ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Commented] (AMBARI-10493) Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade
Date Wed, 15 Apr 2015 10:04:59 GMT


Robert Levas commented on AMBARI-10493:

To solve this issue, the user will need to run the Kerberos wizard and choose the manual option
which will effectively make Ambari aware of Kerberos on the cluster but remain pretty much
hands off.  However, some data is needed by Ambari to ensure none of the configurations get

This is coming for Ambari 2.1.  For 2.0, the cluster should work fine, but Ambari will not
really "know" that cluster is Kerberized. 

> Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade
> -----------------------------------------------------------------------
>                 Key: AMBARI-10493
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server, security
>    Affects Versions: 2.0.0
>         Environment: HDP 2.2.0
>            Reporter: Hari Sekhon
>            Priority: Critical
> After upgrading to Ambari 2.0 (from 1.7) it wants to manage Kerberos but it doesn't seem
to recognize the cluster as already kerberized, nor does it appear to have the capability
to just use the existing keytabs as we have historically done - it wants to redeploy them
from an MIT KDC as part of the enable kerberos process, which would obviously mess up my already
deployed kerberized cluster which is running off FreeIPA (which includes an MIT KDC in each
IPA server but isn't supported to be managed via kadmin interface).
> There doesn't seem to be an obvious way of getting Ambari to re-enable or recognize that
kerberos is deployed and the services are kerberized. The current configurations do seem to
still be intact with the kerberos config settings but Ambari does not recognize that Kerberos
is deployed and I'm concerned this is going to eventually mess up my existing cluster or deploy
new services without Kerberos.
> Hari Sekhon

This message was sent by Atlassian JIRA

View raw message