Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-2972

Server goes inconsistent when prepare war called with secure without SSL

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 4.3.0
    • None
    • security
    • None

    Description

      When prepare-war with secure is called by some user by mistake on a Oozie Server which is not configured with SSL causes inconsistent state. Oozie Server runs fine but the oozie clients are failed with Authentication failure status 302. Checking curl verbose, Oozie Server redirects client to https port even though it is not listening. We need to validate the prepare-war command when SSL is not configured instead of going to inconsistent state.

      Repro:

      Oozie Server without SSL

/usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure

Start Oozie Server

 curl -ikv -L --negotiate -u: http://prabhuzeppelin2.openstacklocal:11000/oozie/v1/admin/status
* About to connect() to prabhuzeppelin2.openstacklocal port 11000 (#0)
*   Trying 172.26.93.73... connected
* Connected to prabhuzeppelin2.openstacklocal (172.26.93.73) port 11000 (#0)
> GET /oozie/v1/admin/status HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: prabhuzeppelin2.openstacklocal:11000
> Accept: */*
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Pragma: No-cache
Pragma: No-cache
< Cache-Control: no-cache
Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
Location: https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status
< Content-Length: 0
Content-Length: 0
< Date: Tue, 27 Jun 2017 11:05:45 GMT
Date: Tue, 27 Jun 2017 11:05:45 GMT

< 
* Connection #0 to host prabhuzeppelin2.openstacklocal left intact
* Issue another request to this URL: 'https://prabhuzeppelin2.openstacklocal:11443/oozie/v1/admin/status'
* About to connect() to prabhuzeppelin2.openstacklocal port 11443 (#1)
*   Trying 172.26.93.73... Connection refused
* couldn't connect to host
* Closing connection #1
curl: (7) couldn't connect to host
* Closing connection #0

      Attachments

        Activity

          People

            Unassigned Unassigned
            prabhujoseph Prabhu Joseph
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: