMBARI-10176
Repository: ambari
Description
-------
>From nimbus.log
```
java.lang.NullPointerException: null
at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
```
**Solution**
The solution is to remove configuration properties that do not have default values when disabling Kerberos.
```
For each property updated per the Kerberos descriptor
Look up the default value from the stack definition
If a value is found, update the property to that "default" value
If a value is not found, remove the value from the configuration
```
For Storm in particular, remove the following properties:
* storm-site/drpc.authorizer
* storm-site/nimbus.authorizer
* storm-site/storm.principal.tolocal
* storm-site/ui.filter
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
Diff: https://reviews.apache.org/r/32446/diff/
Testing
-------
Manual testing
**Jenkins test results: PENDING**
Thanks,
Robert Levas
Re: Review Request 32446: Storm service check failed after disabling
security
Posted by Robert Levas <rl...@hortonworks.com>.
> On March 24, 2015, 1:51 p.m., Jonathan Hurley wrote:
> > ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml, line 196
> > <https://reviews.apache.org/r/32446/diff/1/?file=904551#file904551line196>
> >
> > There are other null values in STORM; do they need to be removed as well?
If they do, it is not related to this issue and the values have been there since the creation of this file - 1/2014.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/#review77603
-----------------------------------------------------------
On March 24, 2015, 1:07 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32446/
> -----------------------------------------------------------
>
> (Updated March 24, 2015, 1:07 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
>
>
> Bugs: AMBARI-10176
> https://issues.apache.org/jira/browse/AMBARI-10176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> From nimbus.log
> ```
> java.lang.NullPointerException: null
> at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
> at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
> at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
> ```
>
> **Solution**
> The solution is to remove configuration properties that do not have default values when disabling Kerberos.
>
> ```
> For each property updated per the Kerberos descriptor
> Look up the default value from the stack definition
> If a value is found, update the property to that "default" value
> If a value is not found, remove the value from the configuration
> ```
>
> For Storm in particular, remove the following properties:
>
> * storm-site/drpc.authorizer
> * storm-site/nimbus.authorizer
> * storm-site/storm.principal.tolocal
> * storm-site/ui.filter
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
> ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
>
> Diff: https://reviews.apache.org/r/32446/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> **Jenkins test results: PENDING**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 32446: Storm service check failed after disabling
security
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/#review77603
-----------------------------------------------------------
Ship it!
ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml
<https://reviews.apache.org/r/32446/#comment125736>
There are other null values in STORM; do they need to be removed as well?
- Jonathan Hurley
On March 24, 2015, 1:07 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32446/
> -----------------------------------------------------------
>
> (Updated March 24, 2015, 1:07 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
>
>
> Bugs: AMBARI-10176
> https://issues.apache.org/jira/browse/AMBARI-10176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> From nimbus.log
> ```
> java.lang.NullPointerException: null
> at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
> at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
> at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
> ```
>
> **Solution**
> The solution is to remove configuration properties that do not have default values when disabling Kerberos.
>
> ```
> For each property updated per the Kerberos descriptor
> Look up the default value from the stack definition
> If a value is found, update the property to that "default" value
> If a value is not found, remove the value from the configuration
> ```
>
> For Storm in particular, remove the following properties:
>
> * storm-site/drpc.authorizer
> * storm-site/nimbus.authorizer
> * storm-site/storm.principal.tolocal
> * storm-site/ui.filter
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
> ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
>
> Diff: https://reviews.apache.org/r/32446/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> **Jenkins test results: PENDING**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 32446: Storm service check failed after disabling
security
Posted by Robert Levas <rl...@hortonworks.com>.
> On March 24, 2015, 2:53 p.m., Robert Nettleton wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java, line 215
> > <https://reviews.apache.org/r/32446/diff/1/?file=904549#file904549line215>
> >
> > Minor issue:
> >
> > Shouldn't this javadoc read: "Removes a property..." ?
Thanks for catching that.
> On March 24, 2015, 2:53 p.m., Robert Nettleton wrote:
> > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java, line 46
> > <https://reviews.apache.org/r/32446/diff/1/?file=904552#file904552line46>
> >
> > It might be a good idea to add a unit test to verify the OPERATION_TYPE_REMOVE case.
That is probably a good idea, thanks.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/#review77615
-----------------------------------------------------------
On March 24, 2015, 1:07 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32446/
> -----------------------------------------------------------
>
> (Updated March 24, 2015, 1:07 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
>
>
> Bugs: AMBARI-10176
> https://issues.apache.org/jira/browse/AMBARI-10176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> From nimbus.log
> ```
> java.lang.NullPointerException: null
> at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
> at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
> at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
> ```
>
> **Solution**
> The solution is to remove configuration properties that do not have default values when disabling Kerberos.
>
> ```
> For each property updated per the Kerberos descriptor
> Look up the default value from the stack definition
> If a value is found, update the property to that "default" value
> If a value is not found, remove the value from the configuration
> ```
>
> For Storm in particular, remove the following properties:
>
> * storm-site/drpc.authorizer
> * storm-site/nimbus.authorizer
> * storm-site/storm.principal.tolocal
> * storm-site/ui.filter
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
> ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
>
> Diff: https://reviews.apache.org/r/32446/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> **Jenkins test results: PENDING**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 32446: Storm service check failed after disabling
security
Posted by Robert Nettleton <rn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32446/#review77615
-----------------------------------------------------------
Ship it!
Looks good. Just a few minor comments/issues.
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java
<https://reviews.apache.org/r/32446/#comment125756>
Minor issue:
Shouldn't this javadoc read: "Removes a property..." ?
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java
<https://reviews.apache.org/r/32446/#comment125760>
It might be a good idea to add a unit test to verify the OPERATION_TYPE_REMOVE case.
- Robert Nettleton
On March 24, 2015, 5:07 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32446/
> -----------------------------------------------------------
>
> (Updated March 24, 2015, 5:07 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jonathan Hurley, John Speidel, and Robert Nettleton.
>
>
> Bugs: AMBARI-10176
> https://issues.apache.org/jira/browse/AMBARI-10176
>
>
> Repository: ambari
>
>
> Description
> -------
>
> From nimbus.log
> ```
> java.lang.NullPointerException: null
> at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
> at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
> at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
> ```
>
> **Solution**
> The solution is to remove configuration properties that do not have default values when disabling Kerberos.
>
> ```
> For each property updated per the Kerberos descriptor
> Look up the default value from the stack definition
> If a value is found, update the property to that "default" value
> If a value is not found, remove the value from the configuration
> ```
>
> For Storm in particular, remove the following properties:
>
> * storm-site/drpc.authorizer
> * storm-site/nimbus.authorizer
> * storm-site/storm.principal.tolocal
> * storm-site/ui.filter
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 01f7846
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFile.java db1a1d1
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileBuilder.java 20027bc
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java eca9b79
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 83fca25
> ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/configuration/storm-site.xml bfe1d26
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosConfigDataFileTest.java 51822cb
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java f902ba2
>
> Diff: https://reviews.apache.org/r/32446/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> **Jenkins test results: PENDING**
>
>
> Thanks,
>
> Robert Levas
>
>