[jira] [Updated] (AMBARI-11022) Kerberos: Keytab files are not distributed during add host if a retry is necessary during installation

Fri, 08 May 2015 04:26:12 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-11022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emil Anca updated AMBARI-11022:
-------------------------------
    Attachment: AMBARI-11022_01.patch

> Kerberos: Keytab files are not distributed during add host if a retry is 
> necessary during installation
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-11022
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11022
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Emil Anca
>            Assignee: Emil Anca
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11022_01.patch
>
>
> When adding a new host to a cluster where Kerberos is enabled and the 
> installation of the new components fails, upon retry the keytabs are not 
> distributed to the host after successfully installing the components.  _Note: 
>  the new identities were not created either_.
> *Workaround*
> To recover from this, the missing keytabs can be regenerated using the 
> _Regenerate Keytabs_ feature with the _missing only_ option specified. The 
> component can then be started successfully.
> *Steps to reproduce*
> # Create cluster (can be small, one node with only HDFS and Zookeeper)
> # Enable Kerberos
> # Add new host with only DataNode (no clients, only to make the failure 
> happen quicker)
> # While the relevant hadoop packages are being installed, kill the package 
> manger (i.e., yum, zypper, etc...)
> # The installation of the component will fail and the retry button will be 
> available
> # Click the retry button and allow the installation to complete
> # Startup of the Datanode component will fail due to missing keytab
> {code}
> 2015-03-21 01:43:47,911 FATAL datanode.DataNode 
> (DataNode.java:secureMain(2385)) - Exception in secureMain
> java.io.IOException: Login failure for dn/[email protected] 
> from keytab /etc/security/keytabs/dn.service.keytab: 
> javax.security.auth.login.LoginException: Unable to obtain password from user
> {code}
> _Note: Error indicates a keytab file was found but wrong password, this isn't 
> the case since the keytab file was not on the host._



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to