Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.0.0
Description
PROBLEM: Ambari is unable to start services after running the Enable Security wizard on a cluster that uses a non-standard path to the Kerberos utilities, such as kinit.
STEPS TO REPRODUCE:
1. Start with non-Kerberized cluster (2.2 Sandbox works fine)
2. Move Kerberos utilities from /usr/bin/ to a new location, example: /usr/myorg/bin/
3. Run 'Enable Security' wizard in Ambari, specify new path for kinit, Apply
4. Watch 'Start All Services' step fail
5. Attempt to 'Restart all components with Stale Configs for HDFS,' which fails with the following error:
Fail: Execution of ' -kt /etc/security/keytabs/hdfs.headless.keytab hdfs' returned 127. -bash: -kt: command not found
Due to the error that occurs with trying to manually restart the HDFS service, it seems like kinit_path_local is empty when the path to kinit is modified. It looks like each service uses the function from:
./ambari-common/src/main/python/resource_management/libraries/functions/get_kinit_path.py
But typically only these three hardcoded paths are passed to that function:
/usr/bin, /usr/kerberos/bin, /usr/sbin
The custom path defined in Ambari is never passed to that function, so the result is always empty.
Attachments
Attachments
Issue Links
- is blocked by
-
-
- Resolved
-
- relates to
-
AMBARI-10621 Use kerberos-env/executable_search_paths to indicate where to look for Kerberos utilities in HBASE agent-side scripts
-
- Resolved
-
- links to
