[AMBARI-12180] Enabling Kerberos on cluster with AMS and no HDFS fails - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.1.0
Component/s: ambari-server
Labels:
- kerberos
- kerberos_descriptor

Description

In a cluster where AMS is installed but HDFS is not installed, enabling Kerberos fails due to the inability for the server-side Kerberos logic to replace ${hadoop-env/hdfs_user} when generating the metadata used to create principals and distribute keytab files.

This condition yields the following principal (when the cluster name is AMSNOHDFS and the realm is EXAMPLE.COM)

    $\{hadoop-env/hdfs_user\}-AMSNOHDFS@EXAMPLE.COM

This is successfully created in the (MIT) KDC. Also, the relative keytab file appears to have been successfully created as well.

However, when distributing the keytab file and setting the ownership attributes, the agent-side script fails with

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py", line 77, in <module>
    KerberosClient().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 216, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py", line 67, in set_keytab
    self.write_keytab_file()
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py", line 397, in write_keytab_file
    group=group)
  File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 157, in __init__
    self.env.run()
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 152, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 118, in run_action
    provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 108, in action_create
    self.resource.group, mode=self.resource.mode, cd_access=self.resource.cd_access)
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 44, in _ensure_metadata
    _user_entity = pwd.getpwnam(user)
KeyError: 'getpwnam(): name not found: $\{hadoop-env/hdfs_user\}'

NOTE: \ needed to be added to the hadoop-env/hdfs_user placeholder due to formatting issue

Solution:
Remove the HDFS identity reference in AMS and assume the hdfs keytab file will be on the appropriate host(s) when HDFS is installed

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-12180_01.patch
27/Jun/15 11:08
0.6 kB
Robert Levas

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Jun/15 01:15

Updated:: 28/Jun/15 13:34

Resolved:: 28/Jun/15 11:59