Bigtop
  1. Bigtop
  2. BIGTOP-530

[puppet] We currently xst the HTTP principal multiple times, each time invalidating the previous one

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 0.4.0
    • Fix Version/s: 0.4.0
    • Component/s: deployment
    • Labels:
      None

      Description

      The HTTP principal is required for SPNEGO, so we now generate it and then include it in all of the service keytabs. Unfortunately, we add it to these keytabs using kadmin's xst command, which generates a new set of credentials for the HTTP principal and invalidates the old ones. A more correct approach would be to export the credential once and then inject it into the service keytabs using ktutil (though that doesn't change the fact that the way we get the service keytabs onto the hadoop nodes is insecure). Attaching a patch that implements this approach.

      1. patch.txt
        5 kB
        Patrick Taylor Ramsey

        Activity

        Patrick Taylor Ramsey created issue -
        Patrick Taylor Ramsey made changes -
        Field Original Value New Value
        Attachment patch.txt [ 12522631 ]
        Patrick Taylor Ramsey made changes -
        Assignee Patrick Taylor Ramsey [ ptr ]
        Affects Version/s 0.4.0 [ 12318889 ]
        Component/s Deployment [ 12316810 ]
        Patrick Taylor Ramsey made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Patrick Taylor Ramsey made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Roman Shaposhnik made changes -
        Fix Version/s 0.4.0 [ 12318889 ]
        Gavin made changes -
        Workflow no-reopen-closed, patch-avail [ 12662405 ] patch-available, re-open possible [ 12666025 ]
        Roman Shaposhnik made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Patrick Taylor Ramsey
            Reporter:
            Patrick Taylor Ramsey
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development