You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Prabhu Joseph (JIRA)" <ji...@apache.org> on 2017/06/28 04:57:01 UTC

[jira] [Updated] (OOZIE-2972) Server goes inconsistent when prepare war called with secure without SSL

     [ https://issues.apache.org/jira/browse/OOZIE-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Prabhu Joseph updated OOZIE-2972:
---------------------------------
    Description: 
When prepare-war with secure is called by some user by mistake on a Oozie Server which is not configured with SSL causes inconsistent state. Oozie Server runs fine but the oozie clients are failed with Authentication failure status 302. Checking curl verbose, Oozie Server redirects client to https port even though it is not listening. We need to validate the prepare-war command when SSL is not configured instead of going to inconsistent state.

Repro:
{code}
Oozie Server without SSL

/usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure

Start Oozie Server

 curl -ikv -L --negotiate -u: http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
* About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
*   Trying 172.26.93.73... connected
* Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> GET /oozie/v1/admin/status HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: prabhuzeppelin2.openstacklocal:11000
> Accept: */*
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Pragma: No-cache
Pragma: No-cache
< Cache-Control: no-cache
Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
< Content-Length: 0
Content-Length: 0
< Date: Tue, 27 Jun 2017 11:05:45 GMT
Date: Tue, 27 Jun 2017 11:05:45 GMT

< 
* Connection #0 to host prabhuzeppelin2.openstacklocal left intact
* Issue another request to this URL: 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
* About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
*   Trying 172.26.93.73... Connection refused
* couldn't connect to host
* Closing connection #1
curl: (7) couldn't connect to host
* Closing connection #0

{code}

  was:
When prepare-war with secure is called by some user by mistake on a Oozie Server which is not configured with SSL causes inconsistent state. Oozie Server runs fine but the oozie clients are failed with Authentication failure status 302. Checking curl verbose, Oozie Server redirects client to https port even though it is not listening. We need to validate the prepare-war command when SSL is not configured instead of going to inconsistent state.

Repro:
{code}
Oozie Server without SSL

/usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure

 curl -ikv -L --negotiate -u: http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
* About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
*   Trying 172.26.93.73... connected
* Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> GET /oozie/v1/admin/status HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: prabhuzeppelin2.openstacklocal:11000
> Accept: */*
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Pragma: No-cache
Pragma: No-cache
< Cache-Control: no-cache
Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
< Content-Length: 0
Content-Length: 0
< Date: Tue, 27 Jun 2017 11:05:45 GMT
Date: Tue, 27 Jun 2017 11:05:45 GMT

< 
* Connection #0 to host prabhuzeppelin2.openstacklocal left intact
* Issue another request to this URL: 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
* About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
*   Trying 172.26.93.73... Connection refused
* couldn't connect to host
* Closing connection #1
curl: (7) couldn't connect to host
* Closing connection #0

{code}


> Server goes inconsistent when prepare war called with secure without SSL
> ------------------------------------------------------------------------
>
>                 Key: OOZIE-2972
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2972
>             Project: Oozie
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 4.3.0
>            Reporter: Prabhu Joseph
>
> When prepare-war with secure is called by some user by mistake on a Oozie Server which is not configured with SSL causes inconsistent state. Oozie Server runs fine but the oozie clients are failed with Authentication failure status 302. Checking curl verbose, Oozie Server redirects client to https port even though it is not listening. We need to validate the prepare-war command when SSL is not configured instead of going to inconsistent state.
> Repro:
> {code}
> Oozie Server without SSL
> /usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure
> Start Oozie Server
>  curl -ikv -L --negotiate -u: http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
> * About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
> *   Trying 172.26.93.73... connected
> * Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> > GET /oozie/v1/admin/status HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> > Host: prabhuzeppelin2.openstacklocal:11000
> > Accept: */*
> > 
> < HTTP/1.1 302 Found
> HTTP/1.1 302 Found
> < Server: Apache-Coyote/1.1
> Server: Apache-Coyote/1.1
> < Pragma: No-cache
> Pragma: No-cache
> < Cache-Control: no-cache
> Cache-Control: no-cache
> < Expires: Thu, 01 Jan 1970 00:00:00 UTC
> Expires: Thu, 01 Jan 1970 00:00:00 UTC
> < Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
> < Content-Length: 0
> Content-Length: 0
> < Date: Tue, 27 Jun 2017 11:05:45 GMT
> Date: Tue, 27 Jun 2017 11:05:45 GMT
> < 
> * Connection #0 to host prabhuzeppelin2.openstacklocal left intact
> * Issue another request to this URL: 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
> * About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
> *   Trying 172.26.93.73... Connection refused
> * couldn't connect to host
> * Closing connection #1
> curl: (7) couldn't connect to host
> * Closing connection #0
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)