[
https://issues.apache.org/jira/browse/AMBARI-24869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16679857#comment-16679857
]
Robert Levas commented on AMBARI-24869:
---------------------------------------
The reason for this JIRA is because the patch for AMBARI-24722 breaks enabling
Kerberos.
Since configurations are no longer set in ExecutionCommand at
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java#L2468,
the kerberos-env command data is not available to the task creation process
starting at
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java#L4128.
Therefore when the initial Kerberos service check is invoked, the needed data
is not available and the processes fails.
{noformat}
Failed to process the identities, could not properly open the KDC operation
handler: Failed to kinit as the KDC administrator user, admin/admin:
ExitCode: 1
STDOUT:
STDERR: kinit: Server not found in Kerberos database while getting initial
credentials
{noformat}
>From the krb5kdc.log
{noformat}
Nov 07 21:46:39 c7401.ambari.apache.org krb5kdc[14431](info): AS_REQ (8 etypes
{18 17 20 19 16 23 25 26}) 192.168.74.101: SERVER_NOT_FOUND:
admin/[email protected] for kadmin/[email protected], Server not found in
Kerberos database
{noformat}
The {{null}} in {{kadmin/[email protected]}} is coming from the missing
{{kerberos-env/admin_server_host}} property when running the server-side task
to create the test identity.
> Request configurations when needed during server-side actions rather than
> rely on configuration data from the execution command
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-24869
> URL: https://issues.apache.org/jira/browse/AMBARI-24869
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Major
> Fix For: 2.8.0
>
>
> Request configurations when needed during server-side actions rather than
> rely on configuration data from the execution command.
> Due to a recent change, which appeared to remove configuration data from the
> execution command JSON document, data needed for Kerberos-related
> service-side actions is missing. This data may be requested when needed from
> the cluster data at the time of execution rather than when setting up the
> stages.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
