Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-16717

Knox Gateway Uses Wrong Keystore After Upgrade

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.1.0
    • 2.4.0
    • ambari-server
    • None

    Description

      When upgrading Knox, the data directory and its security artifacts are not copied over to the "versioned" data directory. This causes the gateway.jks keystore to be automatically re-generated. If the installation was using a custom keystore/certificate, then this will cause connections to be rejected after a successful startup.

      Knox 2.2 -> 2.3.0.0
      /usr/hdp/current/knox-server/data -> /var/lib/knox/data
      Knox 2.3.2.0+
      /usr/hdp/current/knox-server/data -> /var/lib/knox/data-2.3.2.0-1234

      As a result, after upgrading the /var/lib/knox/data-2.3.2.0-1234 does not contain any of the security artifacts from the prior version.

      Attachments

        1. AMBARI-16717.patch
          49 kB
          Jonathan Hurley

        Issue Links

          links to

          Web Link Reviewboard

          Activity

            People

              jonathanhurley Jonathan Hurley
              jonathanhurley Jonathan Hurley
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: