ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emil Anca (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-11022) Kerberos: Keytab files are not distributed during add host if a retry is necessary during installation
Date Fri, 08 May 2015 11:25:59 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-11022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emil Anca updated AMBARI-11022:
-------------------------------
    Attachment: AMBARI-11022_01.patch

> Kerberos: Keytab files are not distributed during add host if a retry is necessary during
installation
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-11022
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11022
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Emil Anca
>            Assignee: Emil Anca
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11022_01.patch
>
>
> When adding a new host to a cluster where Kerberos is enabled and the installation of
the new components fails, upon retry the keytabs are not distributed to the host after successfully
installing the components.  _Note:  the new identities were not created either_.
> *Workaround*
> To recover from this, the missing keytabs can be regenerated using the _Regenerate Keytabs_
feature with the _missing only_ option specified. The component can then be started successfully.
> *Steps to reproduce*
> # Create cluster (can be small, one node with only HDFS and Zookeeper)
> # Enable Kerberos
> # Add new host with only DataNode (no clients, only to make the failure happen quicker)
> # While the relevant hadoop packages are being installed, kill the package manger (i.e.,
yum, zypper, etc...)
> # The installation of the component will fail and the retry button will be available
> # Click the retry button and allow the installation to complete
> # Startup of the Datanode component will fail due to missing keytab
> {code}
> 2015-03-21 01:43:47,911 FATAL datanode.DataNode (DataNode.java:secureMain(2385)) - Exception
in secureMain
> java.io.IOException: Login failure for dn/c6504.ambari.apache.org@EXAMPLE.COM from keytab
/etc/security/keytabs/dn.service.keytab: javax.security.auth.login.LoginException: Unable
to obtain password from user
> {code}
> _Note: Error indicates a keytab file was found but wrong password, this isn't the case
since the keytab file was not on the host._



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message