ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hari Sekhon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-10493) Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade
Date Wed, 29 Apr 2015 10:17:06 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-10493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14519088#comment-14519088
] 

Hari Sekhon commented on AMBARI-10493:
--------------------------------------

Fyi I worked around this by just configuring the service and kerberos manually.

> Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade
> -----------------------------------------------------------------------
>
>                 Key: AMBARI-10493
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10493
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server, security
>    Affects Versions: 2.0.0
>         Environment: HDP 2.2.0
>            Reporter: Hari Sekhon
>            Priority: Critical
>
> After upgrading to Ambari 2.0 (from 1.7) it wants to manage Kerberos but it doesn't seem
to recognize the cluster as already kerberized, nor does it appear to have the capability
to just use the existing keytabs as we have historically done - it wants to redeploy them
from an MIT KDC as part of the enable kerberos process, which would obviously mess up my already
deployed kerberized cluster which is running off FreeIPA (which includes an MIT KDC in each
IPA server but isn't supported to be managed via kadmin interface).
> There doesn't seem to be an obvious way of getting Ambari to re-enable or recognize that
kerberos is deployed and the services are kerberized. The current configurations do seem to
still be intact with the kerberos config settings but Ambari does not recognize that Kerberos
is deployed and I'm concerned this is going to eventually mess up my existing cluster or deploy
new services without Kerberos.
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message