Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-10493

Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0
    • Fix Version/s: None
    • Component/s: ambari-server, security
    • Labels:
      None
    • Environment:

      HDP 2.2.0

      Description

      After upgrading to Ambari 2.0 (from 1.7) it wants to manage Kerberos but it doesn't seem to recognize the cluster as already kerberized, nor does it appear to have the capability to just use the existing keytabs as we have historically done - it wants to redeploy them from an MIT KDC as part of the enable kerberos process, which would obviously mess up my already deployed kerberized cluster which is running off FreeIPA (which includes an MIT KDC in each IPA server but isn't supported to be managed via kadmin interface).

      There doesn't seem to be an obvious way of getting Ambari to re-enable or recognize that kerberos is deployed and the services are kerberized. The current configurations do seem to still be intact with the kerberos config settings but Ambari does not recognize that Kerberos is deployed and I'm concerned this is going to eventually mess up my existing cluster or deploy new services without Kerberos.

      Hari Sekhon
      http://www.linkedin.com/in/harisekhon

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                harisekhon Hari Sekhon
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: