Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Looks like code to distribute JCE policy is in before-install hooks
[code](https://git-wip-
us.apache.org/repos/asf/ambari/repo?p=ambari.git;a=blob;f=ambari-
server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared
_initialization.py;h=a1196a8d2c997be37d65760aa3cd5de13e2cc747;hb=HEAD#l210).
So if no INSTALL task has executed on a host in secure cluster (for agent
hadoop.security.authentication=kerberos is security enabled) then JCE policy
will not be distributed and unzipped on that host
Cluster can easily fall in a situation where a host has no client component.
Following are example scenarios
1. While installing partial set of services with default selection for serviceComponent allocation to hosts in installer wizard
2. Adding a new host with slave components but no client components.
This leads to failure of starting serviceComponent that has no client
installed with them on a host in secure cluster.
I discovered this bug while securing a cluster with just HDFS+ZK+STORM
installed. Security wizard start all services failed with ZK quorum check
failure. Once I installed HDFS_CLIENT on all hosts and restarted all services
then all services came up in secure cluster.
Attachments
Issue Links
- breaks
-
-
- Resolved
-
- links to
