[jira] [Commented] (AMBARI-10493) Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade

Wed, 29 Apr 2015 06:33:36 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-10493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14519354#comment-14519354
 ] 

Robert Levas commented on AMBARI-10493:
---------------------------------------

[~harisekhon], According to 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=30755705, 
there is not official release date for 2.1.0.  

Also, the solution that I proposed when 2.1.0 comes out enables a manual option 
for managing Kerberos in the Ambari cluster. So when you add a new service, you 
will be required to create the principals and distribute the keytabs files 
manually. However, the service configurations will be updated for you. To get 
the list of expected principals, a CSV file may be downloaded.  So far the file 
will be a complete list of the expected principals, but there may be plans to 
return only the ones needed for the new service. 

> Ambari 2.0 doesn't recognize Kerberos on existing cluster after upgrade
> -----------------------------------------------------------------------
>
>                 Key: AMBARI-10493
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10493
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server, security
>    Affects Versions: 2.0.0
>         Environment: HDP 2.2.0
>            Reporter: Hari Sekhon
>            Priority: Critical
>
> After upgrading to Ambari 2.0 (from 1.7) it wants to manage Kerberos but it 
> doesn't seem to recognize the cluster as already kerberized, nor does it 
> appear to have the capability to just use the existing keytabs as we have 
> historically done - it wants to redeploy them from an MIT KDC as part of the 
> enable kerberos process, which would obviously mess up my already deployed 
> kerberized cluster which is running off FreeIPA (which includes an MIT KDC in 
> each IPA server but isn't supported to be managed via kadmin interface).
> There doesn't seem to be an obvious way of getting Ambari to re-enable or 
> recognize that kerberos is deployed and the services are kerberized. The 
> current configurations do seem to still be intact with the kerberos config 
> settings but Ambari does not recognize that Kerberos is deployed and I'm 
> concerned this is going to eventually mess up my existing cluster or deploy 
> new services without Kerberos.
> Hari Sekhon
> http://www.linkedin.com/in/harisekhon



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to