[
https://issues.apache.org/jira/browse/AMBARI-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Swapan Shridhar reopened AMBARI-15561:
--------------------------------------
Fails while kerberizing the cluster.
Screenshot attached
{code}
Stack Advisor reported an error: TypeError: putPropertyAttribute() takes
exactly 3 arguments (4 given)
StdOut file: /var/run/ambari-server/stack-recommendations/38/stackadvisor.out
StdErr file: /var/run/ambari-server/stack-recommendations/38/stackadvisor.err
Traceback (most recent call last):
File "/var/lib/ambari-server/resources/scripts/stack_advisor.py", line 158,
in <module>
main(sys.argv)
File "/var/lib/ambari-server/resources/scripts/stack_advisor.py", line 109,
in main
result = stackAdvisor.recommendConfigurations(services, hosts)
File "/var/lib/ambari-server/resources/scripts/../stacks/stack_advisor.py",
line 570, in recommendConfigurations
calculation(configurations, clusterSummary, services, hosts)
File
"/var/lib/ambari-server/resources/scripts/./../stacks/HDP/2.3/services/stack_advisor.py",
line 283, in recommendHIVEConfigurations
super(HDP23StackAdvisor, self).recommendHIVEConfigurations(configurations,
clusterData, services, hosts)
File
"/var/lib/ambari-server/resources/scripts/./../stacks/HDP/2.2/services/stack_advisor.py",
line 257, in recommendHIVEConfigurations
super(HDP22StackAdvisor, self).recommendHiveConfigurations(configurations,
clusterData, services, hosts)
File
"/var/lib/ambari-server/resources/scripts/./../stacks/HDP/2.1/services/stack_advisor.py",
line 104, in recommendHiveConfigurations
webHcatSitePropertyAttributes = self.putPropertyAttribute(configurations,
"webhcat-site", services)
TypeError: putPropertyAttribute() takes exactly 3 arguments (4 given)
~
{code}
> Automate creation of Ambari Server proxy users (secure/non-secure clusters),
> principal and keytab, setup of JAAS (secure clusters)
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-15561
> URL: https://issues.apache.org/jira/browse/AMBARI-15561
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Reporter: Sandor Magyari
> Assignee: Sandor Magyari
> Priority: Critical
> Fix For: ambari-2.4.0
>
> Attachments: AMBARI-15561-v2.patch
>
>
> The aim of this improvement is to automate the following:
> - creation of proxy users for Ambari server necessary for views (Files, Hive,
> Pig, Tez etc)
> - creation of Ambari Server principal and keytab, and setup of JAAS which is
> currently a manual step documented here:
> http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_Ambari_Security_Guide/content/_optional_set_up_kerberos_for_ambari_server.html
> In case of a non secure cluster, Ambari proxy user will be set up for the
> user account Ambari Server is running as. This is specified in
> *ambari-server.properties* by *ambari-server.user* and can be adjusted by
> running 'ambari-server setup'.
> Stackadvisor is responsible for configuring proxy users, both for secure /
> non-secure cluster, wizard or blueprint based deployments.
> Therefore in case of blueprint based deployments proxy users will be only
> created if "config_recommendation_strategy": "ALWAYS_APPLY" in Cluster
> template.
> The following proxy users will be configured by stackadvisor:
> {code}
> hadoop.proxyuser.${ambari_proxy_user}.groups=*
> hadoop.proxyuser.${ambari_proxy_user}.hosts=*
> hadoop.proxyuser.hcat.groups=*
> hadoop.proxyuser.hcat.hosts=*
> webhcat.proxyuser.${ambari_proxy_user}.groups=*
> webhcat.proxyuser.${ambari_proxy_user}.hosts=*
> yarn.timeline-service.http-authentication.proxyuser.${ambari_proxy_user}.hosts=*
>
> yarn.timeline-service.http-authentication.proxyuser.${ambari_proxy_user}.users=*
>
> yarn.timeline-service.http-authentication.proxyuser.${ambari_proxy_user}.groups=*
>
> {code}
> For a secure (eg. securityType=KERBEROS) cluster proxy user will be setup
> based on Ambari Server principal.
> A new identity 'ambari-server' will be added to default kerberos descriptor
> where principal name is specified which can be modified either in Kerberos
> Setup wizard screen, or by submitting a custom kerberos descriptor in
> Blueprint case.
> By default, principal name is:
> {code}ambari-server-${cluster_name}@${realm}{code}
> Generate principal & keytab is set in JAAS configuration file.
> Generation of Ambari Server principal and keytab can be enabled / disabled by
> setting config property *create_ambari_principal* = true / false in
> kerberos-env config. ('Create Ambari Principal & Keytab' on Keberos Setup
> wizard screen). This is enabled by default.
> There is a new functionality in Kerberos related handling of configurations
> recommended by StackAdvisor, properties marked with delete flag by
> StackAdvisor are removed from configuration when running Enable Kerberos
> wizard. This is necessary to be able to remove old Ambari proxy users in
> non-secure mode.
> In a scenario where multiple Ambari servers are managing a single cluster,
> only the _operation master_ Ambari server will be affected. All other Ambari
> server instances will need to be manually updated. Meaning, the Ambari server
> keytab file will need to be manually distributed to the _other_ Ambari server
> hosts. Also, the _other_ Ambari servers' JAAS files will need to be manually
> updated either by editing the {{/etc/ambari-server/conf/krb5JAASLogin.conf}}
> file or by executing {{ambari-server setup-security}} and selecting option
> #3, {{Setup Ambari kerberos JAAS configuration}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
