-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43331/
-----------------------------------------------------------
Review request for Ambari and Robert Levas.
Bugs: AMBARI-14961
https://issues.apache.org/jira/browse/AMBARI-14961
Repository: ambari
Description
-------
As part of the kerberization process, a specific auth_to_local ruleset is used.
The customer uses the "Manual" method of Kerbrizing their clusters. The
addition of the custom auth_to_local rules is added as a step in the process.
We found that during certain operations (such as moving the NameNode using the
Ambari wizard), many services such as HDFS fail to restart. Upon examination
of the failure it was revealed that Ambari is overwriting / modifying the
custom auth_to_local rules to something completely different. The change is
getting pushed to the nodes and the services fail to start up.
1) Secure the cluster using the "Manual" process as outlined in the Ambari
documentation.
2) Add the custom auth_to_local rules after the cluster is kerberized.
3) Attempt to peform an operation such as moving a NameNode.
Whenever services try to start / restart they fail. The logs from the
respective services show failures pointing to incorrect auth_to_local settings.
auth_to_local rules do not get modified or overwritten by ambari.
Depending on the failure, we have been able to work around it doing one of two
things:
1) Manually edit the core-site.xml where the service failed to start and start
the service from the command line.
2) Go back into the Ambari UI, fix the auth_to_local rules, save the config,
then restart the respective services.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b94da70
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
c76e45a
Diff: https://reviews.apache.org/r/43331/diff/
Testing
-------
mvn clean test
Thanks,
Dmitro Lisnichenko
