> On Feb. 26, 2015, 5:14 p.m., Jonathan Hurley wrote:
> > ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py, line 137
> > <https://reviews.apache.org/r/31483/diff/1/?file=878319#file878319line137>
> >
> > Hard coding /tmp ?
Believe {params.tmp_dir} was made available as part of
https://issues.apache.org/jira/browse/AMBARI-6408
> On Feb. 26, 2015, 5:14 p.m., Jonathan Hurley wrote:
> > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py,
> > line 109
> > <https://reviews.apache.org/r/31483/diff/1/?file=878322#file878322line109>
> >
> > Same as above; hard coding the /tmp path.
>
> Robert Levas wrote:
> Do you know how to get the `tmp_path` value from the `Environment` from
> this point in the code? I am not familair enough with this to figure it out.
> Or maybe `tmp_path` is in the `parameters` dictionary?
>
> Jonathan Hurley wrote:
> The agent has it's own tmp location configuration in
> /etc/ambari-agent/conf/ambari-agent.ini
>
> ```
> [agent]
> tmp_dir=/var/lib/ambari-agent/data/tmp
> ```
>
> You can use this; it's accessed from AmbariConfig.py
>
> Robert Levas wrote:
> Thanks... I think I found where the config is being passed around. I
> will have a new patch up shortly. Testing now.
Believe {params.tmp_dir} was made available as part of
https://issues.apache.org/jira/browse/AMBARI-6408
- Jeff
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31483/#review74285
-----------------------------------------------------------
On Feb. 26, 2015, 12:02 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31483/
> -----------------------------------------------------------
>
> (Updated Feb. 26, 2015, 12:02 p.m.)
>
>
> Review request for Ambari, Andrew Onischuk, Emil Anca, Jonathan Hurley, and
> Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-9785
> https://issues.apache.org/jira/browse/AMBARI-9785
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After enabling Kerberos, the root user has the spnego user set for it
>
> ```
> [root@c6501 ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: HTTP/[email protected]
>
> Valid starting Expires Service principal
> 02/18/15 22:14:51 02/19/15 22:14:51 krbtgt/[email protected]
> renew until 02/18/15 22:14:51
> ```
>
> It appears that the issue is related to the agent-side scheduler and/or some
> job that is scheduled to run periodically. Apparently some job is kinit-ing
> with the SPNEGO identity as the running user (root in this case) without
> changing the ticket cache. Thus whenever the job runs the root user's ticket
> cache gets changed to contain the SPNEGO identity's ticket.
>
> While investigating and solving the issue it was found that other credentials
> were added to this cache, overwriting what was there, during backround
> processing, as well.
>
> Most of the issues were releated to _alert_ checking on web-based UI
> endpoints while configuring the environment for curl to use Kerberos
> authentication. Another place (in Oozie) was a failure to run a command as
> the `oozie` local user.
>
> Solving this includes using an alternate credential cache when kinit-ing.
> While at it, the cached is checked to see if the tickets are expired (or even
> there) before kinit-ing.
>
>
> Diffs
> -----
>
> ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 8ee6606
>
> ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
> 44d235c
>
> ambari-common/src/main/python/resource_management/libraries/functions/get_klist_path.py
> PRE-CREATION
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
> 970ddde
>
> ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
> a5a066b
>
> ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_service.py
> 092149d
>
> ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/OOZIE/package/files/alert_check_oozie_server.py
> a5a066b
>
> ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py
> 970ddde
> ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
> 45e9dc4
>
> Diff: https://reviews.apache.org/r/31483/diff/
>
>
> Testing
> -------
>
> Manually tested all services in test cluster to see which might have this
> issue. Found only OOZIE and HIVE issues and tests showed they are fixed and
> working as they should.
>
> #Jenkins Test Results
>
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 01:12 h
> [INFO] Finished at: 2015-02-26T06:35:45+00:00
> [INFO] Final Memory: 44M/457M
> [INFO]
> ------------------------------------------------------------------------
>
>
> Thanks,
>
> Robert Levas
>
>
