You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/02/22 00:24:11 UTC

[jira] [Created] (AMBARI-9739) Kerberos: regenerate keytabs not handled for all hosts

Robert Levas created AMBARI-9739:
------------------------------------

             Summary: Kerberos: regenerate keytabs not handled for all hosts
                 Key: AMBARI-9739
                 URL: https://issues.apache.org/jira/browse/AMBARI-9739
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Critical
             Fix For: 2.0.0


1. Installed cluster on three hosts c6401, c6402, c6403
2. using oracle jdk 1.7, put JCE in place on all hosts
3. ambari-agent stop on c6403 (which just has DN, ZK and NM)
4. Enable kerberos, which means c6403 does not get keytabs
5. ambari-agent start on c6403
6. go to regen keytabs. Clicked to only do missing. c6403 does not get keytabs.
7. go to regen keytabs. just left the default which should do all. No hosts get the keytabs.

What I found is since the Kerberos client didn't get installed on c6403, the "Set keytab kerberos client" command is "Host Role in invalid state". I went to that host, and did install clients from the UI to get the kerberos client installed. Once that happened, I could then regen keytabs.

The main issue: Regen only works if all hosts can regen. Once c6403 did not have a client, and Host Role in invalid state, it didn't do keytabs for any other hosts.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)