Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Date: Mon, 8 Feb 2016 20:05:39 +0000 (UTC)
From: "Hadoop QA (JIRA)" <jira@apache.org>
To: dev@ambari.apache.org
Message-ID: <JIRA.12937589.1454954127000.331763.1454961939904@Atlassian.JIRA>
In-Reply-To: <JIRA.12937589.1454954127000@Atlassian.JIRA>
References: <JIRA.12937589.1454954127000@Atlassian.JIRA>
 <JIRA.12937589.1454954127781@arcas>
Subject: [jira] [Commented] (AMBARI-14961) Ambari overwrites auth_to_local
 rules in core-site.xml
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/AMBARI-14961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15137579#comment-15137579 ] 

Hadoop QA commented on AMBARI-14961:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12786850/AMBARI-14961.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified tests.
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/5263//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/5263//console

This message is automatically generated.

> Ambari overwrites auth_to_local rules in core-site.xml
> ------------------------------------------------------
>
>                 Key: AMBARI-14961
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14961
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>             Fix For: 2.2.2
>
>         Attachments: AMBARI-14961.patch
>
>
> As part of the kerberization process, a specific auth_to_local ruleset is used.
> The customer uses the "Manual" method of Kerbrizing their clusters. The addition of the custom auth_to_local rules is added as a step in the process.
> We found that during certain operations (such as moving the NameNode using the Ambari wizard), many services such as HDFS fail to restart.  Upon examination of the failure it was revealed that Ambari is overwriting / modifying the custom auth_to_local rules to something completely different.   The change is getting pushed to the nodes and the services fail to start up.
> 1) Secure the cluster using the "Manual" process as outlined in the Ambari documentation.
> 2) Add the custom auth_to_local rules after the cluster is kerberized.
> 3) Attempt to peform an operation such as moving a NameNode.
> Whenever services try to start / restart they fail.  The logs from the respective services show failures pointing to incorrect auth_to_local settings.
> auth_to_local rules do not get modified or overwritten by ambari.
> Depending on the failure, we have been able to work around it doing one of two things:
> 1) Manually edit the core-site.xml where the service failed to start and start the service from the command line.
> 2) Go back into the Ambari UI, fix the auth_to_local rules, save the config, then restart the respective services.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)