Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-18804

Manage Ambari principals should be set to off when upgrading Ambari from versions < 2.4.0

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.4.0
    • 2.4.2
    • ambari-server
    • None

    Description

      Since users would have manually set up the Ambari principal after enabling Kerberos using ambari-server setup-security option #3 ("Setup Ambari kerberos JAAS configuration") in Ambari versions before 2.4.0, there is no need to configure Ambari to automatically manage its principals after an upgrade to version 2.4.0 and above.

      Therefore, upon upgrade to Ambari 2.4.0 or above, the upgrade process (in UpgradeCatalog240) should ensure that "kerberos-env/create_ambari_principal}} is set to "false". By default this value will be set to "true" after org.apache.ambari.server.upgrade.AbstractUpgradeCatalog#addNewConfigurationsFromXml is executed.

      Note: This may have an effect on Ambari versions 2.4.2 and above if Kerberos authentication is enabled and the SPNEGO (HTTP/_HOST) principal and keytab file is already created and installed.

      Attachments

        1. AMBARI-18804_branch-2.4_01.patch
          6 kB
          Robert Levas
        2. AMBARI-18804_branch-2.5_01.patch
          6 kB
          Robert Levas
        3. AMBARI-18804_trunk_01.patch
          6 kB
          Robert Levas

        Issue Links

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: