You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2016/01/26 01:17:40 UTC

[jira] [Commented] (AMBARI-14702) disabling kerberos does not remove auth to local rules

    [ https://issues.apache.org/jira/browse/AMBARI-14702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15116338#comment-15116338 ] 

Hadoop QA commented on AMBARI-14702:
------------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12784246/AMBARI-14702_trunk_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/5052//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/5052//console

This message is automatically generated.

> disabling kerberos does not remove auth to local rules
> ------------------------------------------------------
>
>                 Key: AMBARI-14702
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14702
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 2.2.2
>
>         Attachments: AMBARI-14702_branch-2.2_01.patch, AMBARI-14702_trunk_01.patch
>
>
> After disabling Kerberos to fix a user generated issue with a principal name pattern, the auth-to-local mapping(s) were not removed and thus not _fixing_ the issues that were caused: 
> {noformat:title=Invalid hadoop.security.auth_to_local value}
>  <property>
>        <name>hadoop.security.auth_to_local</name>
>        <value>RULE:[1:$1@$0](${hbase_user}@EXAMPLE.COM)s/.*/hbase/
>  RULE:[1:$1@$0](${hdfs_user}@EXAMPLE.COM)s/.*/hdfs/
>  RULE:[1:$1@$0](${smokeuser}@EXAMPLE.COM)s/.*/ambari-qa/
>  RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
>  RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/
>  RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/
>  RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
>  RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/
>  RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
>  RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
>  RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
>  RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
>  RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
>  RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
>  RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
>  RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
>  DEFAULT</value>
>      </property>
> {noformat}
> {noformat:title=Errors in log}
> 2016-01-13 21:51:17,825 FATAL datanode.DataNode (DataNode.java:secureMain(2429)) - Exception in secureMain
> java.util.regex.PatternSyntaxException: Illegal repetition near index 0
> ${hbase_user}@EXAMPLE.COM
> ^
>         at java.util.regex.Pattern.error(Pattern.java:1924)
>         at java.util.regex.Pattern.closure(Pattern.java:3104)
>         at java.util.regex.Pattern.sequence(Pattern.java:2101)
>         at java.util.regex.Pattern.expr(Pattern.java:1964)
>         at java.util.regex.Pattern.compile(Pattern.java:1665)
>         at java.util.regex.Pattern.<init>(Pattern.java:1337)
>         at java.util.regex.Pattern.compile(Pattern.java:1022)
>         at org.apache.hadoop.security.authentication.util.KerberosName$Rule.<init>(KerberosName.java:193)
>         at org.apache.hadoop.security.authentication.util.KerberosName.parseRules(KerberosName.java:336)
>         at org.apache.hadoop.security.authentication.util.KerberosName.setRules(KerberosName.java:397)
>         at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:75)
>         at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:275)
>         at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:311)
>         at org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:2192)
>         at org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:2242)
>         at org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2422)
>         at org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2446)
> 2016-01-13 21:51:17,830 INFO  util.ExitUtil (ExitUtil.java:terminate(124)) - Exiting with status 1
> 2016-01-13 21:51:17,832 INFO  datanode.DataNode (LogAdapter.java:info(45)) - SHUTDOWN_MSG:
> /************************************************************
> {noformat}
> The auth-to-local mappings should be removed when Kerberos is disabled.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)