Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-9739

Kerberos: regenerate keytabs not handled for all hosts

    XMLWordPrintableJSON

Details

    Description

      1. Installed cluster on three hosts c6401, c6402, c6403
      2. using oracle jdk 1.7, put JCE in place on all hosts
      3. ambari-agent stop on c6403 (which just has DN, ZK and NM)
      4. Enable kerberos, which means c6403 does not get keytabs
      5. ambari-agent start on c6403
      6. go to regen keytabs. Clicked to only do missing. c6403 does not get keytabs.
      7. go to regen keytabs. just left the default which should do all. No hosts get the keytabs.

      What I found is since the Kerberos client didn't get installed on c6403, the "Set keytab kerberos client" command is "Host Role in invalid state". I went to that host, and did install clients from the UI to get the kerberos client installed. Once that happened, I could then regen keytabs.

      The main issue: Regen only works if all hosts can regen. Once c6403 did not have a client, and Host Role in invalid state, it didn't do keytabs for any other hosts.

      Attachments

        1. AMBARI-9739_01.patch
          24 kB
          Robert Levas

        Issue Links

          links to

          Web Link ReviewBoard

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: