Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id D0F7C200AC0 for ; Mon, 9 May 2016 21:02:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id CF916160A0F; Mon, 9 May 2016 19:02:14 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id EEFD416099C for ; Mon, 9 May 2016 21:02:13 +0200 (CEST) Received: (qmail 86697 invoked by uid 500); 9 May 2016 19:02:13 -0000 Mailing-List: contact issues-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list issues@ambari.apache.org Received: (qmail 86686 invoked by uid 99); 9 May 2016 19:02:13 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 May 2016 19:02:13 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id EA7632C14F4 for ; Mon, 9 May 2016 19:02:12 +0000 (UTC) Date: Mon, 9 May 2016 19:02:12 +0000 (UTC) From: "Robert Levas (JIRA)" To: issues@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (AMBARI-16379) Devdeploy: The 'krb5-conf' configuration is not available MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 09 May 2016 19:02:15 -0000 Robert Levas created AMBARI-16379: ------------------------------------- Summary: Devdeploy: The 'krb5-conf' configuration is not avail= able Key: AMBARI-16379 URL: https://issues.apache.org/jira/browse/AMBARI-16379 Project: Ambari Issue Type: Bug Components: ambari-server Affects Versions: 2.4.0 Reporter: Robert Levas Assignee: Robert Levas Fix For: 2.4.0 Configuration is loaded: {code} 06 May 2016 10:52:11,998 INFO [qtp-ambari-client-26] ClusterImpl:346 - Ser= vice config types loaded: {KAFKA=3D[ranger-kafka-policymgr-ssl, kafka-log4j= , kafka-env, kafka-broker, ranger-kafka-security, ranger-kafka-plugin-prope= rties, ranger-kafka-audit], PIG=3D[pig-properties, pig-env, pig-log4j], ZEP= PELIN=3D[zeppelin-env, zeppelin-config], LOGSEARCH=3D[logsearch-service_log= s-solrconfig, logsearch-admin-json, logfeeder-log4j, logsearch-env, logsear= ch-solr-log4j, logfeeder-env, logsearch-audit_logs-solrconfig, logsearch-so= lr-env, logfeeder-properties, logsearch-properties, logsearch-log4j, logsea= rch-solr-client-log4j, logsearch-solr-xml], RANGER_KMS=3D[kms-properties, r= anger-kms-security, ranger-kms-site, kms-site, kms-env, dbks-site, ranger-k= ms-audit, ranger-kms-policymgr-ssl, kms-log4j], MAPREDUCE2=3D[mapred-site, = mapred-env], SLIDER=3D[slider-log4j, slider-env, slider-client], HIVE=3D[ll= ap-cli-log4j2, hive-interactive-site, hive-exec-log4j, hive-env, ranger-hiv= e-policymgr-ssl, tez-interactive-site, hive-site, hivemetastore-site, hive-= interactive-env, webhcat-env, ranger-hive-plugin-properties, webhcat-site, = hive-log4j, ranger-hive-audit, webhcat-log4j, hiveserver2-site, hcat-env, l= lap-daemon-log4j, ranger-hive-security], TEZ=3D[tez-env, tez-site], HBASE= =3D[ranger-hbase-security, hbase-env, hbase-policy, hbase-log4j, hbase-site= , ranger-hbase-policymgr-ssl, ranger-hbase-audit, ranger-hbase-plugin-prope= rties], RANGER=3D[admin-properties, tagsync-log4j, ranger-site, ranger-ugsy= nc-site, ranger-admin-site, ranger-tagsync-site, usersync-log4j, tagsync-ap= plication-properties, usersync-properties, admin-log4j, ranger-env], OOZIE= =3D[oozie-log4j, oozie-env, oozie-site], FLUME=3D[flume-env, flume-conf], M= AHOUT=3D[mahout-log4j, mahout-env], HDFS=3D[ssl-server, hdfs-log4j, ranger-= hdfs-audit, ranger-hdfs-plugin-properties, ssl-client, hdfs-site, ranger-hd= fs-policymgr-ssl, ranger-hdfs-security, hadoop-policy, hadoop-env, core-sit= e], AMBARI_METRICS=3D[ams-ssl-client, ams-ssl-server, ams-hbase-log4j, ams-= grafana-env, ams-hbase-policy, ams-hbase-security-site, ams-hbase-env, ams-= env, ams-grafana-ini, ams-log4j, ams-site, ams-hbase-site], SPARK=3D[spark-= thrift-fairscheduler, spark-thrift-sparkconf, spark-log4j-properties, spark= -defaults, spark-metrics-properties, spark-hive-site-override, spark-env], = SMARTSENSE=3D[hst-log4j, hst-server-conf, hst-common-conf, capture-levels, = hst-agent-conf, anonymization-rules], YARN=3D[ranger-yarn-policymgr-ssl, ya= rn-site, ranger-yarn-audit, ranger-yarn-security, ranger-yarn-plugin-proper= ties, yarn-env, capacity-scheduler, yarn-log4j], FALCON=3D[falcon-startup.p= roperties, falcon-runtime.properties, falcon-env], SQOOP=3D[sqoop-site, sqo= op-env], ZOOKEEPER=3D[zoo.cfg, zookeeper-env, zookeeper-log4j], STORM=3D[ra= nger-storm-plugin-properties, storm-site, ranger-storm-audit, storm-cluster= -log4j, storm-worker-log4j, ranger-storm-policymgr-ssl, ranger-storm-securi= ty, storm-env], ATLAS=3D[atlas-hbase-site, atlas-log4j, atlas-env, applicat= ion-properties], GANGLIA=3D[ganglia-env], KNOX=3D[knoxsso-topology, ranger-= knox-security, users-ldif, knox-env, ranger-knox-plugin-properties, gateway= -site, gateway-log4j, ranger-knox-policymgr-ssl, ranger-knox-audit, topolog= y, admin-topology, ldap-log4j], KERBEROS=3D[kerberos-env, krb5-conf], ACCUM= ULO=3D[accumulo-log4j, accumulo-env, client, accumulo-site]} {code} But:=20 {noformat} 06 May 2016 12:43:46,050 ERROR [qtp-ambari-client-171] AbstractResourceProv= ider:314 - Caught AmbariException when getting a resource org.apache.ambari.server.AmbariException: The 'krb5-conf' configuration is = not available =09at org.apache.ambari.server.controller.KerberosHelperImpl.getKerberosDet= ails(KerberosHelperImpl.java:1903) =09at org.apache.ambari.server.controller.KerberosHelperImpl.addAmbariServe= rIdentity(KerberosHelperImpl.java:1364) =09at org.apache.ambari.server.controller.KerberosHelperImpl.getActiveIdent= ities(KerberosHelperImpl.java:1283) =09at org.apache.ambari.server.controller.internal.HostKerberosIdentityReso= urceProvider$GetResourcesCommand.invoke(HostKerberosIdentityResourceProvide= r.java:163) =09at org.apache.ambari.server.controller.internal.HostKerberosIdentityReso= urceProvider$GetResourcesCommand.invoke(HostKerberosIdentityResourceProvide= r.java:145) =09at org.apache.ambari.server.controller.internal.AbstractResourceProvider= .getResources(AbstractResourceProvider.java:307) =09at org.apache.ambari.server.controller.internal.HostKerberosIdentityReso= urceProvider.getResources(HostKerberosIdentityResourceProvider.java:134) =09at org.apache.ambari.server.controller.internal.ClusterControllerImpl$Ex= tendedResourceProviderWrapper.queryForResources(ClusterControllerImpl.java:= 966) =09at org.apache.ambari.server.controller.internal.ClusterControllerImpl.ge= tResources(ClusterControllerImpl.java:141) =09at org.apache.ambari.server.api.query.QueryImpl.doQuery(QueryImpl.java:5= 12) =09at org.apache.ambari.server.api.query.QueryImpl.queryForSubResources(Que= ryImpl.java:464) =09at org.apache.ambari.server.api.query.QueryImpl.queryForResources(QueryI= mpl.java:437) =09at org.apache.ambari.server.api.query.QueryImpl.execute(QueryImpl.java:2= 17) =09at org.apache.ambari.server.api.handlers.ReadHandler.handleRequest(ReadH= andler.java:69) =09at org.apache.ambari.server.api.services.BaseRequest.process(BaseRequest= .java:145) =09at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseS= ervice.java:126) =09at org.apache.ambari.server.api.services.BaseService.handleRequest(BaseS= ervice.java:90) =09at org.apache.ambari.server.api.services.HostService.getHost(HostService= .java:80) =09at sun.reflect.GeneratedMethodAccessor205.invoke(Unknown Source) =09at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces= sorImpl.java:43) =09at java.lang.reflect.Method.invoke(Method.java:606) =09at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMe= thodInvokerFactory.java:60) {noformat} *Cause* This is caused in the {{org.apache.ambari.server.controller.internal.HostKe= rberosIdentityResourceProvider}} when the relevant host is the host where t= he Ambari server is installed and Kerberos is *_not_* enabled. =20 When querying information about a host via {{GET /api/v1/clusters/CLUSTERNA= ME/hosts/HOSTNAME}}, the relevant Kerberos identities for that host are gen= erated. This happens whether Kerberos is enabled or not. If the host is t= he host where the Ambari server is installed, than code is invoked to calcu= late the Ambari server's Kerberos identity. In this code, the Kerberos-spe= cific configurations are retrieved. If Kerberos is not enabled, these confi= gurations will not be available and thus the error, "The 'krb5-conf' config= uration is not available", is encountered.=20 *Solution* There are several possible solutions to this: # Stop calculating the Kerberos identities when Kerberos is not enabled # Protect access to the Kerberos configurations and set default values for = needed configuration properties If we stop calculating the Kerberos identities when Kerberos is not enabled= , then there will be no way to query Ambari for what Kerberos identities ar= e expected once the cluster is Kerberized. If we provide default values for the missing Kerberos properties, we need t= o set a default for {{kerberos-env/create_ambari_principal}}. The default = value for this in the stack definition is {{true}}. The best solution appears to be #2 and set a default value for {{kerberos-e= nv/create_ambari_principal}} to be {{true}}. -- This message was sent by Atlassian JIRA (v6.3.4#6332)