ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Levas <rle...@hortonworks.com>
Subject Re: can not start service after kerberos
Date Fri, 04 Mar 2016 13:15:18 GMT
Hi Fay…

The REST API call to set the KDC administrator credentials is to use the /api/v1/clusters/$CLUSTER_NAME
 entry point, not the /api/v1/clusters/$CLUSTER_NAME/service entry point.  So you need to
make 2 API calls – one to set the credentials and one to start the services. Ideally you
should set the cookie files for curl to ensure you use the same session – but that may not
be necessary depending on the version of Ambari you are using. To set the cookie files for
curl, use

-b <path to cookie file> -c <path to cookie file>

For example:

curl -c /tmp/cookies.txt -b /tmp/cookies.txt -k  -H 'X-Requested-By:ambari' -u admin:$ADMINPASS
–i –X PUT –d @/tmp/set_credentials.json  $AMBARI_SERVER_HOST_PORT/api/v1/clusters/$CLUSTER_NAME

curl -c /tmp/cookies.txt -b /tmp/cookies.txt -k  -H 'X-Requested-By:ambari' -u admin:$ADMINPASS
-i -X PUT -d '{"ServiceInfo": {"state" : "STARTED"}}' $AMBARI_SERVER_HOST_PORT/api/v1/clusters/$CLUSTER_NAME/services

I hope this helps,

Rob



From: Fay Wang <faywang300@yahoo.com<mailto:faywang300@yahoo.com>>
Reply-To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>,
Fay Wang <faywang300@yahoo.com<mailto:faywang300@yahoo.com>>
Date: Thursday, March 3, 2016 at 4:05 PM
To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>>
Subject: can not start service after kerberos

Hi,
    We got a very weird problem and desparetely need help!
    We want to start services after kerberos is enabled. The following API failed with "Missing
KDC administrator credentials":

(1) curl -k  -H 'X-Requested-By:ambari' -u admin:$ADMINPASS -i -X PUT -d '{"ServiceInfo":
{"state" : "STARTED"}}' $AMBARI_SERVER_HOST_PORT/api/v1/clusters/$CLUSTER_NAME/services

HTTP/1.1 400 Bad Request
User: admin
Set-Cookie: AMBARISESSIONID=1shytw5f5fos61st0se0xmh2di;Path=/;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 460
Server: Jetty(8.1.17.v20150415)

{
  "status" : 400,
  "message" : "java.lang.IllegalArgumentException: Missing KDC administrator credentials.\nThe
KDC administrator credentials must be set in session by updating the relevant Cluster resource.This
may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the
following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\"
: \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"

(2) We then provided KDC administrator credential:

curl -k  -H 'X-Requested-By:ambari' -u admin:$ADMINPASS -i -X PUT -d @/tmp/start_services.json
 $AMBARI_SERVER_HOST_PORT/api/v1/clusters/$CLUSTER_NAME/services

The content of /tmp/start_services.json is:
{
  "ServiceInfo": {"state" : "STARTED"},
  "session_attributes" : {
    "kerberos_admin" : {
      "principal" : "admin/admin@EXAMPLE.COM<mailto:admin/admin@EXAMPLE.COM>",
      "password" : "P@ssw0rd"
    }
  }
}

It again failed with "unsupported properties":

curl: (3) [globbing] nested braces not supported at pos 17

HTTP/1.1 400 Bad Request
User: admin
Set-Cookie: AMBARISESSIONID=1hchd4u8p7xza1tsvcdh6kvj5a;Path=/;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 299
Server: Jetty(8.1.17.v20150415)

{
  "status" : 400,
  "message" : "org.apache.ambari.server.controller.spi.UnsupportedPropertyException: The properties
[session_attributes/kerberos_admin/principal, session_attributes/kerberos_admin/password]
specified in the request or predicate are not supported for the resource type Service."
}

Please let us know how to make it work...
Any help is highly appreciated...

-fay








Mime
View raw message