You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2016/01/16 12:43:39 UTC
[jira] [Updated] (AMBARI-14702) disabling kerberos does not remove
auth to local rules
[ https://issues.apache.org/jira/browse/AMBARI-14702?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-14702:
----------------------------------
Fix Version/s: (was: 2.1.2)
2.2.1
> disabling kerberos does not remove auth to local rules
> ------------------------------------------------------
>
> Key: AMBARI-14702
> URL: https://issues.apache.org/jira/browse/AMBARI-14702
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.2.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos
> Fix For: 2.2.1
>
>
> After disabling Kerberos to fix a user generated issue with a principal name pattern, the auth-to-local mapping(s) were not removed and thus not _fixing_ the issues that were caused:
> {noformat:title=Invalid hadoop.security.auth_to_local value}
> <property>
> <name>hadoop.security.auth_to_local</name>
> <value>RULE:[1:$1@$0](${hbase_user}@EXAMPLE.COM)s/.*/hbase/
> RULE:[1:$1@$0](${hdfs_user}@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](${smokeuser}@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/
> RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/
> RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/
> RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/
> RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/
> RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/
> DEFAULT</value>
> </property>
> {noformat}
> {noformat:title=Errors in log}
> 2016-01-13 21:51:17,825 FATAL datanode.DataNode (DataNode.java:secureMain(2429)) - Exception in secureMain
> java.util.regex.PatternSyntaxException: Illegal repetition near index 0
> ${hbase_user}@EXAMPLE.COM
> ^
> at java.util.regex.Pattern.error(Pattern.java:1924)
> at java.util.regex.Pattern.closure(Pattern.java:3104)
> at java.util.regex.Pattern.sequence(Pattern.java:2101)
> at java.util.regex.Pattern.expr(Pattern.java:1964)
> at java.util.regex.Pattern.compile(Pattern.java:1665)
> at java.util.regex.Pattern.<init>(Pattern.java:1337)
> at java.util.regex.Pattern.compile(Pattern.java:1022)
> at org.apache.hadoop.security.authentication.util.KerberosName$Rule.<init>(KerberosName.java:193)
> at org.apache.hadoop.security.authentication.util.KerberosName.parseRules(KerberosName.java:336)
> at org.apache.hadoop.security.authentication.util.KerberosName.setRules(KerberosName.java:397)
> at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:75)
> at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:275)
> at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:311)
> at org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:2192)
> at org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:2242)
> at org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2422)
> at org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2446)
> 2016-01-13 21:51:17,830 INFO util.ExitUtil (ExitUtil.java:terminate(124)) - Exiting with status 1
> 2016-01-13 21:51:17,832 INFO datanode.DataNode (LogAdapter.java:info(45)) - SHUTDOWN_MSG:
> /************************************************************
> {noformat}
> The auth-to-local mappings should be removed when Kerberos is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)