[
https://issues.apache.org/jira/browse/AMBARI-12180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14604144#comment-14604144
]
Hadoop QA commented on AMBARI-12180:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12742317/AMBARI-12180_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
ambari-server.
Test results:
https://builds.apache.org/job/Ambari-trunk-test-patch/3291//testReport/
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/3291//console
This message is automatically generated.
> Enabling Kerberos on cluster with AMS and no HDFS fails
> -------------------------------------------------------
>
> Key: AMBARI-12180
> URL: https://issues.apache.org/jira/browse/AMBARI-12180
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: kerberos, kerberos_descriptor
> Fix For: 2.1.0
>
> Attachments: AMBARI-12180_01.patch
>
>
> In a cluster where AMS is installed but HDFS is _not_ installed, enabling
> Kerberos fails due to the inability for the server-side Kerberos logic to
> replace ${hadoop-env/hdfs_user} when generating the metadata used to create
> principals and distribute keytab files.
> This condition yields the following principal (when the cluster name is
> AMSNOHDFS and the realm is EXAMPLE.COM)
> {noformat}
> $\{hadoop-env/hdfs_user\}[email protected]
> {noformat}
> This is successfully created in the (MIT) KDC. Also, the relative keytab file
> appears to have been successfully created as well.
> However, when distributing the keytab file and setting the ownership
> attributes, the agent-side script fails with
> {code}
> Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
> line 77, in <module>
> KerberosClient().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 216, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
> line 67, in set_keytab
> self.write_keytab_file()
> File
> "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py",
> line 397, in write_keytab_file
> group=group)
> File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
> line 157, in __init__
> self.env.run()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line 152, in run
> self.run_action(resource, action)
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line 118, in run_action
> provider_action()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
> line 108, in action_create
> self.resource.group, mode=self.resource.mode,
> cd_access=self.resource.cd_access)
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
> line 44, in _ensure_metadata
> _user_entity = pwd.getpwnam(user)
> KeyError: 'getpwnam(): name not found: $\{hadoop-env/hdfs_user\}'
> {code}
> *NOTE: \ needed to be added to the hadoop-env/hdfs_user placeholder due to
> formatting issue*
> *Solution:*
> Remove the HDFS identity reference in AMS and assume the hdfs keytab file
> will be on the appropriate host(s) when HDFS is installed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
