[jira] [Created] (AMBARI-14961) Ambari overwrites auth_to_local rules in core-site.xml

["Dmitry Lysnichenko (JIRA)" <ji...@apache.org>]

Dmitry Lysnichenko created AMBARI-14961:
-------------------------------------------

             Summary: Ambari overwrites auth_to_local rules in core-site.xml
                 Key: AMBARI-14961
                 URL: https://issues.apache.org/jira/browse/AMBARI-14961
             Project: Ambari
          Issue Type: Bug
            Reporter: Dmitry Lysnichenko
            Assignee: Dmitry Lysnichenko
         Attachments: AMBARI-14961.patch


As part of the kerberization process, a specific auth_to_local ruleset is used.

The customer uses the "Manual" method of Kerbrizing their clusters. The addition of the custom auth_to_local rules is added as a step in the process.

We found that during certain operations (such as moving the NameNode using the Ambari wizard), many services such as HDFS fail to restart.  Upon examination of the failure it was revealed that Ambari is overwriting / modifying the custom auth_to_local rules to something completely different.   The change is getting pushed to the nodes and the services fail to start up.

1) Secure the cluster using the "Manual" process as outlined in the Ambari documentation.
2) Add the custom auth_to_local rules after the cluster is kerberized.
3) Attempt to peform an operation such as moving a NameNode.

Whenever services try to start / restart they fail.  The logs from the respective services show failures pointing to incorrect auth_to_local settings.

auth_to_local rules do not get modified or overwritten by ambari.

Depending on the failure, we have been able to work around it doing one of two things:
1) Manually edit the core-site.xml where the service failed to start and start the service from the command line.
2) Go back into the Ambari UI, fix the auth_to_local rules, save the config, then restart the respective services.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)