[
https://issues.apache.org/jira/browse/AMBARI-22472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16257929#comment-16257929
]
Swapan Shridhar edited comment on AMBARI-22472 at 11/18/17 7:42 AM:
--------------------------------------------------------------------
*TESTING:*
*Ambari 2.5, before upgrade*:
{code:title=From /etc/hive2/cong/conf.server/hive-site.xml}
<property>
<name>hive.llap.daemon.keytab.file</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
</property>
<property>
<name>hive.llap.daemon.service.principal</name>
<value>hive/[email protected]</value>
</property>
<property>
<name>hive.llap.zk.sm.keytab.file</name>
<value>/etc/security/keytabs/hive.llap.zk.sm.keytab</value>
</property>
<property>
<name>hive.llap.zk.sm.principal</name>
<value>hive/[email protected]</value>
</property>
{code}
{code:title=After upgrade to Ambari-2.6}
[root@swap-qqq-1 ~]# ambari-server upgrade
Using python /usr/bin/python
Upgrading ambari-server
INFO: Upgrade Ambari Server
INFO: Updating Ambari Server properties in ambari.properties ...
INFO: Updating Ambari Server properties in ambari-env.sh ...
WARNING: Original file ambari-env.sh kept
INFO: Fixing database objects owner
Ambari Server configured for Embedded Postgres. Confirm you have made a backup
of the Ambari Server database [y/n] (y)? y
INFO: Upgrading database schema
INFO: Return code from schema upgrade command, retcode = 0
INFO: Schema upgrade completed
Adjusting ambari-server permissions and ownership...
Ambari Server 'upgrade' completed successfully.
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]# ambari-server --version
2.6.0.0-267
[root@swap-qqq-1 ~]#
{code}
{code:title=Updating Kerberos descriptors}
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:673 - Updating YARN's
HSI Kerberos Descriptor ....
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:685 - Retrieved
HIVE->HIVE_SERVER kerberos descriptor. Name = hive_server_hive
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:700 - Retrieved
YARN->NODEMANAGER kerberos descriptor to be updated. Name = llap_zk_hive
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:709 - Updated
'llap_zk_hive' identity descriptor reference =
'/HIVE/HIVE_SERVER/hive_server_hive'
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:712 - Updated
'llap_zk_hive' principal descriptor value = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:717 - Updated
'llap_zk_hive' keytab descriptor file = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:720 - Updated
'llap_zk_hive' keytab descriptor owner name = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:722 - Updated
'llap_zk_hive' keytab descriptor owner access = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:724 - Updated
'llap_zk_hive' keytab descriptor group name = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:726 - Updated
'llap_zk_hive' keytab descriptor group access = ''
18 Nov 2017 07:25:54,004 INFO [main] UpgradeCatalog260:730 - Updated
'isYarnKerberosDescUpdated' = true
{code}
{code:title=Updated HSI config 'hive.llap.zk.sm.keytab.file'}
18 Nov 2017 07:25:54,073 INFO [main] UpgradeCatalog260:767 - Updated HSI
config 'hive.llap.zk.sm.keytab.file' = /etc/security/keytabs/hive.service.keytab
{code}
was (Author: swapanshridhar):
*TESTING:*
*Ambari 2.5, before upgrade*:
{code:title=From /etc/hive2/cong/conf.server/hive-site.xml}
<property>
<name>hive.llap.daemon.keytab.file</name>
<value>/etc/security/keytabs/hive.service.keytab</value>
</property>
<property>
<name>hive.llap.daemon.service.principal</name>
<value>hive/[email protected]</value>
</property>
<property>
<name>hive.llap.zk.sm.keytab.file</name>
<value>/etc/security/keytabs/hive.llap.zk.sm.keytab</value>
</property>
<property>
<name>hive.llap.zk.sm.principal</name>
<value>hive/[email protected]</value>
</property>
{code}
*After upgrade to Ambari-2.6:*
{code}
[root@swap-qqq-1 ~]# ambari-server upgrade
Using python /usr/bin/python
Upgrading ambari-server
INFO: Upgrade Ambari Server
INFO: Updating Ambari Server properties in ambari.properties ...
INFO: Updating Ambari Server properties in ambari-env.sh ...
WARNING: Original file ambari-env.sh kept
INFO: Fixing database objects owner
Ambari Server configured for Embedded Postgres. Confirm you have made a backup
of the Ambari Server database [y/n] (y)? y
INFO: Upgrading database schema
INFO: Return code from schema upgrade command, retcode = 0
INFO: Schema upgrade completed
Adjusting ambari-server permissions and ownership...
Ambari Server 'upgrade' completed successfully.
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]#
[root@swap-qqq-1 ~]# ambari-server --version
2.6.0.0-267
[root@swap-qqq-1 ~]#
{code}
{code:title=Updating Kerberos descriptors}
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:673 - Updating YARN's
HSI Kerberos Descriptor ....
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:685 - Retrieved
HIVE->HIVE_SERVER kerberos descriptor. Name = hive_server_hive
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:700 - Retrieved
YARN->NODEMANAGER kerberos descriptor to be updated. Name = llap_zk_hive
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:709 - Updated
'llap_zk_hive' identity descriptor reference =
'/HIVE/HIVE_SERVER/hive_server_hive'
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:712 - Updated
'llap_zk_hive' principal descriptor value = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:717 - Updated
'llap_zk_hive' keytab descriptor file = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:720 - Updated
'llap_zk_hive' keytab descriptor owner name = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:722 - Updated
'llap_zk_hive' keytab descriptor owner access = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:724 - Updated
'llap_zk_hive' keytab descriptor group name = ''
18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:726 - Updated
'llap_zk_hive' keytab descriptor group access = ''
18 Nov 2017 07:25:54,004 INFO [main] UpgradeCatalog260:730 - Updated
'isYarnKerberosDescUpdated' = true
{code}
> Update NodeManager's HSI identity 'llap_zk_hive' to use
> '/HIVE/HIVE_SERVER/hive_server_hive' reference instead of creating the same
> identity again.
> ---------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-22472
> URL: https://issues.apache.org/jira/browse/AMBARI-22472
> Project: Ambari
> Issue Type: Bug
> Reporter: Swapan Shridhar
> Assignee: Swapan Shridhar
>
> *Background:*
> YARN NodeManager currently have 2 identities in 2.5 and 2.6 stack, namely :
> *'/HIVE/HIVE_SERVER/hive_server_hive'* and *'llap_zk_hive'*.
> - */HIVE/HIVE_SERVER/hive_server_hive* is a reference from HIVE_SERVER,
> whereas
> - *llap_zk_hive* creates same principal as above in a separate keytab file.
> *Issue:* Recreating same identities in different files creates issues while
> AMbari upgrade from 2.5 to 2.6, as the *llap_zk_hive* are not
> refreshed/updated after the upgrade. Thus, HSI fails to come up.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
