Re: Review Request 43331: Ambari overwrites auth_to_local rules in core-site.xml

Tue, 09 Feb 2016 07:01:42 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43331/
-----------------------------------------------------------

(Updated Feb. 9, 2016, 5 p.m.)


Review request for Ambari and Robert Levas.


Bugs: AMBARI-14961
    https://issues.apache.org/jira/browse/AMBARI-14961


Repository: ambari


Description
-------

As part of the kerberization process, a specific auth_to_local ruleset is used.

The customer uses the "Manual" method of Kerbrizing their clusters. The 
addition of the custom auth_to_local rules is added as a step in the process.

We found that during certain operations (such as moving the NameNode using the 
Ambari wizard), many services such as HDFS fail to restart.  Upon examination 
of the failure it was revealed that Ambari is overwriting / modifying the 
custom auth_to_local rules to something completely different.   The change is 
getting pushed to the nodes and the services fail to start up.

1) Secure the cluster using the "Manual" process as outlined in the Ambari 
documentation.
2) Add the custom auth_to_local rules after the cluster is kerberized.
3) Attempt to peform an operation such as moving a NameNode.

Whenever services try to start / restart they fail.  The logs from the 
respective services show failures pointing to incorrect auth_to_local settings.

auth_to_local rules do not get modified or overwritten by ambari.

Depending on the failure, we have been able to work around it doing one of two 
things:
1) Manually edit the core-site.xml where the service failed to start and start 
the service from the command line.
2) Go back into the Ambari UI, fix the auth_to_local rules, save the config, 
then restart the respective services.


Diffs (updated)
-----

  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 b94da70 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 c76e45a 
  ambari-web/app/data/HDP2/site_properties.js 7dfdbff 

Diff: https://reviews.apache.org/r/43331/diff/


Testing
-------

mvn clean test


Thanks,

Dmitro Lisnichenko

Reply via email to