[
https://issues.apache.org/jira/browse/AMBARI-9739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-9739:
---------------------------------
Attachment: AMBARI-9739_01.patch
Added code to filter out hosts that do not have an INSTALLED KERBEROS_CLIENT
component
Patch File [^AMBARI-9739_01.patch]
> Kerberos: regenerate keytabs not handled for all hosts
> ------------------------------------------------------
>
> Key: AMBARI-9739
> URL: https://issues.apache.org/jira/browse/AMBARI-9739
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: kerberos, keytabs
> Fix For: 2.0.0
>
> Attachments: AMBARI-9739_01.patch
>
>
> 1. Installed cluster on three hosts c6401, c6402, c6403
> 2. using oracle jdk 1.7, put JCE in place on all hosts
> 3. ambari-agent stop on c6403 (which just has DN, ZK and NM)
> 4. Enable kerberos, which means c6403 does not get keytabs
> 5. ambari-agent start on c6403
> 6. go to regen keytabs. Clicked to only do missing. c6403 does not get
> keytabs.
> 7. go to regen keytabs. just left the default which should do all. No hosts
> get the keytabs.
> What I found is since the Kerberos client didn't get installed on c6403, the
> "Set keytab kerberos client" command is "Host Role in invalid state". I went
> to that host, and did install clients from the UI to get the kerberos client
> installed. Once that happened, I could then regen keytabs.
> The main issue: Regen only works if all hosts can regen. Once c6403 did not
> have a client, and Host Role in invalid state, it didn't do keytabs for any
> other hosts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
