[jira] [Created] (AMBARI-12245) HCat Service Check warns keytab contains no suitable keys when Kerberos is enabled

Wed, 01 Jul 2015 14:01:40 -0700 

Robert Levas created AMBARI-12245:
-------------------------------------

             Summary: HCat Service Check warns keytab contains no suitable keys 
when Kerberos is enabled
                 Key: AMBARI-12245
                 URL: https://issues.apache.org/jira/browse/AMBARI-12245
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.1.0
         Environment: ambari-server --hash: 
82c5c6a183041dcbdbc46f3029937ccde8869fba
HDP: HDP 2.3
OS: CentOS 6.5
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.1.0


HCat Service Check (part of the Hive Service Check) fails in cluster where 
Kerberos is enabled:

{noformat}
Test connectivity to hive server
Waiting for the Hive server to start...
2015-07-01 18:39:17,173 - Execute['/usr/bin/kinit -kt 
/etc/security/keytabs/smokeuser.headless.keytab [email protected]; 
'] {'user': 'ambari-qa'}
2015-07-01 18:39:17,321 - Execute['! beeline -u 
'jdbc:hive2://c6502.ambari.apache.org:10000/;transportMode=binary;principal=hive/[email protected]'
 -e '' 2>&1| awk '{print}'|grep -i -e 'Connection refused' -e 'Invalid URL''] 
{'path': ['/bin/', '/usr/bin/', '/usr/lib/hive/bin/', '/usr/sbin/'], 'user': 
'ambari-qa', 'timeout': 30}
Successfully connected to c6502.ambari.apache.org on port 10000
Successfully connected to Hive at c6502.ambari.apache.org on port 10000 after 6 
seconds
2015-07-01 18:39:23,313 - File['/var/lib/ambari-agent/data/tmp/hcatSmoke.sh'] 
{'content': StaticFile('hcatSmoke.sh'), 'mode': 0755}
2015-07-01 18:39:23,314 - Execute['/usr/bin/kinit -kt 
/etc/security/keytabs/smokeuser.headless.keytab ambari-qa; env 
JAVA_HOME=/usr/jdk64/jdk1.8.0_40 /var/lib/ambari-agent/data/tmp/hcatSmoke.sh 
hcatsmokeida8c06641_date390115 prepare'] {'logoutput': True, 'path': 
['/usr/sbin', '/usr/local/bin', '/bin', '/usr/bin', 
'/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/var/lib/ambari-agent:/usr/hdp/current/hive-client/bin:/usr/hdp/current/hadoop-client/bin'],
 'tries': 3, 'user': 'ambari-qa', 'try_sleep': 5}
kinit: Keytab contains no suitable keys for [email protected] while getting 
initial credentials
WARNING: Use "yarn jar" to launch YARN applications.
{noformat}

The issue appears to be the wrong principal name in the {{kinit}} command - 
note the missing cluster name and realm in the principal name value.
{noformat}
/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa
{noformat}

*Cause*
The error is caused by the use of the wrong variable when generating the kinit 
command at 
common-services/HIVE/0.12.0.2.0/package/scripts/hcat_service_check.py:44
{noformat}
        {kinit_path_local} -kt {smoke_user_keytab} {smokeuser}
{noformat}

*Solution*
At common-services/HIVE/0.12.0.2.0/package/scripts/hcat_service_check.py:44, 
change {{smokeuser}} to {{smokeuser_principal}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to