[
https://issues.apache.org/jira/browse/AMBARI-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-16801:
----------------------------------
Description:
*Error*
{code}
"stderr" : "Traceback (most recent call last):\n File
\"/var/lib/ambari-agent/cache/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py\",
line 162, in <module>\n MapReduce2ServiceCheck().execute()\n File
\"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py\",
line 254, in execute\n method(env)\n File
\"/var/lib/ambari-agent/cache/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py\",
line 140, in service_check\n params.smokeuser_principal, params.hostname,
params.tmp_dir)\n File
\"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/security_commons.py\",
line 204, in cached_kinit_executor\n new_cached_exec(key, file_path,
kinit_path, temp_dir, exec_user, keytab_file, principal, hostname)\n File
\"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/security_commons.py\",
line 225, in new_cached_exec\n Execute(command, user=exec_user)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/base.py\", line
155, in __init__\n self.env.run()\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/environment.py\",
line 160, in run\n self.run_action(resource, action)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/environment.py\",
line 124, in run_action\n provider_action()\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py\",
line 273, in action_run\n tries=self.resource.tries,
try_sleep=self.resource.try_sleep)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
70, in inner\n result = function(command, **kwargs)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
92, in checked_call\n tries=tries, try_sleep=try_sleep)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
140, in _call_wrapper\n result = _call(command, **kwargs_copy)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
293, in _call\n raise
Fail(err_msg)\nresource_management.core.exceptions.Fail: Execution of
'/usr/bin/kinit -c /var/lib/ambari-agent/tmp/tmpGyLePc -kt
/etc/security/keytabs/smokeuser.headless.keytab [email protected]' returned
1. kinit(v5): Internal credentials cache error when initializing cache
/var/lib/ambari-agent/tmp/tmpGyLePc",
{code}
*Cause*
The MR service check was incorrectly calling `cached_kinit_executor` which is
used for internally testing keytab files in service status checks. This found
an issue where the user executing the check was not able to create the
temporary ticket cache due to ACLs on the relevant directory and created file -
created as the user executing ambari-agent, not the specified user.
*Solution*
Ensured the user specified in `cached_kinit_executor` owns the temporary ticket
cache and correctly kinit-ed in the Map Reduce service check function.
was:
*Error*
{code}
"stderr" : "Traceback (most recent call last):\n File
\"/var/lib/ambari-agent/cache/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py\",
line 162, in <module>\n MapReduce2ServiceCheck().execute()\n File
\"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py\",
line 254, in execute\n method(env)\n File
\"/var/lib/ambari-agent/cache/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py\",
line 140, in service_check\n params.smokeuser_principal, params.hostname,
params.tmp_dir)\n File
\"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/security_commons.py\",
line 204, in cached_kinit_executor\n new_cached_exec(key, file_path,
kinit_path, temp_dir, exec_user, keytab_file, principal, hostname)\n File
\"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/security_commons.py\",
line 225, in new_cached_exec\n Execute(command, user=exec_user)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/base.py\", line
155, in __init__\n self.env.run()\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/environment.py\",
line 160, in run\n self.run_action(resource, action)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/environment.py\",
line 124, in run_action\n provider_action()\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py\",
line 273, in action_run\n tries=self.resource.tries,
try_sleep=self.resource.try_sleep)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
70, in inner\n result = function(command, **kwargs)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
92, in checked_call\n tries=tries, try_sleep=try_sleep)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
140, in _call_wrapper\n result = _call(command, **kwargs_copy)\n File
\"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
293, in _call\n raise
Fail(err_msg)\nresource_management.core.exceptions.Fail: Execution of
'/usr/bin/kinit -c /var/lib/ambari-agent/tmp/tmpGyLePc -kt
/etc/security/keytabs/smokeuser.headless.keytab [email protected]' returned
1. kinit(v5): Internal credentials cache error when initializing cache
/var/lib/ambari-agent/tmp/tmpGyLePc",
{code}
*Cause*
The MR service check was incorrectly calling `cached_kinit_executor` which is
used for internally testing keytab files in service status checks. This found
an issue where the user executing the check was not able to create the
temporary ticket cache due to ACLs on the relevant directory and created file -
created as the user executing ambari-agent, not the specified user.
*Solution*
Ensured the user specified in `cached_kinit_executor` owns the tempory ticket
cache and correctlty kinited in the mapreduce service check function.
> MAPREDUCE2_SERVICE_CHECK failed on secured cluster
> --------------------------------------------------
>
> Key: AMBARI-16801
> URL: https://issues.apache.org/jira/browse/AMBARI-16801
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.4.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Fix For: 2.4.0
>
> Attachments: AMBARI-16801_trunk_01.patch
>
>
> *Error*
> {code}
> "stderr" : "Traceback (most recent call last):\n File
> \"/var/lib/ambari-agent/cache/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py\",
> line 162, in <module>\n MapReduce2ServiceCheck().execute()\n File
> \"/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py\",
> line 254, in execute\n method(env)\n File
> \"/var/lib/ambari-agent/cache/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py\",
> line 140, in service_check\n params.smokeuser_principal, params.hostname,
> params.tmp_dir)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/security_commons.py\",
> line 204, in cached_kinit_executor\n new_cached_exec(key, file_path,
> kinit_path, temp_dir, exec_user, keytab_file, principal, hostname)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/libraries/functions/security_commons.py\",
> line 225, in new_cached_exec\n Execute(command, user=exec_user)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/base.py\", line
> 155, in __init__\n self.env.run()\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/environment.py\",
> line 160, in run\n self.run_action(resource, action)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/environment.py\",
> line 124, in run_action\n provider_action()\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py\",
> line 273, in action_run\n tries=self.resource.tries,
> try_sleep=self.resource.try_sleep)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
> 70, in inner\n result = function(command, **kwargs)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
> 92, in checked_call\n tries=tries, try_sleep=try_sleep)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
> 140, in _call_wrapper\n result = _call(command, **kwargs_copy)\n File
> \"/usr/lib/python2.6/site-packages/resource_management/core/shell.py\", line
> 293, in _call\n raise
> Fail(err_msg)\nresource_management.core.exceptions.Fail: Execution of
> '/usr/bin/kinit -c /var/lib/ambari-agent/tmp/tmpGyLePc -kt
> /etc/security/keytabs/smokeuser.headless.keytab [email protected]'
> returned 1. kinit(v5): Internal credentials cache error when initializing
> cache /var/lib/ambari-agent/tmp/tmpGyLePc",
> {code}
> *Cause*
> The MR service check was incorrectly calling `cached_kinit_executor` which is
> used for internally testing keytab files in service status checks. This found
> an issue where the user executing the check was not able to create the
> temporary ticket cache due to ACLs on the relevant directory and created file
> - created as the user executing ambari-agent, not the specified user.
> *Solution*
> Ensured the user specified in `cached_kinit_executor` owns the temporary
> ticket cache and correctly kinit-ed in the Map Reduce service check function.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
