I am glad that I could help; even though the solution may not have been ideal.
I am not sure about the release dates for 2.0.1 or 2.1. I assume sometime before the end of May both will be released. Rob On 4/18/15, 2:35 AM, "Frank Eisenhauer" <[email protected]> wrote: >Hi Rob, > >thank you very much. >I wasn't aware Ambari is running as non-root as I always started Ambaris >as root user. > >I changed the user setting in ambari.properties and was able to activate >kerberos. > >Is there already a date for the Ambari Update to be availabe? > >Best regards >Frank > >Am 18.04.2015 um 01:22 schrieb Robert Levas: >> Hi FrankŠ >> >> It seems like Ambari is running as ambari-server, not root. This isn¹t >> typically an issue, but in this case the problem from >> https://issues.apache.org/jira/browse/AMBARI-10266 is coming into play. >> The solution will be in the next releases of Ambari (2.0.1 and 2.1), but >> for now it appears that you need to run Ambari as root to get around >>this >> issue. >> >> Essentially, unless you are root, the directory must be executable in >> order to write files in it. There is a bug in Ambari where when it >> attempts to protect temporary files created while enabling Kerberos, it >> fails to properly set the executable flag on relevant directories. Thus >> the error condition. For some reason, the root user does not have this >> restriction and the bug is avoided. >> >> Is it possible to run Ambari as root? I think you need to edit >> /etc/ambari-server/conf/ambari.properties and set ambari-server.user to >> root: >> >> ambari-server.user=root >> >> Then restart Ambari. >> >> I am sorry that this is the only solution that I can think of until the >> next release. I hope it helps, >> >> Rob >> >> >> >> >> >> On 4/17/15, 5:34 PM, "Frank Eisenhauer" <[email protected]> wrote: >> >>> Hi Rob, >>> >>> the direcory "/var/lib/ambari-server/data/tmp/" exists and has the >>> following permissions: >>> >>> drwx------ 2 ambari-server root 4096 Apr 13 20:28 cache >>> drwxrwxrwx 10 ambari-server root 4096 Apr 17 21:41 tmp >>> >>> I changed the permissions to 777 just to exclude permissions as a root >>> cause. >>> But unfortunately changing the permissions has no effect on the issue. >>> >>> After executing "Install and Test Kerberos Client" via Ambari Kerberos >>> wizard, two new folders are beeing created in the tmp directory, with >>> the following permissions: >>> >>> drwxr-xr-x 3 ambari-server ambari-server 4096 Apr 17 23:35 >>> .ambari_1429306535296-0.d >>> drwxr-xr-x 2 ambari-server ambari-server 4096 Apr 17 23:35 >>> .ambari_1429306535374-0.d >>> >>> Disk space and available inodes is not an issue. I really don't see a >>> reason why the files cannot be writen to that directory. >>> >>> Inside of the first folder mentioned above, ther's is another folder >>> with the hostname: >>> >>> drw------- 2 ambari-server ambari-server 4096 Apr 17 23:35 >>> HADOOP01.BIGDATA.LOCAL >>> -rw-r--r-- 1 ambari-server ambari-server 765 Apr 17 23:35 index.dat >>> >>> The ambari log states, that the kerberos keytab is exported to the host >>> directory. Might the missing execute flag be a cause for the permission >>> denied error? >>> >>> The installation runs on CentOS 6.6 and Java Version is 1.7.0_71 >>> >>> Am 17.04.2015 um 23:14 schrieb Robert Levas: >>>> Hi Frank, >>>> >>>> Can you check to see if /var/lib/ambari-server/data/tmp/ exists on the >>>> Ambari server host? If so, what permissions does it have? >>>> >>>> Ideally, /var/lib/ambari-server/data/tmp/ exists and all directories >>>>in >>>> the path are executable by the user that Ambari runs as. >>>> >>>> Both of these are essentially covered in >>>> https://issues.apache.org/jira/browse/AMBARI-10266 and I saw that you >>>> acknowledged the solution in the ticket, but I just wanted to make >>>>sure >>>> we >>>> covered all of the bases. >>>> >>>> Other than this, I am not sure while the file cannot be written. >>>> Obvious >>>> things like being out of disk space or memory could cause the issue, >>>>but >>>> you would be seeing other issues if this was the case. >>>> >>>> What OS and Java VM are you running Ambari on? >>>> >>>> Rob >>>> >>>> On 4/17/15, 4:03 PM, "Frank Eisenhauer" <[email protected]> >>>>wrote: >>>> >>>>> Hi Jeff, >>>>> >>>>> Ambari is running as root. >>>>> >>>>> Am 17.04.2015 um 21:50 schrieb Jeff Sposetti: >>>>>> Hi, Are you running your Ambari Server as non-root? >>>>>> >>>>>> https://issues.apache.org/jira/browse/AMBARI-10266 >>>>>> >>>>>> You might be hitting that BUG. >>>>>> >>>>>> On 4/17/15, 3:41 PM, "Frank Eisenhauer" <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> I'm trying to enable Kerberos in Ambari 2.0.0 after upgrade from >>>>>>> Ambari >>>>>>> 1.7. >>>>>>> >>>>>>> During "Test Kerberos Client" I'm getting the error "Failed to >>>>>>>create >>>>>>> keytab file for [email