[
https://issues.apache.org/jira/browse/AMBARI-12180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14604654#comment-14604654
]
Hudson commented on AMBARI-12180:
---------------------------------
FAILURE: Integrated in Ambari-trunk-Commit #3023 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/3023/])
AMBARI-12180. Enabling Kerberos on cluster with AMS and no HDFS fails (rlevas)
(rlevas:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=64064c3f22d526855e1f2bfeaf3c67f203900866)
*
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
> Enabling Kerberos on cluster with AMS and no HDFS fails
> -------------------------------------------------------
>
> Key: AMBARI-12180
> URL: https://issues.apache.org/jira/browse/AMBARI-12180
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: kerberos, kerberos_descriptor
> Fix For: 2.1.0
>
> Attachments: AMBARI-12180_01.patch
>
>
> In a cluster where AMS is installed but HDFS is _not_ installed, enabling
> Kerberos fails due to the inability for the server-side Kerberos logic to
> replace ${hadoop-env/hdfs_user} when generating the metadata used to create
> principals and distribute keytab files.
> This condition yields the following principal (when the cluster name is
> AMSNOHDFS and the realm is EXAMPLE.COM)
> {noformat}
> $\{hadoop-env/hdfs_user\}[email protected]
> {noformat}
> This is successfully created in the (MIT) KDC. Also, the relative keytab file
> appears to have been successfully created as well.
> However, when distributing the keytab file and setting the ownership
> attributes, the agent-side script fails with
> {code}
> Traceback (most recent call last):
> File
> "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
> line 77, in <module>
> KerberosClient().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 216, in execute
> method(env)
> File
> "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
> line 67, in set_keytab
> self.write_keytab_file()
> File
> "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py",
> line 397, in write_keytab_file
> group=group)
> File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
> line 157, in __init__
> self.env.run()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line 152, in run
> self.run_action(resource, action)
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line 118, in run_action
> provider_action()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
> line 108, in action_create
> self.resource.group, mode=self.resource.mode,
> cd_access=self.resource.cd_access)
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
> line 44, in _ensure_metadata
> _user_entity = pwd.getpwnam(user)
> KeyError: 'getpwnam(): name not found: $\{hadoop-env/hdfs_user\}'
> {code}
> *NOTE: \ needed to be added to the hadoop-env/hdfs_user placeholder due to
> formatting issue*
> *Solution:*
> Remove the HDFS identity reference in AMS and assume the hdfs keytab file
> will be on the appropriate host(s) when HDFS is installed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
