Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-13058

Kerberos: failures / issues w/ add host when using "manual kerb" option

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1.1
    • Fix Version/s: 2.1.2
    • Component/s: ambari-web
    • Labels:
      None

      Description

      PART I

      >> I recently added a manually-administered kerberos service to Ambari.
      >> This is where nodes are all kerberized, but Ambari doesn't administer
      >> the kerberos server (had to download the csv & create the keytabs
      >> myself). This is ambari 2.1.1.
      >>
      >> I'm now trying to add a new host to the cluster using the "Ambari
      >> add-host" wizard.
      >>
      >> Ambari gets through to the "review" step (step5), but when trying to
      >> move forward to "Deploy" it fails.
      >>
      >> A browser console trace shows that it tries to fetch:
      >> https://{ambari
      >> server}/api/v1/clusters/{cluster}/services/KERBEROS?fields=Services/attributes/kdc_validation_result,Services/attributes/kdc_validation_failure_details&_=1441379573009
      >>
      >> and gets a 404 back.  (This 404 seems correct to me as there is no
      >> "kerberos" service administered by Ambari.  However, it doesn't appear
      >> Ambari's add-host wizard understands this).
      >>
      >> Is this a known issue, or am I doing something incorrect somewhere?  I
      >> looked through the opened JIRAs and didn't see anything for this.
      >>
      

      PART II

      >I was able to fix this by using the API to create the KERBEROS service
      >and KERBEROS_CLIENT host component (but not assigning any hosts to
      >that component):
      >curl ... -X POST ...services/KERBEROS
      >curl ... -X PUT '{"ServiceInfo": {"state" : "INSTALLED"}}' ...services/KERBEROS
      >curl ... -X POST ...services/KERBEROS/components/KERBEROS_CLIENT
      >
      >I ran into other bugs after that:
      > - Ambari install tried to modify user "ambari-qa". However, this user
      >is a kerberos user and ambari tried to run usermod which failed
      >complaining that ambari-qa is not in /etc/passwd.  To get around this
      >I deleted this user in kerberos, allow ambari to create the user in
      >/etc/passwd, then once the setup was done I had to recreate the
      >kerberos user so that the headless keytab would work.
      > - Ambari install also tried to create the local user hdfs, which
      >didn't work very well because hdfs is a kerberos user (due to the
      >headless keytab).  I just created this user in /etc/password which
      >allowed the host install to continue.
      >
      >Every time I ran into a failure I ended up deleting the host services
      >and host via the api, making adjustments, and going back through the
      >wizard.
      >
      >With these workarounds I was able to get the hosts added into the
      >cluster. These are the only hosts now with the "KERBEROS_CLIENT"
      >service - I'm not sure what the expected state is there.
      
      1. AMBARI-13058.patch
        0.6 kB
        Antonenko Alexander

        Activity

        Hide
        akovalenko Aleksandr Kovalenko added a comment -

        +1 for the patch

        Show
        akovalenko Aleksandr Kovalenko added a comment - +1 for the patch
        Hide
        hadoopqa Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12755142/AMBARI-13058.patch
        against trunk revision .

        -1 patch. The patch command could not apply the patch.

        Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3759//console

        This message is automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12755142/AMBARI-13058.patch against trunk revision . -1 patch . The patch command could not apply the patch. Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3759//console This message is automatically generated.
        Hide
        aantonenko Antonenko Alexander added a comment -

        committed to trunk and branch-2.1

        Show
        aantonenko Antonenko Alexander added a comment - committed to trunk and branch-2.1
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Ambari-branch-2.1 #510 (See https://builds.apache.org/job/Ambari-branch-2.1/510/)
        AMBARI-13058. Kerberos: failures / issues w/ add host when using "manual kerb" option (alexantonenko) (hiveww: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=63387e5b4667b3beb92a40868f222327e28943b5)

        • ambari-web/app/routes/add_kerberos_routes.js
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Ambari-branch-2.1 #510 (See https://builds.apache.org/job/Ambari-branch-2.1/510/ ) AMBARI-13058 . Kerberos: failures / issues w/ add host when using "manual kerb" option (alexantonenko) (hiveww: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=63387e5b4667b3beb92a40868f222327e28943b5 ) ambari-web/app/routes/add_kerberos_routes.js
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Ambari-trunk-Commit #3418 (See https://builds.apache.org/job/Ambari-trunk-Commit/3418/)
        AMBARI-13058. Kerberos: failures / issues w/ add host when using "manual kerb" option (alexantonenko) (hiveww: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=335dcb1ed0e469d67f9293707466a4c028b2f5a5)

        • ambari-web/app/routes/add_kerberos_routes.js
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Ambari-trunk-Commit #3418 (See https://builds.apache.org/job/Ambari-trunk-Commit/3418/ ) AMBARI-13058 . Kerberos: failures / issues w/ add host when using "manual kerb" option (alexantonenko) (hiveww: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=335dcb1ed0e469d67f9293707466a4c028b2f5a5 ) ambari-web/app/routes/add_kerberos_routes.js

          People

          • Assignee:
            aantonenko Antonenko Alexander
            Reporter:
            aantonenko Antonenko Alexander
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development