ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rishi Pidva (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-9098) Cannot install new secure services to existing secure HDFS cluster
Date Wed, 11 Feb 2015 18:39:11 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-9098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14316734#comment-14316734
] 

Rishi Pidva commented on AMBARI-9098:
-------------------------------------

This patch is not for trunk but based on 1.7.0 branch. Kerberos support has changed in trunk
so it will not be directly applicable. However, some of the issues around "Add Service" will
need to be evaluated on trunk as well.

> Cannot install new secure services to existing secure HDFS cluster
> ------------------------------------------------------------------
>
>                 Key: AMBARI-9098
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9098
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-web
>    Affects Versions: 1.7.0
>            Reporter: Jimmy Da
>            Assignee: Rishi Pidva
>             Fix For: 1.7.0
>
>         Attachments: AMBARI-9098-v1.patch
>
>
> hadoop.security.auth_to_local in core-site is overwritten to null when installing new
service to a secure cluster
> 1. Setup secure HDFS cluster with services (HDFS, MR2, YARN, ZooKeeper) and Kerberos
> 2. Configure secure user for Oozie (or any other secure service) - create user+setup
keytab
> 3. Install Oozie via Ambari UI --> FAIL
>     FATAL namenode.NameNode (NameNode.java:main(1400)) - Exception in namenode join
>     java.lang.IllegalArgumentException: Invalid rule: null
> 4. Check hadoop.security.auth_to_local property in HDFS configurations under Advanced
core-site, see null instead of "RULE:..."
> ---------------------------------------------
> The core-site overwrite is happening in ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/after-INSTALL/scripts/shared_initialization.py,
when I commented out the lines, it works again, but I'm sure there's a reason the check and
rewrite is there
> Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message