Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.0.0, 2.0.1, 2.1.0
Description
Oozie restart from Ambari rewrites oozie/conf/adminusers.txt
To support role separation for Kerberos, we need an additional line added to the end of this file.
The new line is:
oozie-admin
The new file should be generated as:
# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Users should be set using following rules: # # One user name per line # Empty lines and lines starting with '#' are ignored oozie oozie-admin
Solution
1. Replace
common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2
{{oozie_user}}
with
common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2
{% if oozie_admin_users %}
{% for oozie_admin_user in oozie_admin_users.split(',') %}
{{oozie_admin_user}}
{% endfor %}
{% endif %}
2. Add new property
common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml
<property>
<name>oozie_admin_users</name>
<value>oozie, oozie-admin</value>
<description>Oozie admin users.</description>
</property>
3. If the admin user list needs to change when enabling Kerberos, oozie-env/oozie_admin_users can be set in Oozie's Kerberos descriptor (kerberos.json).
Attachments
Attachments
Issue Links
- links to
