ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-12180) Enabling Kerberos on cluster with AMS and no HDFS fails
Date Sun, 28 Jun 2015 12:24:04 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-12180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14604654#comment-14604654
] 

Hudson commented on AMBARI-12180:
---------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #3023 (See [https://builds.apache.org/job/Ambari-trunk-Commit/3023/])
AMBARI-12180. Enabling Kerberos on cluster with AMS and no HDFS fails (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=64064c3f22d526855e1f2bfeaf3c67f203900866)
* ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json


> Enabling Kerberos on cluster with AMS and no HDFS fails
> -------------------------------------------------------
>
>                 Key: AMBARI-12180
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12180
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos, kerberos_descriptor
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-12180_01.patch
>
>
> In a cluster where AMS is installed but HDFS is _not_ installed, enabling Kerberos fails
due to the inability for the server-side Kerberos logic to replace ${hadoop-env/hdfs_user}
when generating the metadata used to create principals and distribute keytab files.
> This condition yields the following principal (when the cluster name is AMSNOHDFS and
the realm is EXAMPLE.COM)
> {noformat}
>     $\{hadoop-env/hdfs_user\}-AMSNOHDFS@EXAMPLE.COM
> {noformat}
> This is successfully created in the (MIT) KDC. Also, the relative keytab file appears
to have been successfully created as well.
> However, when distributing the keytab file and setting the ownership attributes, the
agent-side script fails with 
> {code}
> Traceback (most recent call last):
>   File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
line 77, in <module>
>     KerberosClient().execute()
>   File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
line 216, in execute
>     method(env)
>   File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
line 67, in set_keytab
>     self.write_keytab_file()
>   File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py",
line 397, in write_keytab_file
>     group=group)
>   File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 157,
in __init__
>     self.env.run()
>   File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line
152, in run
>     self.run_action(resource, action)
>   File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line
118, in run_action
>     provider_action()
>   File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 108, in action_create
>     self.resource.group, mode=self.resource.mode, cd_access=self.resource.cd_access)
>   File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 44, in _ensure_metadata
>     _user_entity = pwd.getpwnam(user)
> KeyError: 'getpwnam(): name not found: $\{hadoop-env/hdfs_user\}'
> {code}
> *NOTE: \ needed to be added to the hadoop-env/hdfs_user placeholder due to formatting
issue*
> *Solution:* 
> Remove the HDFS identity reference in AMS and assume the hdfs keytab file will be on
the appropriate host(s) when HDFS is installed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message