----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63937/#review191443 -----------------------------------------------------------
Shouldn't there be at least one updated kerberos.json file? ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java Lines 711 (patched) <https://reviews.apache.org/r/63937/#comment269257> I suspect that this should be set to `null` rather than an empty string. But if it works, I am ok with it. ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java Lines 716 (patched) <https://reviews.apache.org/r/63937/#comment269258> I suspect that this should be set to `null` rather than an empty string. But if it works, I am ok with it. - Robert Levas On Nov. 18, 2017, 2:56 a.m., Swapan Shridhar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63937/ > ----------------------------------------------------------- > > (Updated Nov. 18, 2017, 2:56 a.m.) > > > Review request for Ambari, Jayush Luniya, Madhuvanthi Radhakrishnan, and > Robert Levas. > > > Bugs: AMBARI-22472 > https://issues.apache.org/jira/browse/AMBARI-22472 > > > Repository: ambari > > > Description > ------- > > **Background:** > YARN NodeManager currently have 2 identities in 2.5 and 2.6 stack, namely : > *'/HIVE/HIVE_SERVER/hive_server_hive'* and *'llap_zk_hive'*. > - */HIVE/HIVE_SERVER/hive_server_hive* is a reference from HIVE_SERVER, > whereas > - *llap_zk_hive* creates same principal as above in a separate keytab file. > > **Issue:** Recreating same identities in different files creates issues while > AMbari upgrade from 2.5 to 2.6, as the *llap_zk_hive* are not > refreshed/updated after the upgrade. Thus, HSI fails to come up. > > **Fix:** Make * llap_zk_hive* also point as a reference pointing to > /HIVE/HIVE_SERVER/hive_server_hive, so that we have one identity getting > created only at one place and one keytab file. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java > 96ce807 > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog260Test.java > be04cd5 > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_ranger_kms.json > e17e121 > > > Diff: https://reviews.apache.org/r/63937/diff/1/ > > > Testing > ------- > > **TESTING:** > > |||||||||||||||||||||||||| Ambari 2.5, before upgrade: > |||||||||||||||||||||||||| > > > {code:title=From /etc/hive2/cong/conf.server/hive-site.xml} > <property> > <name>hive.llap.daemon.keytab.file</name> > <value>/etc/security/keytabs/hive.service.keytab</value> > </property> > > <property> > <name>hive.llap.daemon.service.principal</name> > <value>hive/[email protected]</value> > </property> > > <property> > <name>hive.llap.zk.sm.keytab.file</name> > <value>/etc/security/keytabs/hive.llap.zk.sm.keytab</value> > </property> > > <property> > <name>hive.llap.zk.sm.principal</name> > <value>hive/[email protected]</value> > </property> > {code} > > > |||||||||||||||||||||||||| Upgrade to Ambari-2.6 > |||||||||||||||||||||||||| > > > **Logs: Ambari Server Upgrade** > > [root@swap-qqq-1 ~]# ambari-server upgrade > Using python /usr/bin/python > Upgrading ambari-server > INFO: Upgrade Ambari Server > INFO: Updating Ambari Server properties in ambari.properties ... > INFO: Updating Ambari Server properties in ambari-env.sh ... > WARNING: Original file ambari-env.sh kept > INFO: Fixing database objects owner > Ambari Server configured for Embedded Postgres. Confirm you have made a > backup of the Ambari Server database [y/n] (y)? y > INFO: Upgrading database schema > INFO: Return code from schema upgrade command, retcode = 0 > INFO: Schema upgrade completed > Adjusting ambari-server permissions and ownership... > Ambari Server 'upgrade' completed successfully. > [root@swap-qqq-1 ~]# > [root@swap-qqq-1 ~]# > [root@swap-qqq-1 ~]# > [root@swap-qqq-1 ~]# > [root@swap-qqq-1 ~]# ambari-server --version > 2.6.0.0-267 > [root@swap-qqq-1 ~]# > > > **Logs : Updating Kerberos descriptors** > > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:673 - Updating YARN's > HSI Kerberos Descriptor .... > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:685 - Retrieved > HIVE->HIVE_SERVER kerberos descriptor. Name = hive_server_hive > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:700 - Retrieved > YARN->NODEMANAGER kerberos descriptor to be updated. Name = llap_zk_hive > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:709 - Updated > 'llap_zk_hive' identity descriptor reference = > '/HIVE/HIVE_SERVER/hive_server_hive' > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:712 - Updated > 'llap_zk_hive' principal descriptor value = '' > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:717 - Updated > 'llap_zk_hive' keytab descriptor file = '' > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:720 - Updated > 'llap_zk_hive' keytab descriptor owner name = '' > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:722 - Updated > 'llap_zk_hive' keytab descriptor owner access = '' > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:724 - Updated > 'llap_zk_hive' keytab descriptor group name = '' > 18 Nov 2017 07:25:54,003 INFO [main] UpgradeCatalog260:726 - Updated > 'llap_zk_hive' keytab descriptor group access = '' > 18 Nov 2017 07:25:54,004 INFO [main] UpgradeCatalog260:730 - Updated > 'isYarnKerberosDescUpdated' = true > > > **Logs : Updated HSI config 'hive.llap.zk.sm.keytab.file'** > > 18 Nov 2017 07:25:54,073 INFO [main] UpgradeCatalog260:767 - Updated HSI > config 'hive.llap.zk.sm.keytab.file' = > /etc/security/keytabs/hive.service.keytab > > > **From UI**: > > Changed hive.llap.zk.sm.keytab.file : > https://issues.apache.org/jira/secure/attachment/12898329/Screen%20Shot%202017-11-17%20at%2011.44.41%20PM.png > > HSI up : > https://issues.apache.org/jira/secure/attachment/12898328/Screen%20Shot%202017-11-17%20at%2011.44.55%20PM.png > > > Thanks, > > Swapan Shridhar > >
