[
https://issues.apache.org/jira/browse/AMBARI-11022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540260#comment-14540260
]
Hudson commented on AMBARI-11022:
---------------------------------
FAILURE: Integrated in Ambari-trunk-Commit #2571 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/2571/])
AMBARI-11022. Kerberos: Keytab files are not distributed during add host if a
retry is necessary during installation (Emil Anca via rlevas) (rlevas:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=dd218d20b085edb1b4fc0d04164303e0b04c4bcd)
*
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
> Kerberos: Keytab files are not distributed during add host if a retry is
> necessary during installation
> ------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-11022
> URL: https://issues.apache.org/jira/browse/AMBARI-11022
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Emil Anca
> Assignee: Emil Anca
> Labels: kerberos
> Fix For: 2.1.0
>
> Attachments: AMBARI-11022_01.patch
>
>
> When adding a new host to a cluster where Kerberos is enabled and the
> installation of the new components fails, upon retry the keytabs are not
> distributed to the host after successfully installing the components. _Note:
> the new identities were not created either_.
> *Workaround*
> To recover from this, the missing keytabs can be regenerated using the
> _Regenerate Keytabs_ feature with the _missing only_ option specified. The
> component can then be started successfully.
> *Steps to reproduce*
> # Create cluster (can be small, one node with only HDFS and Zookeeper)
> # Enable Kerberos
> # Add new host with only DataNode (no clients, only to make the failure
> happen quicker)
> # While the relevant hadoop packages are being installed, kill the package
> manger (i.e., yum, zypper, etc...)
> # The installation of the component will fail and the retry button will be
> available
> # Click the retry button and allow the installation to complete
> # Startup of the Datanode component will fail due to missing keytab
> {code}
> 2015-03-21 01:43:47,911 FATAL datanode.DataNode
> (DataNode.java:secureMain(2385)) - Exception in secureMain
> java.io.IOException: Login failure for dn/[email protected]
> from keytab /etc/security/keytabs/dn.service.keytab:
> javax.security.auth.login.LoginException: Unable to obtain password from user
> {code}
> _Note: Error indicates a keytab file was found but wrong password, this isn't
> the case since the keytab file was not on the host._
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
