[
https://issues.apache.org/jira/browse/AMBARI-15645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15220173#comment-15220173
]
Hadoop QA commented on AMBARI-15645:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12796327/AMBARI-15645_branch-2.2_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
ambari-server.
Test results:
https://builds.apache.org/job/Ambari-trunk-test-patch/6127//testReport/
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/6127//console
This message is automatically generated.
> Upgrading Kerberized JournalNode requires HDFS principal to perform 'role
> edits' task
> -------------------------------------------------------------------------------------
>
> Key: AMBARI-15645
> URL: https://issues.apache.org/jira/browse/AMBARI-15645
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.2
> Reporter: Robert Levas
> Assignee: Robert Levas
> Fix For: 2.2.2
>
> Attachments: AMBARI-15645_branch-2.2_01.patch,
> AMBARI-15645_trunk_01.patch
>
>
> After upgrading HDP in Ambari version 2.1.2.1 a task a performed to _role
> edits_ while restarting JournalNodes. If Kerberos is enabled, the JN Kerberos
> identity is established before making this call when really the HDFS identity
> should be established - since this is an administrative HDFS call that
> requires the HDFS administrator user to perform.
> Because of this, the following error is generated and seen in the :
> {noformat}
> Fail: Execution of 'hdfs dfsadmin -rollEdits' returned 255. rollEdits: Access
> denied for user jn. Superuser privilege is required
> {noformat}
> The offending code is
> {code:title=common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py}
> if params.security_enabled:
> Execute(params.jn_kinit_cmd, user=params.hdfs_user)
> time.sleep(5)
> hdfs_roll_edits()
> time.sleep(5)
> {code}
> It should probably be something like:
> {code:title=common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py}
> if params.security_enabled:
> Execute(params.hdfs_kinit_cmd, user=params.hdfs_user)
> time.sleep(5)
> hdfs_roll_edits()
> time.sleep(5)
> {code}
> *Note the change from jn to hdfs in the kinit command line.*
> This issue has also been posted in
> https://issues.apache.org/jira/browse/AMBARI-10519.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
