[
https://issues.apache.org/jira/browse/AMBARI-12356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-12356:
----------------------------------
Description:
STR:
1. Install old version of ambari (2.0.1)
2. Enable security
3. Do Ambari only upgrade to ambari2.1.0
4. Add some component - HiveServer2 or Ooozie server
5. Try to start added component
Actual result:
Start have been failed.
{code}
Traceback (most recent call last):
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 182, in <module>
HiveServer().execute()
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
line 216, in execute
method(env)
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 83, in start
self.configure(env) # FOR SECURITY
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 54, in configure
hive(name='hiveserver2')
File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
line 89, in
thunk
return fn(*args, **kwargs)
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive.py", line 127, in hive
mode=params.webhcat_hdfs_user_mode
File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 157, in
__init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
152, in run
self.run_action(resource, action)
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
118, in run_action
provider_action()
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 390,
in
action_create_on_execute
self.action_delayed("create")
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 387,
in
action_delayed
self.get_hdfs_resource_executor().action_delayed(action_name, self)
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 236,
in
action_delayed
main_resource.kinit()
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 416,
in kinit
user=user
File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 157, in
__init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
152, in run
self.run_action(resource, action)
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
118, in run_action
provider_action()
File
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 254, in action_run
tries=self.resource.tries, try_sleep=self.resource.try_sleep)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 70, in
inner
result = function(command, **kwargs)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 92, in
checked_call
tries=tries, try_sleep=try_sleep)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 140, in
_call_wrapper
result = _call(command, **kwargs_copy)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 291, in
_call
raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt
/etc/security/keytabs/hdfs.headless.keytab [email protected]' returned 1. kinit:
Keytab
contains no suitable keys for [email protected] while getting initial credentials
{code}
Expected results:
Can start all added components.
*Cause*
The Kerberos Descriptor structure changed between Ambari 2.0 and Ambari 2.1.
This change moved the "hdfs" Kerberos identity descriptor from the _global_
scope to under the HDFS service. After upgrading from Ambari 2.0 to Ambari 2.1
an additional "hdfs" Kerberos identity descriptor was added with the new
principal name pattern -
$\{hadoop-env/hdfs_user\}-$\{cluster_name\}@$\{realm\}. This occurred because
the stored Kerberos Descriptor contained the _old_ structure, and when Ambari
generated a composite Kerberos Descriptor made up of the Kerberos Descriptor
compiled from the relevant stack definition with stored changes applied, that
additional "hdfs" Kerberos identity descriptor was added. Because if this, the
Kerberos logic became _confused_ and overwrote the existing hdfs keytab file
with one that contained the new principal name.
*Solution*
While migrating Ambari 2.0 to Ambari 2.1, fix the stored Kerberos Descriptor
structure to match the new version's structure.
was:
STR:
1. Install old version of ambari (2.0.1)
2. Enable security
3. Do Ambari only upgrade to ambari2.1.0
4. Add some component - HiveServer2 or Ooozie server
5. Try to start added component
Actual result:
Start have been failed.
{code}
Traceback (most recent call last):
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 182, in <module>
HiveServer().execute()
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
line 216, in execute
method(env)
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 83, in start
self.configure(env) # FOR SECURITY
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 54, in configure
hive(name='hiveserver2')
File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
line 89, in
thunk
return fn(*args, **kwargs)
File "/var/lib/ambari-agent/cache/common-
services/HIVE/0.12.0.2.0/package/scripts/hive.py", line 127, in hive
mode=params.webhcat_hdfs_user_mode
File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 157, in
__init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
152, in run
self.run_action(resource, action)
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
118, in run_action
provider_action()
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 390,
in
action_create_on_execute
self.action_delayed("create")
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 387,
in
action_delayed
self.get_hdfs_resource_executor().action_delayed(action_name, self)
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 236,
in
action_delayed
main_resource.kinit()
File "/usr/lib/python2.6/site-
packages/resource_management/libraries/providers/hdfs_resource.py", line 416,
in kinit
user=user
File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 157, in
__init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
152, in run
self.run_action(resource, action)
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line
118, in run_action
provider_action()
File
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 254, in action_run
tries=self.resource.tries, try_sleep=self.resource.try_sleep)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 70, in
inner
result = function(command, **kwargs)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 92, in
checked_call
tries=tries, try_sleep=try_sleep)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 140, in
_call_wrapper
result = _call(command, **kwargs_copy)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
line 291, in
_call
raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt
/etc/security/keytabs/hdfs.headless.keytab [email protected]' returned 1. kinit:
Keytab
contains no suitable keys for [email protected] while getting initial credentials
{code}
Expected results:
Can start all added components.