protected] - Failed to export >>>>>>> keytab >>>>>>> file" >>>>>>> >>>>>>> The ambari-server.log states: >>>>>>> 17 Apr 2015 21:41:29,601 INFO [Server Action Executor Worker 4215] >>>>>>> CreateKeytabFilesServerAction:170 - Creating keytab file for >>>>>>> ambari-qa_idheyfiu@BIGDATA$ >>>>>>> 17 Apr 2015 21:41:29,636 ERROR [Server Action Executor Worker 4215] >>>>>>> KerberosOperationHandler:433 - Failed to export keytab file >>>>>>> java.io.FileNotFoundException: >>>>>>> >>>>>>> >>>>>>> >>>>>>>/var/lib/ambari-server/data/tmp/.ambari_1429299679291-0.d/HADOOP-SRV >>>>>>>01 >>>>>>> /4 >>>>>>> e6 >>>>>>> d850833d0d36946b1c5c5b260bec371c5247c >>>>>>> (Pe$ >>>>>>> at java.io.FileOutputStream.open(Native Method) >>>>>>> at >>>>>>> java.io.FileOutputStream.<init>(FileOutputStream.java:221) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.directory.server.kerberos.shared.keytab.Keytab.writeFile( >>>>>>>Ke >>>>>>> yt >>>>>>> ab >>>>>>> .java:273) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.directory.server.kerberos.shared.keytab.Keytab.write(Keyt >>>>>>>ab >>>>>>> .j >>>>>>> av >>>>>>> a:133) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosOperationHand >>>>>>>le >>>>>>> r. >>>>>>> cr >>>>>>> eateKeytabFile(KerberosOperationHandler.java:429) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServ >>>>>>>er >>>>>>> Ac >>>>>>> ti >>>>>>> on.processIdentity(CreateKeytabFilesServerAction.java:276) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosServerAction. >>>>>>>pr >>>>>>> oc >>>>>>> es >>>>>>> sRecord(KerberosServerAction.java:494) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosServerAction. >>>>>>>pr >>>>>>> oc >>>>>>> es >>>>>>> sIdentities(KerberosServerAction.java:386) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServ >>>>>>>er >>>>>>> Ac >>>>>>> ti >>>>>>> on.execute(CreateKeytabFilesServerAction.java:99) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.ServerActionExecutor$Worker.ex >>>>>>>ec >>>>>>> ut >>>>>>> e( >>>>>>> ServerActionExecutor.java:504) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.ServerActionExecutor$Worker.ru >>>>>>>n( >>>>>>> Se >>>>>>> rv >>>>>>> erActionExecutor.java:441) >>>>>>> at java.lang.Thread.run(Thread.java:744) >>>>>>> 17 Apr 2015 21:41:29,637 ERROR [Server Action Executor Worker 4215] >>>>>>> CreateKeytabFilesServerAction:290 - Failed to create keytab file >>>>>>>for >>>>>>> ambari-qa_idheyfiu$ >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosOperationExce >>>>>>>pt >>>>>>> io >>>>>>> n: >>>>>>> >>>>>>> Failed to export keytab file >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosOperationHand >>>>>>>le >>>>>>> r. >>>>>>> cr >>>>>>> eateKeytabFile(KerberosOperationHandler.java:439) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServ >>>>>>>er >>>>>>> Ac >>>>>>> ti >>>>>>> on.processIdentity(CreateKeytabFilesServerAction.java:276) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosServerAction. >>>>>>>pr >>>>>>> oc >>>>>>> es >>>>>>> sRecord(KerberosServerAction.java:494) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosServerAction. >>>>>>>pr >>>>>>> oc >>>>>>> es >>>>>>> sIdentities(KerberosServerAction.java:386) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServ >>>>>>>er >>>>>>> Ac >>>>>>> ti >>>>>>> on.execute(CreateKeytabFilesServerAction.java:99) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.ServerActionExecutor$Worker.ex >>>>>>>ec >>>>>>> ut >>>>>>> e( >>>>>>> ServerActionExecutor.java:504) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.ServerActionExecutor$Worker.ru >>>>>>>n( >>>>>>> Se >>>>>>> rv >>>>>>> erActionExecutor.java:441) >>>>>>> at java.lang.Thread.run(Thread.java:744) >>>>>>> Caused by: java.io.FileNotFoundException: >>>>>>> >>>>>>> >>>>>>> >>>>>>>/var/lib/ambari-server/data/tmp/.ambari_1429299679291-0.d/HADOOP-SRV >>>>>>>01 >>>>>>> /4 >>>>>>> e6 >>>>>>> d850833d0d36946b1c5c5b260bec37$ >>>>>>> at java.io.FileOutputStream.open(Native Method) >>>>>>> at >>>>>>> java.io.FileOutputStream.<init>(FileOutputStream.java:221) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.directory.server.kerberos.shared.keytab.Keytab.writeFile( >>>>>>>Ke >>>>>>> yt >>>>>>> ab >>>>>>> .java:273) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.directory.server.kerberos.shared.keytab.Keytab.write(Keyt >>>>>>>ab >>>>>>> .j >>>>>>> av >>>>>>> a:133) >>>>>>> at >>>>>>> >>>>>>> >>>>>>> >>>>>>>org.apache.ambari.server.serveraction.kerberos.KerberosOperationHand >>>>>>>le >>>>>>> r. >>>>>>> cr >>>>>>> eateKeytabFile(KerberosOperationHandler.java:429) >>>>>>> ... 7 more >>>>>>> >>>>>>> I've found a Jira Log >>>>>>> "https://issues.apache.org/jira/browse/AMBARI-10266"; but the >>>>>>> mentioned >>>>>>> solution does not solve the issue. The permission denied exception >>>>>>> still >>>>>>> occurs. >>>>>>> Ambari Server is running as root. >>>>>>> >
