[
https://issues.apache.org/jira/browse/AMBARI-13058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Antonenko Alexander updated AMBARI-13058:
-----------------------------------------
Attachment: AMBARI-13058.patch
> Kerberos: failures / issues w/ add host when using "manual kerb" option
> -----------------------------------------------------------------------
>
> Key: AMBARI-13058
> URL: https://issues.apache.org/jira/browse/AMBARI-13058
> Project: Ambari
> Issue Type: Bug
> Components: ambari-web
> Affects Versions: 2.1.1
> Reporter: Antonenko Alexander
> Assignee: Antonenko Alexander
> Priority: Critical
> Fix For: 2.1.2
>
> Attachments: AMBARI-13058.patch
>
>
> PART I
> {code}
> >> I recently added a manually-administered kerberos service to Ambari.
> >> This is where nodes are all kerberized, but Ambari doesn't administer
> >> the kerberos server (had to download the csv & create the keytabs
> >> myself). This is ambari 2.1.1.
> >>
> >> I'm now trying to add a new host to the cluster using the "Ambari
> >> add-host" wizard.
> >>
> >> Ambari gets through to the "review" step (step5), but when trying to
> >> move forward to "Deploy" it fails.
> >>
> >> A browser console trace shows that it tries to fetch:
> >> https://{ambari
> >> server}/api/v1/clusters/{cluster}/services/KERBEROS?fields=Services/attributes/kdc_validation_result,Services/attributes/kdc_validation_failure_details&_=1441379573009
> >>
> >> and gets a 404 back. (This 404 seems correct to me as there is no
> >> "kerberos" service administered by Ambari. However, it doesn't appear
> >> Ambari's add-host wizard understands this).
> >>
> >> Is this a known issue, or am I doing something incorrect somewhere? I
> >> looked through the opened JIRAs and didn't see anything for this.
> >>
> {code}
> PART II
> {code}
> >I was able to fix this by using the API to create the KERBEROS service
> >and KERBEROS_CLIENT host component (but not assigning any hosts to
> >that component):
> >curl ... -X POST ...services/KERBEROS
> >curl ... -X PUT '{"ServiceInfo": {"state" : "INSTALLED"}}'
> >...services/KERBEROS
> >curl ... -X POST ...services/KERBEROS/components/KERBEROS_CLIENT
> >
> >I ran into other bugs after that:
> > - Ambari install tried to modify user "ambari-qa". However, this user
> >is a kerberos user and ambari tried to run usermod which failed
> >complaining that ambari-qa is not in /etc/passwd. To get around this
> >I deleted this user in kerberos, allow ambari to create the user in
> >/etc/passwd, then once the setup was done I had to recreate the
> >kerberos user so that the headless keytab would work.
> > - Ambari install also tried to create the local user hdfs, which
> >didn't work very well because hdfs is a kerberos user (due to the
> >headless keytab). I just created this user in /etc/password which
> >allowed the host install to continue.
> >
> >Every time I ran into a failure I ended up deleting the host services
> >and host via the api, making adjustments, and going back through the
> >wizard.
> >
> >With these workarounds I was able to get the hosts added into the
> >cluster. These are the only hosts now with the "KERBEROS_CLIENT"
> >service - I'm not sure what the expected state is there.
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
