ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <>
Subject [jira] [Commented] (AMBARI-14961) Ambari overwrites auth_to_local rules in core-site.xml
Date Mon, 08 Feb 2016 20:05:39 GMT


Hadoop QA commented on AMBARI-14961:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results:
Console output:

This message is automatically generated.

> Ambari overwrites auth_to_local rules in core-site.xml
> ------------------------------------------------------
>                 Key: AMBARI-14961
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>             Fix For: 2.2.2
>         Attachments: AMBARI-14961.patch
> As part of the kerberization process, a specific auth_to_local ruleset is used.
> The customer uses the "Manual" method of Kerbrizing their clusters. The addition of the
custom auth_to_local rules is added as a step in the process.
> We found that during certain operations (such as moving the NameNode using the Ambari
wizard), many services such as HDFS fail to restart.  Upon examination of the failure it was
revealed that Ambari is overwriting / modifying the custom auth_to_local rules to something
completely different.   The change is getting pushed to the nodes and the services fail to
start up.
> 1) Secure the cluster using the "Manual" process as outlined in the Ambari documentation.
> 2) Add the custom auth_to_local rules after the cluster is kerberized.
> 3) Attempt to peform an operation such as moving a NameNode.
> Whenever services try to start / restart they fail.  The logs from the respective services
show failures pointing to incorrect auth_to_local settings.
> auth_to_local rules do not get modified or overwritten by ambari.
> Depending on the failure, we have been able to work around it doing one of two things:
> 1) Manually edit the core-site.xml where the service failed to start and start the service
from the command line.
> 2) Go back into the Ambari UI, fix the auth_to_local rules, save the config, then restart
the respective services.

This message was sent by Atlassian JIRA

View raw message