Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
2.0.0
-
None
-
None
-
HDP 2.2.0
Description
After upgrading to Ambari 2.0 (from 1.7) it wants to manage Kerberos but it doesn't seem to recognize the cluster as already kerberized, nor does it appear to have the capability to just use the existing keytabs as we have historically done - it wants to redeploy them from an MIT KDC as part of the enable kerberos process, which would obviously mess up my already deployed kerberized cluster which is running off FreeIPA (which includes an MIT KDC in each IPA server but isn't supported to be managed via kadmin interface).
There doesn't seem to be an obvious way of getting Ambari to re-enable or recognize that kerberos is deployed and the services are kerberized. The current configurations do seem to still be intact with the kerberos config settings but Ambari does not recognize that Kerberos is deployed and I'm concerned this is going to eventually mess up my existing cluster or deploy new services without Kerberos.
Hari Sekhon
http://www.linkedin.com/in/harisekhon
Attachments
Issue Links
- is blocked by
-
AMBARI-9783 Ability to manually enable Kerberos security
-
- Resolved
-