Repository: ambari Updated Branches: refs/heads/trunk b019e1dcf -> 0ada5769a
AMBARI-15645. Upgrading Kerberized JournalNode requires HDFS principal to perform 'role edits' task. (Robert Levas via stoader) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0ada5769 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0ada5769 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0ada5769 Branch: refs/heads/trunk Commit: 0ada5769a54e687d54bbedd3011f456c6de4559e Parents: b019e1d Author: Robert Levas <rle...@hortonworks.com> Authored: Fri Apr 1 10:09:18 2016 +0200 Committer: Toader, Sebastian <stoa...@hortonworks.com> Committed: Fri Apr 1 10:17:16 2016 +0200 ---------------------------------------------------------------------- .../HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py | 4 +++- .../HDFS/2.1.0.2.0/package/scripts/params_linux.py | 5 ++--- 2 files changed, 5 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/0ada5769/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py index bd9f014..8f478ef 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py @@ -39,7 +39,9 @@ def post_upgrade_check(): Logger.info("Ensuring Journalnode quorum is established") if params.security_enabled: - Execute(params.jn_kinit_cmd, user=params.hdfs_user) + # We establish HDFS identity instead of JN Kerberos identity + # since this is an administrative HDFS call that requires the HDFS administrator user to perform. + Execute(params.hdfs_kinit_cmd, user=params.hdfs_user) time.sleep(5) hdfs_roll_edits() http://git-wip-us.apache.org/repos/asf/ambari/blob/0ada5769/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py index d4894ba..6725be5 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py @@ -321,12 +321,11 @@ if security_enabled: if jn_principal_name: jn_principal_name = jn_principal_name.replace('_HOST', hostname.lower()) jn_keytab = default("/configurations/hdfs-site/dfs.journalnode.keytab.file", None) - jn_kinit_cmd = format("{kinit_path_local} -kt {jn_keytab} {jn_principal_name};") + hdfs_kinit_cmd = format("{kinit_path_local} -kt {hdfs_user_keytab} {hdfs_principal_name};") else: dn_kinit_cmd = "" nn_kinit_cmd = "" - jn_kinit_cmd = "" - + hdfs_kinit_cmd = "" hdfs_site = config['configurations']['hdfs-site'] default_fs = config['configurations']['core-site']['fs.defaultFS']