You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/05/12 12:46:15 UTC

[jira] [Created] (AMBARI-5729) Decommission issues in secure cluster.

Andrew Onischuk created AMBARI-5729:
---------------------------------------

             Summary: Decommission issues in secure cluster.
                 Key: AMBARI-5729
                 URL: https://issues.apache.org/jira/browse/AMBARI-5729
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 1.6.0


Yarn package params.py file references to `nodemanager_principal_name` and
`nodemanager_keytab` properties. There are 3 issues over here:

  1. Ideally, Ambari agent should not access and so not even refer to any service principal name.
  2. If required, Ambari agent should use yarn-site properties to fetch service principal name and keytab path instead of using global properties.
  3. In the resourcemanager.py decomission action, Yarn user kinit's using nodemanager principal (Introduced by <del>[BUG-14307</del>](https://hortonworks.jira.com/browse/BUG-14307) commit). Decommission action is always executed on resourcemanager host and so we should atleast use resource manager principal (as it is guaranteed to be on that host). **As of now in a secure cluster if NodeManager is not present on ResourceManager host then NodeManager decomissioning won't work (due to unavailability of NodeManager keytab)**

Also ambari-agent **does not kinit before executing DataNode decommission
command**. If an API request for decommissioning is made after hdfs user
kerberos ticket has expired then the request will fail due to kerberos
exception.





--
This message was sent by Atlassian JIRA
(v6.2#6252)