You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2016/05/18 20:36:13 UTC
[jira] [Commented] (AMBARI-16717) Knox Gateway Uses Wrong Keystore
After Upgrade
[ https://issues.apache.org/jira/browse/AMBARI-16717?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15289759#comment-15289759 ]
Hudson commented on AMBARI-16717:
---------------------------------
FAILURE: Integrated in Ambari-trunk-Commit #4868 (See [https://builds.apache.org/job/Ambari-trunk-Commit/4868/])
AMBARI-16717 - Knox Gateway Uses Wrong Keystore After Upgrade (jhurley: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=bffcbd28561ce2940ab659cbbd0fd32be81dd3f5])
* ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.4.xml
* ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.5.xml
* ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.5.xml
* ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
* ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/nonrolling-upgrade-2.3.xml
* ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.3.xml
* ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
* ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server_upgrade.py
* ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
* ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/upgrade.py
* ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/nonrolling-upgrade-2.2.xml
* ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/nonrolling-upgrade-2.4.xml
* ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.4.xml
* ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_upgrade.py
* ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
* ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.4.xml
* ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_handler.py
* ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
* ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
* ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_server.py
* ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.3.xml
* ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server_upgrade.py
AMBARI-16717 - Knox Gateway Uses Wrong Keystore After Upgrade (part2) (jhurley: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=24e9b6d262528029b581ecdab789e148de998e1a])
* ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_handler.py
> Knox Gateway Uses Wrong Keystore After Upgrade
> ----------------------------------------------
>
> Key: AMBARI-16717
> URL: https://issues.apache.org/jira/browse/AMBARI-16717
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Jonathan Hurley
> Assignee: Jonathan Hurley
> Priority: Critical
> Fix For: 2.4.0
>
> Attachments: AMBARI-16717.patch
>
>
> When upgrading Knox, the {{data}} directory and its security artifacts are not copied over to the "versioned" data directory. This causes the {{gateway.jks}} keystore to be automatically re-generated. If the installation was using a custom keystore/certificate, then this will cause connections to be rejected after a successful startup.
> {code:title=Knox 2.2 -> 2.3.0.0}
> /usr/hdp/current/knox-server/data -> /var/lib/knox/data
> {code}
> {code:title=Knox 2.3.2.0+}
> /usr/hdp/current/knox-server/data -> /var/lib/knox/data-2.3.2.0-1234
> {code}
> As a result, after upgrading the {{/var/lib/knox/data-2.3.2.0-1234}} does not contain any of the security artifacts from the prior version.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)