You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Jonathan Hurley (JIRA)" <ji...@apache.org> on 2016/05/17 22:34:12 UTC

[jira] [Created] (AMBARI-16717) Knox Gateway Uses Wrong Keystore After Upgrade

Jonathan Hurley created AMBARI-16717:
----------------------------------------

             Summary: Knox Gateway Uses Wrong Keystore After Upgrade
                 Key: AMBARI-16717
                 URL: https://issues.apache.org/jira/browse/AMBARI-16717
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.1.0
            Reporter: Jonathan Hurley
            Assignee: Jonathan Hurley
            Priority: Critical
             Fix For: 2.4.0


When upgrading Knox, the {{data}} directory and its security artifacts are not copied over to the "versioned" data directory. This causes the {{gateway.jks}} keystore to be automatically re-generated. If the installation was using a custom keystore/certificate, then this will cause connections to be rejected after a successful startup. 

{code:title=Knox 2.2 -> 2.3.0.0}
/usr/hdp/current/knox-server/data -> /var/lib/knox/data
{code}

{code:title=Knox 2.3.2.0+}
/usr/hdp/current/knox-server/data -> /var/lib/knox/data-2.3.2.0-1234
{code}

As a result, after upgrading the {{/var/lib/knox/data-2.3.2.0-1234}} does not contain any of the security artifacts from the prior version.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)