You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/09/24 12:57:04 UTC
[jira] [Updated] (AMBARI-13222) kdc-type lost when updating kerberos-env via Kerberos service configuration page

     [ https://issues.apache.org/jira/browse/AMBARI-13222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-13222:
----------------------------------
    Description: 
After editing the kerberos-env configuration using Ambari's Kerberos service configuration page and saving the new configuration, the {{kdc-type}} property is lost and not saved with the new configuration.

*By loosing this value, any future Kerberos-related operations will fail with errors since the mandatory kerberos-env/kdc-type property will be missing.*

{code:title=kerberos-env before update}
{
  "kdc_type": "mit-kdc",
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "host1",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "levas-45007-1.c.pramod-thangali.internal",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=kerberos-env after update}
{
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "levas-45007-1.c.pramod-thangali.internal:88",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "levas-45007-1.c.pramod-thangali.internal:88",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=Javascript Error}
Uncaught TypeError: Cannot read property 'get' of undefined
App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
Em.Object.extend.send.opt.success @ app.js:154010
f.Callbacks.o @ vendor.js:125
f.Callbacks.p.fireWith @ vendor.js:125
w @ vendor.js:127
f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
app.js:55160 App.componentConfigMapper execution time: 1.048ms
{code}

*Steps to reproduce*
# Create cluster (Zookeeper-only is fine)
# Enable Kerberos (any KDC, MIT KDC is fine)
# Browse to Kerberos service configuration page
# Change a value (maybe add or remove the port for the KDC server value)
# Save the configuration
# After view refreshes, the waiting icon appears and does not go away

*Workaround*
Manually add the {{kerberos-env/kdc-type}} property back to the current kerberos-env configuration.  The value must be either "mit-kdc" or "active-directory" and must be the correct one for the configuration.  Once this is done, Ambari should be restarted so that any cached configuration data is refreshed. 

This can also be fixed using {{/var/lib/ambari-server/resources/scripts/configs.sh}}.

  was:
After editing the kerberos-env configuration using Ambari's Kerberos service configuration page and saving the new configuration, the {{kdc-type}} property is lost and not saved with the new configuration.

*By loosing this value, any future Kerberos-related operations will fail with errors since the mandatory kerberos-env/kdc-type property will be missing.*

{code:title=kerberos-env before update}
{
  "kdc_type": "mit-kdc",
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "levas-45007-1.c.pramod-thangali.internal",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "levas-45007-1.c.pramod-thangali.internal",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=kerberos-env after update}
{
  "password_min_uppercase_letters": "1",
  "password_min_whitespace": "0",
  "password_min_punctuation": "1",
  "password_min_digits": "1",
  "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
  "kdc_create_attributes": "",
  "admin_server_host": "levas-45007-1.c.pramod-thangali.internal:88",
  "password_min_lowercase_letters": "1",
  "container_dn": "",
  "password_length": "20",
  "case_insensitive_username_rules": "false",
  "manage_identities": "true",
  "service_check_principal_name": "${cluster_name}-${short_date}",
  "kdc_host": "levas-45007-1.c.pramod-thangali.internal:88",
  "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
  "install_packages": "true",
  "realm": "EXAMPLE.COM",
  "ldap_url": "",
  "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
}
{code}

{code:title=Javascript Error}
Uncaught TypeError: Cannot read property 'get' of undefined
App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
Em.Object.extend.send.opt.success @ app.js:154010
f.Callbacks.o @ vendor.js:125
f.Callbacks.p.fireWith @ vendor.js:125
w @ vendor.js:127
f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
app.js:55160 App.componentConfigMapper execution time: 1.048ms
{code}

*Steps to reproduce*
# Create cluster (Zookeeper-only is fine)
# Enable Kerberos (any KDC, MIT KDC is fine)
# Browse to Kerberos service configuration page
# Change a value (maybe add or remove the port for the KDC server value)
# Save the configuration
# After view refreshes, the waiting icon appears and does not go away

*Workaround*
Manually add the {{kerberos-env/kdc-type}} property back to the current kerberos-env configuration.  The value must be either "mit-kdc" or "active-directory" and must be the correct one for the configuration.  Once this is done, Ambari should be restarted so that any cached configuration data is refreshed. 

