You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Jonathan Hurley (JIRA)" <ji...@apache.org> on 2018/05/22 13:29:00 UTC

[jira] [Created] (AMBARI-23930) Provide a Framework For Regenerating Keytabs During Upgrade

Jonathan Hurley created AMBARI-23930:
----------------------------------------

             Summary: Provide a Framework For Regenerating Keytabs During Upgrade
                 Key: AMBARI-23930
                 URL: https://issues.apache.org/jira/browse/AMBARI-23930
             Project: Ambari
          Issue Type: Bug
    Affects Versions: 2.7.0
            Reporter: Jonathan Hurley
            Assignee: Jonathan Hurley
             Fix For: 2.7.0


There have been cases in the past where a manual step required after performing a stack upgrade was to regenerate keytabs. This was necessary for a variety of reasons, but it wasn't problematic enough to warrant Ambari doing this as part of an upgrade.

With the stack upgrade from HDP 2.6 to 3.0, 2 new components are added: Registry DNS and ATR. If the cluster is kerberized, these new components won't start until keytabs have been generated for them.

The follow will be able to be added to an upgrade pack in order to instruct the upgrade to regenerate missing keytabs for the new components:

{code}
    <group xsi:type="cluster" name="REGENERATE_KEYTABS" title="Regenerate Missing Keytabs">
      <condition xsi:type="security" type="kerberos"/>
      <direction>UPGRADE</direction>
      <execute-stage title="Regenerate Missing Keytabs">
        <task xsi:type="regenerate_keytabs"/>
      </execute-stage>
    </group>
{code}

A credential store will need to be setup before hand so that the kerberos credentials are available when this step in the upgrade runs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)