You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Antonenko Alexander (JIRA)" <ji...@apache.org> on 2015/09/10 16:52:45 UTC

[jira] [Created] (AMBARI-13058) Kerberos: failures / issues w/ add host when using "manual kerb" option

Antonenko Alexander created AMBARI-13058:
--------------------------------------------

             Summary: Kerberos: failures / issues w/ add host when using "manual kerb" option
                 Key: AMBARI-13058
                 URL: https://issues.apache.org/jira/browse/AMBARI-13058
             Project: Ambari
          Issue Type: Bug
          Components: ambari-web
    Affects Versions: 2.1.1
            Reporter: Antonenko Alexander
            Assignee: Antonenko Alexander
            Priority: Critical
             Fix For: 2.1.2


PART I
{code}
>> I recently added a manually-administered kerberos service to Ambari.
>> This is where nodes are all kerberized, but Ambari doesn't administer
>> the kerberos server (had to download the csv & create the keytabs
>> myself). This is ambari 2.1.1.
>>
>> I'm now trying to add a new host to the cluster using the "Ambari
>> add-host" wizard.
>>
>> Ambari gets through to the "review" step (step5), but when trying to
>> move forward to "Deploy" it fails.
>>
>> A browser console trace shows that it tries to fetch:
>> https://{ambari
>> server}/api/v1/clusters/{cluster}/services/KERBEROS?fields=Services/attributes/kdc_validation_result,Services/attributes/kdc_validation_failure_details&_=1441379573009
>>
>> and gets a 404 back.  (This 404 seems correct to me as there is no
>> "kerberos" service administered by Ambari.  However, it doesn't appear
>> Ambari's add-host wizard understands this).
>>
>> Is this a known issue, or am I doing something incorrect somewhere?  I
>> looked through the opened JIRAs and didn't see anything for this.
>>
{code}

PART II
{code}
>I was able to fix this by using the API to create the KERBEROS service
>and KERBEROS_CLIENT host component (but not assigning any hosts to
>that component):
>curl ... -X POST ...services/KERBEROS
>curl ... -X PUT '{"ServiceInfo": {"state" : "INSTALLED"}}' ...services/KERBEROS
>curl ... -X POST ...services/KERBEROS/components/KERBEROS_CLIENT
>
>I ran into other bugs after that:
> - Ambari install tried to modify user "ambari-qa". However, this user
>is a kerberos user and ambari tried to run usermod which failed
>complaining that ambari-qa is not in /etc/passwd.  To get around this
>I deleted this user in kerberos, allow ambari to create the user in
>/etc/passwd, then once the setup was done I had to recreate the
>kerberos user so that the headless keytab would work.
> - Ambari install also tried to create the local user hdfs, which
>didn't work very well because hdfs is a kerberos user (due to the
>headless keytab).  I just created this user in /etc/password which
>allowed the host install to continue.
>
>Every time I ran into a failure I ended up deleting the host services
>and host via the api, making adjustments, and going back through the
>wizard.
>
>With these workarounds I was able to get the hosts added into the
>cluster. These are the only hosts now with the "KERBEROS_CLIENT"
>service - I'm not sure what the expected state is there.
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)