Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Content-Type: multipart/alternative;
 boundary="===============9037916445418984424=="
MIME-Version: 1.0
Subject: Review Request 33974: Kerberos: Keytab files are not distributed
 during add host if a retry is necessary during installation
From: "Emil Anca" <eanca@hortonworks.com>
To: "Robert Levas" <rlevas@hortonworks.com>,
 "Vitalyi Brodetskyi" <vbrodetskyi@hortonworks.com>
Cc: "Emil Anca" <eanca@hortonworks.com>, "Ambari" <dev@ambari.apache.org>
Date: Fri, 08 May 2015 11:31:24 -0000
Message-ID: <20150508113124.1563.40384@reviews.apache.org>
Auto-Submitted: auto-generated
Sender: "Emil Anca" <noreply@reviews.apache.org>
Reply-To: "Emil Anca" <eanca@hortonworks.com>

--===============9037916445418984424==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33974/
-----------------------------------------------------------

Review request for Ambari, Robert Levas and Vitalyi Brodetskyi.


Bugs: AMBARI-11022
    https://issues.apache.org/jira/browse/AMBARI-11022


Repository: ambari


Description
-------

When adding a new host to a cluster where Kerberos is enabled and the installation of the new components fails, upon retry the keytabs are not distributed to the host after successfully installing the components. Note: the new identities were not created either.
Workaround
To recover from this, the missing keytabs can be regenerated using the Regenerate Keytabs feature with the missing only option specified. The component can then be started successfully.
Steps to reproduce
Create cluster (can be small, one node with only HDFS and Zookeeper)
Enable Kerberos
Add new host with only DataNode (no clients, only to make the failure happen quicker)
While the relevant hadoop packages are being installed, kill the package manger (i.e., yum, zypper, etc...)
The installation of the component will fail and the retry button will be available
Click the retry button and allow the installation to complete
Startup of the Datanode component will fail due to missing keytab
2015-03-21 01:43:47,911 FATAL datanode.DataNode (DataNode.java:secureMain(2385)) - Exception in secureMain
java.io.IOException: Login failure for dn/c6504.ambari.apache.org@EXAMPLE.COM from keytab /etc/security/keytabs/dn.service.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
Note: Error indicates a keytab file was found but wrong password, this isn't the case since the keytab file was not on the host.


Problem: If components installation fails and a retry is performed, the Kerberos related component configuration is skipped on a sequential attempts;
Solution: Components transitioning from INSTALL_FAILED->INSTALLED state should also be taken into account.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 7b77bfa 

Diff: https://reviews.apache.org/r/33974/diff/


Testing
-------

mvn clean test -pl ambari-server

Total run:765
Total errors:0
Total failures:0
OK
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47:47.894s
[INFO] Finished at: Thu May 07 19:13:42 EEST 2015
[INFO] Final Memory: 47M/507M
[INFO] ------------------------------------------------------------------------


Thanks,

Emil Anca


--===============9037916445418984424==--