You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Jonathan Hurley (JIRA)" <ji...@apache.org> on 2016/05/17 22:34:12 UTC
[jira] [Created] (AMBARI-16717) Knox Gateway Uses Wrong Keystore
After Upgrade
Jonathan Hurley created AMBARI-16717:
----------------------------------------
Summary: Knox Gateway Uses Wrong Keystore After Upgrade
Key: AMBARI-16717
URL: https://issues.apache.org/jira/browse/AMBARI-16717
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.1.0
Reporter: Jonathan Hurley
Assignee: Jonathan Hurley
Priority: Critical
Fix For: 2.4.0
When upgrading Knox, the {{data}} directory and its security artifacts are not copied over to the "versioned" data directory. This causes the {{gateway.jks}} keystore to be automatically re-generated. If the installation was using a custom keystore/certificate, then this will cause connections to be rejected after a successful startup.
{code:title=Knox 2.2 -> 2.3.0.0}
/usr/hdp/current/knox-server/data -> /var/lib/knox/data
{code}
{code:title=Knox 2.3.2.0+}
/usr/hdp/current/knox-server/data -> /var/lib/knox/data-2.3.2.0-1234
{code}
As a result, after upgrading the {{/var/lib/knox/data-2.3.2.0-1234}} does not contain any of the security artifacts from the prior version.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)