> Execution of '/usr/bin/kinit -kt ... [email protected]' returned 1 when try
> to start added before component (Oozie server,HS2 etc ) after upgrade to
> ambari2.1.0
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-12356
> URL: https://issues.apache.org/jira/browse/AMBARI-12356
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos, upgrade
> Fix For: 2.1.0
>
> Attachments: AMBARI-12356_01.patch
>
>
> STR:
> 1. Install old version of ambari (2.0.1)
> 2. Enable security
> 3. Do Ambari only upgrade to ambari2.1.0
> 4. Add some component - HiveServer2 or Ooozie server
> 5. Try to start added component
> Actual result:
> Start have been failed.
> {code}
> Traceback (most recent call last):
> File "/var/lib/ambari-agent/cache/common-
> services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 182, in
> <module>
> HiveServer().execute()
> File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
>
> line 216, in execute
> method(env)
> File "/var/lib/ambari-agent/cache/common-
> services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 83, in start
> self.configure(env) # FOR SECURITY
> File "/var/lib/ambari-agent/cache/common-
> services/HIVE/0.12.0.2.0/package/scripts/hive_server.py", line 54, in
> configure
> hive(name='hiveserver2')
> File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py",
> line 89, in
> thunk
> return fn(*args, **kwargs)
> File "/var/lib/ambari-agent/cache/common-
> services/HIVE/0.12.0.2.0/package/scripts/hive.py", line 127, in hive
> mode=params.webhcat_hdfs_user_mode
> File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
> line 157, in
> __init__
> self.env.run()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line
> 152, in run
> self.run_action(resource, action)
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line
> 118, in run_action
> provider_action()
> File "/usr/lib/python2.6/site-
> packages/resource_management/libraries/providers/hdfs_resource.py", line 390,
> in
> action_create_on_execute
> self.action_delayed("create")
> File "/usr/lib/python2.6/site-
> packages/resource_management/libraries/providers/hdfs_resource.py", line 387,
> in
> action_delayed
> self.get_hdfs_resource_executor().action_delayed(action_name, self)
> File "/usr/lib/python2.6/site-
> packages/resource_management/libraries/providers/hdfs_resource.py", line 236,
> in
> action_delayed
> main_resource.kinit()
> File "/usr/lib/python2.6/site-
> packages/resource_management/libraries/providers/hdfs_resource.py", line 416,
> in kinit
> user=user
> File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
> line 157, in
> __init__
> self.env.run()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line
> 152, in run
> self.run_action(resource, action)
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
> line
> 118, in run_action
> provider_action()
> File
> "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
>
> line 254, in action_run
> tries=self.resource.tries, try_sleep=self.resource.try_sleep)
> File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
> line 70, in
> inner
> result = function(command, **kwargs)
> File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
> line 92, in
> checked_call
> tries=tries, try_sleep=try_sleep)
> File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
> line 140, in
> _call_wrapper
> result = _call(command, **kwargs_copy)
> File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py",
> line 291, in
> _call
> raise Fail(err_msg)
> resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt
> /etc/security/keytabs/hdfs.headless.keytab [email protected]' returned 1.
> kinit: Keytab
> contains no suitable keys for [email protected] while getting initial
> credentials
> {code}
> Expected results:
> Can start all added components.
> *Cause*
> The Kerberos Descriptor structure changed between Ambari 2.0 and Ambari 2.1.
> This change moved the "hdfs" Kerberos identity descriptor from the _global_
> scope to under the HDFS service. After upgrading from Ambari 2.0 to Ambari
> 2.1 an additional "hdfs" Kerberos identity descriptor was added with the new
> principal name pattern -
> $\{hadoop-env/hdfs_user\}-$\{cluster_name\}@$\{realm\}. This occurred
> because the stored Kerberos Descriptor contained the _old_ structure, and
> when Ambari generated a composite Kerberos Descriptor made up of the Kerberos
> Descriptor compiled from the relevant stack definition with stored changes
> applied, that additional "hdfs" Kerberos identity descriptor was added.
> Because if this, the Kerberos logic became _confused_ and overwrote the
> existing hdfs keytab file with one that contained the new principal name.
> *Solution*
> While migrating Ambari 2.0 to Ambari 2.1, fix the stored Kerberos Descriptor
> structure to match the new version's structure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
