[AMBARI-9020] Ambari agent script should not kinit with Oozie service credentials on behalf of the Oozie service - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: stacks
Labels:
- kerberos
- oozie
- security
- stack

Description

Ambari agent script should not kinit with Oozie service credentials on behalf of the Oozie service.

This is occurring in

oozie_service.py (around line 26)

  kinit_if_needed = format("{kinit_path_local} -kt {oozie_keytab} {oozie_principal};") if params.security_enabled else ""

oozie_service.py (around line 40)

    cmd2 =  format("{kinit_if_needed} {put_shared_lib_to_hdfs_cmd} ; hadoop --config {hadoop_conf_dir} dfs -chmod -R 755 {oozie_hdfs_user_dir}/share")

oozie_service.py (around line 60)

    Execute( cmd2,
      user = params.oozie_user,
      not_if = format("{kinit_if_needed} hadoop --config {hadoop_conf_dir} dfs -ls /user/oozie/share | awk 'BEGIN {{count=0;}} /share/ {{count++}} END {{if (count > 0) {{exit 0}} else {{exit 1}}}}'"),
      path = params.execute_path
    )

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Jan/15 11:01

Updated:: 18/Mar/15 01:39

Resolved:: 18/Mar/15 01:39