Hi Fay… What version of Ambari are you using? I believe the credential mechanism changed in Ambari 2.2.0.
Before Ambari 2.2.0, the KDC administrator credential is stored in “session” and thus a HTTP session is needed to maintain access to this data between API calls. The error message indicates that this is what may be happening. So to fix it, you need to establish a HTTP session using CURL. For Ambar 2.2.0 and up, the KDC administrator credential is stored in a server-wide keys store… either in temporary or permitted storage. If you are using this version, then the error message is incorrect and should actually direct you to use the credentials API – see https://github.com/apache/ambari/blob/trunk/ambari-server/docs/api/v1/credential-resources.md. No session is needed for this. Rob From: Fay Wang <[email protected]<mailto:[email protected]>> Reply-To: Fay Wang <[email protected]<mailto:[email protected]>> Date: Thursday, January 7, 2016 at 10:30 PM To: Robert Levas <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Failed to put kerberos descriptor via REST API Thanks, Rob. Changing to POST works fine! I am now able to kerberize the cluster using the REST API. However. starting services fails: curl -H "X-Requested-By:ambari" -u admin:admin -i -X PUT -d '{"ServiceInfo": {"state" : "STARTED"}}' http://localhost:8080/api/v1/clusters/MyCluster/services HTTP/1.1 400 Bad Request User: admin Set-Cookie: AMBARISESSIONID=n1bo172w5po26xndrqfg95z9;Path=/;Secure;HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/plain Content-Length: 460 Server: Jetty(8.1.17.v20150415) { "status" : 400, "message" : "java.lang.IllegalArgumentException: Missing KDC administrator credentials.\nThe KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:\n{\n \"session_attributes\" : {\n \"kerberos_admin\" : {\"principal\" : \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n }\n}" } I then issued the command as suggested by the above message: curl -H "X-Requested-By:ambari" -u admin:admin -i -X PUT -d '{"session_attributes" : {"kerberos_admin" : {"principal" : "fay/[email protected]<mailto:fay/[email protected]>", "password" : "passw0rd"}}}' http://localhost:8080/api/v1/clusters/MyCluster and then re-issued the start-service command. Still the start failed with the same error message. Many thanks for your patience and help! -fay On Thursday, January 7, 2016 5:28 PM, Robert Levas <[email protected]<mailto:[email protected]>> wrote: Hi Fay... Instead of PUT, you should do a POST. To create a new kerberos_descriptor artifact. If a kerberos_descriptor artifact already existed, then you out PUT to update it. I'll have to check, is the documentation I correct or confusing? Rob On Jan 7, 2016, at 6:50 PM, Fay Wang <[email protected]<mailto:[email protected]>> wrote: Thanks, Rob, for the info! I am able to get the default kerberos descriptor via REST api, but get an error when issuing the following command to update the descriptor: curl -H "X-Requested-By:ambari" -u admin:admin -i -X PUT -d @/tmp/descriptor_update.json http://localhost:8080/api/v1/clusters/MyCluster/artifacts/kerberos_descriptor HTTP/1.1 100 Continue HTTP/1.1 404 Not Found User: admin Set-Cookie: AMBARISESSIONID=ia3j9lvqclb6fytb01x5c2vl;Path=/;Secure;HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/plain Content-Length: 244 Server: Jetty(8.1.17.v20150415) { "status" : 404, "message" : "org.apache.ambari.server.controller.spi.NoSuchResourceException: The requested resource doesn't exist: Artifact not found, Artifacts/cluster_name=MyCluster AND Artifacts/artifact_name=kerberos_descriptor" } The content of /tmp/descriptor_update.json: { "artifact_data" : { "services" : [ { "configurations" : [ { "core-site" : { "hadoop.proxyuser.HTTP.hosts" : "*" } } ], "name" : "HIVE" } ] } } Thanks in advance for the help! -fay
