I was able to fix this by using the API to create the KERBEROS service
and KERBEROS_CLIENT host component (but not assigning any hosts to
that component):
curl ... -X POST ...services/KERBEROS
curl ... -X PUT '{"ServiceInfo": {"state" : "INSTALLED"}}' ...services/KERBEROS
curl ... -X POST ...services/KERBEROS/components/KERBEROS_CLIENTI ran into other bugs after that: - Ambari install tried to modify user "ambari-qa". However, this user is a kerberos user and ambari tried to run usermod which failed complaining that ambari-qa is not in /etc/passwd. To get around this I deleted this user in kerberos, allow ambari to create the user in /etc/passwd, then once the setup was done I had to recreate the kerberos user so that the headless keytab would work. - Ambari install also tried to create the local user hdfs, which didn't work very well because hdfs is a kerberos user (due to the headless keytab). I just created this user in /etc/password which allowed the host install to continue. Every time I ran into a failure I ended up deleting the host services and host via the api, making adjustments, and going back through the wizard. With these workarounds I was able to get the hosts added into the cluster. These are the only hosts now with the "KERBEROS_CLIENT" service - I'm not sure what the expected state is there. Thank you! On Fri, Sep 4, 2015 at 8:23 AM, Andrew Robertson <[email protected]> wrote: > Hey - > > I recently added a manually-administered kerberos service to Ambari. > This is where nodes are all kerberized, but Ambari doesn't administer > the kerberos server (had to download the csv & create the keytabs > myself). This is ambari 2.1.1. > > I'm now trying to add a new host to the cluster using the "Ambari > add-host" wizard. > > Ambari gets through to the "review" step (step5), but when trying to > move forward to "Deploy" it fails. > > A browser console trace shows that it tries to fetch: > https://{ambari > server}/api/v1/clusters/{cluster}/services/KERBEROS?fields=Services/attributes/kdc_validation_result,Services/attributes/kdc_validation_failure_details&_=1441379573009 > > and gets a 404 back. (This 404 seems correct to me as there is no > "kerberos" service administered by Ambari. However, it doesn't appear > Ambari's add-host wizard understands this). > > Is this a known issue, or am I doing something incorrect somewhere? I > looked through the opened JIRAs and didn't see anything for this. > > Thanks!
