You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/05/09 01:44:00 UTC
[jira] [Commented] (AMBARI-11022) Kerberos: Keytab files are not
distributed during add host if a retry is necessary during installation
[ https://issues.apache.org/jira/browse/AMBARI-11022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14535920#comment-14535920 ]
Hadoop QA commented on AMBARI-11022:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12731447/AMBARI-11022_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in ambari-server.
Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/2664//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/2664//console
This message is automatically generated.
> Kerberos: Keytab files are not distributed during add host if a retry is necessary during installation
> ------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-11022
> URL: https://issues.apache.org/jira/browse/AMBARI-11022
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Emil Anca
> Assignee: Emil Anca
> Labels: kerberos
> Fix For: 2.1.0
>
> Attachments: AMBARI-11022_01.patch
>
>
> When adding a new host to a cluster where Kerberos is enabled and the installation of the new components fails, upon retry the keytabs are not distributed to the host after successfully installing the components. _Note: the new identities were not created either_.
> *Workaround*
> To recover from this, the missing keytabs can be regenerated using the _Regenerate Keytabs_ feature with the _missing only_ option specified. The component can then be started successfully.
> *Steps to reproduce*
> # Create cluster (can be small, one node with only HDFS and Zookeeper)
> # Enable Kerberos
> # Add new host with only DataNode (no clients, only to make the failure happen quicker)
> # While the relevant hadoop packages are being installed, kill the package manger (i.e., yum, zypper, etc...)
> # The installation of the component will fail and the retry button will be available
> # Click the retry button and allow the installation to complete
> # Startup of the Datanode component will fail due to missing keytab
> {code}
> 2015-03-21 01:43:47,911 FATAL datanode.DataNode (DataNode.java:secureMain(2385)) - Exception in secureMain
> java.io.IOException: Login failure for dn/c6504.ambari.apache.org@EXAMPLE.COM from keytab /etc/security/keytabs/dn.service.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
> {code}
> _Note: Error indicates a keytab file was found but wrong password, this isn't the case since the keytab file was not on the host._
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)