Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-15645

Upgrading Kerberized JournalNode requires HDFS principal to perform 'role edits' task

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.1.2
    • 2.2.2
    • ambari-server
    • None

    Description

      After upgrading HDP in Ambari version 2.1.2.1 a task a performed to role edits while restarting JournalNodes. If Kerberos is enabled, the JN Kerberos identity is established before making this call when really the HDFS identity should be established - since this is an administrative HDFS call that requires the HDFS administrator user to perform.

      Because of this, the following error is generated and seen in the :

      Fail: Execution of 'hdfs dfsadmin -rollEdits' returned 255. rollEdits: Access denied for user jn. Superuser privilege is required

      The offending code is

      common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py
        if params.security_enabled:
    Execute(params.jn_kinit_cmd, user=params.hdfs_user)

  time.sleep(5)
  hdfs_roll_edits()
  time.sleep(5)

      It should probably be something like:

      common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py
        if params.security_enabled:
    Execute(params.hdfs_kinit_cmd, user=params.hdfs_user)

  time.sleep(5)
  hdfs_roll_edits()
  time.sleep(5)

      Note the change from jn to hdfs in the kinit command line.

      This issue has also been posted in https://issues.apache.org/jira/browse/AMBARI-10519.

      Attachments

        1. AMBARI-15645_branch-2.2_01.patch
          2 kB
          Robert Levas
        2. AMBARI-15645_trunk_01.patch
          2 kB
          Robert Levas

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. AMBARI-10519 Ambari 2.0 stack upgrade HDP 2.2.0.0 => 2.2.4.0 breaks on HDFS HA JournalNode rollEdits: "Access denied for user jn. Superuser privilege is required"

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link ReviewBoard

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: