Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1FA1417D2C for ; Wed, 11 Feb 2015 18:39:34 +0000 (UTC) Received: (qmail 76218 invoked by uid 500); 11 Feb 2015 18:39:12 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 76181 invoked by uid 500); 11 Feb 2015 18:39:12 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 76166 invoked by uid 99); 11 Feb 2015 18:39:11 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2015 18:39:11 +0000 Date: Wed, 11 Feb 2015 18:39:11 +0000 (UTC) From: "Rishi Pidva (JIRA)" To: dev@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (AMBARI-9098) Cannot install new secure services to existing secure HDFS cluster MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMBARI-9098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14316734#comment-14316734 ] Rishi Pidva commented on AMBARI-9098: ------------------------------------- This patch is not for trunk but based on 1.7.0 branch. Kerberos support has changed in trunk so it will not be directly applicable. However, some of the issues around "Add Service" will need to be evaluated on trunk as well. > Cannot install new secure services to existing secure HDFS cluster > ------------------------------------------------------------------ > > Key: AMBARI-9098 > URL: https://issues.apache.org/jira/browse/AMBARI-9098 > Project: Ambari > Issue Type: Bug > Components: ambari-agent, ambari-web > Affects Versions: 1.7.0 > Reporter: Jimmy Da > Assignee: Rishi Pidva > Fix For: 1.7.0 > > Attachments: AMBARI-9098-v1.patch > > > hadoop.security.auth_to_local in core-site is overwritten to null when installing new service to a secure cluster > 1. Setup secure HDFS cluster with services (HDFS, MR2, YARN, ZooKeeper) and Kerberos > 2. Configure secure user for Oozie (or any other secure service) - create user+setup keytab > 3. Install Oozie via Ambari UI --> FAIL > FATAL namenode.NameNode (NameNode.java:main(1400)) - Exception in namenode join > java.lang.IllegalArgumentException: Invalid rule: null > 4. Check hadoop.security.auth_to_local property in HDFS configurations under Advanced core-site, see null instead of "RULE:..." > --------------------------------------------- > The core-site overwrite is happening in ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/after-INSTALL/scripts/shared_initialization.py, when I commented out the lines, it works again, but I'm sure there's a reason the check and rewrite is there > Thanks! -- This message was sent by Atlassian JIRA (v6.3.4#6332)