Bigtop
  1. Bigtop
  2. BIGTOP-530

[puppet] We currently xst the HTTP principal multiple times, each time invalidating the previous one

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 0.4.0
    • Fix Version/s: 0.4.0
    • Component/s: deployment
    • Labels:
      None

      Description

      The HTTP principal is required for SPNEGO, so we now generate it and then include it in all of the service keytabs. Unfortunately, we add it to these keytabs using kadmin's xst command, which generates a new set of credentials for the HTTP principal and invalidates the old ones. A more correct approach would be to export the credential once and then inject it into the service keytabs using ktutil (though that doesn't change the fact that the way we get the service keytabs onto the hadoop nodes is insecure). Attaching a patch that implements this approach.

      1. patch.txt
        5 kB
        Patrick Taylor Ramsey

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Patch Available Patch Available
        11m 30s 1 Patrick Taylor Ramsey 13/Apr/12 23:30
        Patch Available Patch Available Resolved Resolved
        3d 2h 14m 1 Patrick Taylor Ramsey 17/Apr/12 01:45
        Resolved Resolved Closed Closed
        430d 23h 9m 1 Roman Shaposhnik 22/Jun/13 00:55
        Roman Shaposhnik made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Gavin made changes -
        Workflow no-reopen-closed, patch-avail [ 12662405 ] patch-available, re-open possible [ 12666025 ]
        Roman Shaposhnik made changes -
        Fix Version/s 0.4.0 [ 12318889 ]
        Patrick Taylor Ramsey made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Patrick Taylor Ramsey added a comment -

        Committed

        Show
        Patrick Taylor Ramsey added a comment - Committed
        Hide
        Peter Linnell added a comment -

        +1 LGTM

        Show
        Peter Linnell added a comment - +1 LGTM
        Patrick Taylor Ramsey made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Patrick Taylor Ramsey made changes -
        Assignee Patrick Taylor Ramsey [ ptr ]
        Affects Version/s 0.4.0 [ 12318889 ]
        Component/s Deployment [ 12316810 ]
        Patrick Taylor Ramsey made changes -
        Field Original Value New Value
        Attachment patch.txt [ 12522631 ]
        Patrick Taylor Ramsey created issue -

          People

          • Assignee:
            Patrick Taylor Ramsey
            Reporter:
            Patrick Taylor Ramsey
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development