Robert Levas created AMBARI-12180:
-------------------------------------
Summary: Enabling Kerberos on cluster with AMS and no HDFS fails
Key: AMBARI-12180
URL: https://issues.apache.org/jira/browse/AMBARI-12180
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.1.0
In a cluster where AMS is installed but HDFS is _not_ installed, enabling
Kerberos fails due to the inability for the server-side Kerberos logic to
replace ${hadoop-env/hdfs_user} when generating the metadata used to create
principals and distribute keytab files.
This condition yields the following principal (when the cluster name is
AMSNOHDFS and the realm is EXAMPLE.COM)
{noformat}
$\{hadoop-env/hdfs_user\}-amsnoh...@example.com
{noformat}
This is successfully created in the (MIT) KDC. Also, the relative keytab file
appears to have been successfully created as well.
However, when distributing the keytab file and setting the ownership
attributes, the agent-side script fails with
{code}
Traceback (most recent call last):
File
"/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
line 77, in <module>
KerberosClient().execute()
File
"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
line 216, in execute
method(env)
File
"/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py",
line 67, in set_keytab
self.write_keytab_file()
File
"/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py",
line 397, in write_keytab_file
group=group)
File "/usr/lib/python2.6/site-packages/resource_management/core/base.py",
line 157, in __init__
self.env.run()
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line 152, in run
self.run_action(resource, action)
File
"/usr/lib/python2.6/site-packages/resource_management/core/environment.py",
line 118, in run_action
provider_action()
File
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 108, in action_create
self.resource.group, mode=self.resource.mode,
cd_access=self.resource.cd_access)
File
"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py",
line 44, in _ensure_metadata
_user_entity = pwd.getpwnam(user)
KeyError: 'getpwnam(): name not found: $\{hadoop-env/hdfs_user\}'
{code}
*NOTE: \ needed to be added to the hadoop-env/hdfs_user placeholder due to
formatting issue*
* Solution:
Remove the HDFS identity reference in AMS and assume the hdfs keytab file will
be on the appropriate host(s) when HDFS is installed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
