[jira] [Commented] (AMBARI-14961) Ambari overwrites auth_to_local rules in core-site.xml

Tue, 09 Feb 2016 09:30:28 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-14961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15139259#comment-15139259
 ] 

Hudson commented on AMBARI-14961:
---------------------------------

SUCCESS: Integrated in Ambari-branch-2.2 #308 (See 
[https://builds.apache.org/job/Ambari-branch-2.2/308/])
AMBARI-14961. Ambari overwrites auth_to_local rules in core-site.xml 
(dlysnichenko: 
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=9e425d7743c64cd67904ccc7ccd207d73874c138])
* 
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
* 
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
* ambari-web/app/data/HDP2/site_properties.js


> Ambari overwrites auth_to_local rules in core-site.xml
> ------------------------------------------------------
>
>                 Key: AMBARI-14961
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14961
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>             Fix For: 2.2.2
>
>         Attachments: AMBARI-14961.patch
>
>
> As part of the kerberization process, a specific auth_to_local ruleset is 
> used.
> The customer uses the "Manual" method of Kerbrizing their clusters. The 
> addition of the custom auth_to_local rules is added as a step in the process.
> We found that during certain operations (such as moving the NameNode using 
> the Ambari wizard), many services such as HDFS fail to restart.  Upon 
> examination of the failure it was revealed that Ambari is overwriting / 
> modifying the custom auth_to_local rules to something completely different.   
> The change is getting pushed to the nodes and the services fail to start up.
> 1) Secure the cluster using the "Manual" process as outlined in the Ambari 
> documentation.
> 2) Add the custom auth_to_local rules after the cluster is kerberized.
> 3) Attempt to peform an operation such as moving a NameNode.
> Whenever services try to start / restart they fail.  The logs from the 
> respective services show failures pointing to incorrect auth_to_local 
> settings.
> auth_to_local rules do not get modified or overwritten by ambari.
> Depending on the failure, we have been able to work around it doing one of 
> two things:
> 1) Manually edit the core-site.xml where the service failed to start and 
> start the service from the command line.
> 2) Go back into the Ambari UI, fix the auth_to_local rules, save the config, 
> then restart the respective services.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to