This can also be fixed using {{/var/lib/ambari-server/resources/scripts/configs.sh}}.


> kdc-type lost when updating kerberos-env via Kerberos service configuration page
> --------------------------------------------------------------------------------
>
>                 Key: AMBARI-13222
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13222
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.1.1
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: regression
>             Fix For: 2.1.2
>
>
> After editing the kerberos-env configuration using Ambari's Kerberos service configuration page and saving the new configuration, the {{kdc-type}} property is lost and not saved with the new configuration.
> *By loosing this value, any future Kerberos-related operations will fail with errors since the mandatory kerberos-env/kdc-type property will be missing.*
> {code:title=kerberos-env before update}
> {
>   "kdc_type": "mit-kdc",
>   "password_min_uppercase_letters": "1",
>   "password_min_whitespace": "0",
>   "password_min_punctuation": "1",
>   "password_min_digits": "1",
>   "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
>   "kdc_create_attributes": "",
>   "admin_server_host": "host1",
>   "password_min_lowercase_letters": "1",
>   "container_dn": "",
>   "password_length": "20",
>   "case_insensitive_username_rules": "false",
>   "manage_identities": "true",
>   "service_check_principal_name": "${cluster_name}-${short_date}",
>   "kdc_host": "levas-45007-1.c.pramod-thangali.internal",
>   "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
>   "install_packages": "true",
>   "realm": "EXAMPLE.COM",
>   "ldap_url": "",
>   "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
> }
> {code}
> {code:title=kerberos-env after update}
> {
>   "password_min_uppercase_letters": "1",
>   "password_min_whitespace": "0",
>   "password_min_punctuation": "1",
>   "password_min_digits": "1",
>   "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
>   "kdc_create_attributes": "",
>   "admin_server_host": "levas-45007-1.c.pramod-thangali.internal:88",
>   "password_min_lowercase_letters": "1",
>   "container_dn": "",
>   "password_length": "20",
>   "case_insensitive_username_rules": "false",
>   "manage_identities": "true",
>   "service_check_principal_name": "${cluster_name}-${short_date}",
>   "kdc_host": "levas-45007-1.c.pramod-thangali.internal:88",
>   "ad_create_attributes_template": "\n{\n  \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n  \"cn\": \"$principal_name\",\n  #if( $is_service )\n  \"servicePrincipalName\": \"$principal_name\",\n  #end\n  \"userPrincipalName\": \"$normalized_principal\",\n  \"unicodePwd\": \"$password\",\n  \"accountExpires\": \"0\",\n  \"userAccountControl\": \"66048\"\n}",
>   "install_packages": "true",
>   "realm": "EXAMPLE.COM",
>   "ldap_url": "",
>   "executable_search_paths": "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin"
> }
> {code}
> {code:title=Javascript Error}
> Uncaught TypeError: Cannot read property 'get' of undefined
> App.MainServiceInfoConfigsController.Em.Controller.extend.prepareConfigObjects @ app.js:22525
> App.MainServiceInfoConfigsController.Em.Controller.extend.parseConfigData @ app.js:22490
> App.ConfigsLoader.Em.Mixin.create.loadCurrentVersionsSuccess @ app.js:61506
> Em.Object.extend.send.opt.success @ app.js:154010
> f.Callbacks.o @ vendor.js:125
> f.Callbacks.p.fireWith @ vendor.js:125
> w @ vendor.js:127
> f.support.ajax.f.ajaxTransport.c.send.d @ vendor.js:127
> app.js:55160 App.componentConfigMapper execution time: 1.048ms
> {code}
> *Steps to reproduce*
> # Create cluster (Zookeeper-only is fine)
> # Enable Kerberos (any KDC, MIT KDC is fine)
> # Browse to Kerberos service configuration page
> # Change a value (maybe add or remove the port for the KDC server value)
> # Save the configuration
> # After view refreshes, the waiting icon appears and does not go away
> *Workaround*
> Manually add the {{kerberos-env/kdc-type}} property back to the current kerberos-env configuration.  The value must be either "mit-kdc" or "active-directory" and must be the correct one for the configuration.  Once this is done, Ambari should be restarted so that any cached configuration data is refreshed. 
> This can also be fixed using {{/var/lib/ambari-server/resources/scripts/configs.sh}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)