Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-14726

Knox Gateway start fails on HDP 2.3.4 due to wrong symlink

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 2.2.1
    • Fix Version/s: 2.2.1
    • Component/s: ambari-server
    • Labels:
      None

      Description

      Posted on the forum: https://community.hortonworks.com/questions/7750/knox-gateway-start-fail.html
      by Jose Guillen

      Install HDP 2.3.latest with Knox on a single host.
      Immediately after install, restart Knox.
      It fails with this error on both JDK 1.7 and 1.8

      2016-01-15 15:37:00,440 - Execute['/usr/hdp/current/knox-server/bin/knoxcli.sh create-master --master [PROTECTED]'] {'environment': {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_67'}, 'not_if': "ambari-sudo.sh su knox -l -s /bin/bash -c 'test -f /var/lib/knox/data/security/master'", 'user': 'knox'}
      

      Originates to /var/lib/ambari-agent/cache/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py

      cmd = format('{knox_client_bin} create-master --master {knox_master_secret!p}')
      master_secret_exist = as_user(format('test -f {knox_master_secret_path}'), params.knox_user)
      Execute(cmd,user=params.knox_user,environment={'JAVA_HOME': params.java_home},not_if=master_secret_exist,)
      {knox_master_secret_path}
      

      resolves to /var/lib/knox/data/security/master (as defined in /var/lib/ambari-agent/cache/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py). The problem is that the Knox master file does not exist on this location. The directory /var/lib/knox/data does exist, but the content is empty.

      Instead, the master key is located here: /usr/hdp/current/knox-server/data/security/master

      In the file /var/lib/ambari-agent/cache/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py, I also see something with removing/setting symbolic links:

      # Used to setup symlink, needed to update the knox managed symlink, in case of custom locations
      if os.path.islink(params.knox_managed_pid_symlink) and os.path.realpath(params.knox_managed_pid_symlink) != params.knox_pid_dir:
      os.unlink(params.knox_managed_pid_symlink)
      os.symlink(params.knox_pid_dir, params.knox_managed_pid_symlink)
      

      Perhaps something goes wrong with the symbolic links? (when you install HDP2.3 successfully, but try to restart all services immediately after the installation?)


      In any case, the following modification resolved the issue for me.. I'm not sure if it covers everything (e.g. what will happen if you change the Knox master key via the Ambari web interface??), but I don't have any more time to be stuck on this issue

      Open /var/lib/ambari-agent/cache/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py

      Change:

      knox_master_secret_path = '/var/lib/knox/data/security/master' 
      knox_cert_store_path = '/var/lib/knox/data/security/keystores/gateway.jks'
      

      to:

      knox_master_secret_path = '/usr/hdp/current/knox-server/data/security/master' 
      knox_cert_store_path = '/usr/hdp/current/knox-server/data/security/keystores/gateway.jks'
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              afernandez Alejandro Fernandez
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: