ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-12180) Enabling Kerberos on cluster with AMS and no HDFS fails
Date Sat, 27 Jun 2015 11:09:04 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-12180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-12180:
----------------------------------
    Attachment: AMBARI-12180_01.patch

> Enabling Kerberos on cluster with AMS and no HDFS fails
> -------------------------------------------------------
>
>                 Key: AMBARI-12180
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12180
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos, kerberos_descriptor
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-12180_01.patch
>
>
> In a cluster where AMS is installed but HDFS is _not_ installed, enabling Kerberos fails
due to the inability for the server-side Kerberos logic to replace ${hadoop-env/hdfs_user}
when generating the metadata used to create principals and distribute keytab files.
> This condition yields the following principal (when the cluster name is AMSNOHDFS and
the realm is EXAMPLE.COM)
> {noformat}
>     $\{hadoop-env/hdfs_user\}-AMSNOHDFS@EXAMPLE.COM
> {noformat}
> This is successfully created in the (MIT) KDC. Also, the relative keytab file appears
to have been successfully created as well.
> However, when distributing the keytab file and setting the ownership attributes, the
agent-side script fails with 
> {code}
> Traceback (most recent call last):
>   File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
line 77, in <module>
>     KerberosClient().execute()
>   File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
line 216, in execute
>     method(env)
>   File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
line 67, in set_keytab
>     self.write_keytab_file()
>   File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py",
line 397, in write_keytab_file
>     group=group)
>   File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 157,
in __init__
>     self.env.run()
>   File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line
152, in run
>     self.run_action(resource, action)
>   File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line
118, in run_action
>     provider_action()
>   File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 108, in action_create
>     self.resource.group, mode=self.resource.mode, cd_access=self.resource.cd_access)
>   File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 44, in _ensure_metadata
>     _user_entity = pwd.getpwnam(user)
> KeyError: 'getpwnam(): name not found: $\{hadoop-env/hdfs_user\}'
> {code}
> *NOTE: \ needed to be added to the hadoop-env/hdfs_user placeholder due to formatting
issue*
> * Solution: 
> Remove the HDFS identity reference in AMS and assume the hdfs keytab file will be on
the appropriate host(s) when HDFS is installed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message