You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2016/04/21 19:01:55 UTC
Review Request 46500: Regenerating keytabs on re-imaged hosts results
in error during 'Creating Principals'
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46500/
-----------------------------------------------------------
Review request for Ambari, Jonathan Hurley, Nate Cole, Oliver Szabo, Srimanth Gunturi, and Sid Wagle.
Bugs: AMBARI-16009
https://issues.apache.org/jira/browse/AMBARI-16009
Repository: ambari
Description
-------
We had a 1600 unsecured cluster initially, from which 700 nodes were destroyed. Though Ambari-server knew of 1600 hosts, only 900 were heartbeating. At this point we secured the cluster and everything was good. Then we brought back the 700 hosts, which started heartbeating with ambari-server.
At this point we did 'Regenerate Keytabs' which failed at the 'Create Principals' step (image attached), as it was trying to re-create principal which is already existing with kadmin, and with ambari-server.
#Create Principals
Stderr:
```
2016-04-21 01:28:52,985 - Failed to create or update principal, HTTP/host1.example.com@EXAMPLE.COM - Failed to create service principal for HTTP/host1.example.com@EXAMPLE.COM
STDOUT: Authenticating as principal admin/admin with password.
STDERR: WARNING: no policy specified for HTTP/host1.example.com@EXAMPLE.COM; defaulting to no policy
add_principal: Principal or policy already exists while creating "HTTP/host1.example.com@EXAMPLE.COM".
{noformat}
Stdout:
{noformat}
2016-04-21 01:27:32,400 - Processing identities...
2016-04-21 01:28:29,874 - Processing principal, HTTP/host1.example.com@EXAMPLE.COM
```
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java f48052f
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java d15db17
Diff: https://reviews.apache.org/r/46500/diff/
Testing
-------
Manually tested enabling Kerberos and Regenerating Keytabs both having unexpected principals in or removed from the KDC as needed to attempt to generate the issue.
#Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:19:08.563s
[INFO] Finished at: Thu Apr 21 12:45:33 EDT 2016
[INFO] Final Memory: 60M/1866M
[INFO] ------------------------------------------------------------------------
# Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 46500: Regenerating keytabs on re-imaged hosts
results in error during 'Creating Principals'
Posted by Sid Wagle <sw...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46500/#review129923
-----------------------------------------------------------
Ship it!
Ship It!
- Sid Wagle
On April 21, 2016, 5:01 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46500/
> -----------------------------------------------------------
>
> (Updated April 21, 2016, 5:01 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Nate Cole, Oliver Szabo, Srimanth Gunturi, and Sid Wagle.
>
>
> Bugs: AMBARI-16009
> https://issues.apache.org/jira/browse/AMBARI-16009
>
>
> Repository: ambari
>
>
> Description
> -------
>
> We had a 1600 unsecured cluster initially, from which 700 nodes were destroyed. Though Ambari-server knew of 1600 hosts, only 900 were heartbeating. At this point we secured the cluster and everything was good. Then we brought back the 700 hosts, which started heartbeating with ambari-server.
>
> At this point we did 'Regenerate Keytabs' which failed at the 'Create Principals' step (image attached), as it was trying to re-create principal which is already existing with kadmin, and with ambari-server.
>
> #Create Principals
> Stderr:
> ```
> 2016-04-21 01:28:52,985 - Failed to create or update principal, HTTP/host1.example.com@EXAMPLE.COM - Failed to create service principal for HTTP/host1.example.com@EXAMPLE.COM
> STDOUT: Authenticating as principal admin/admin with password.
>
> STDERR: WARNING: no policy specified for HTTP/host1.example.com@EXAMPLE.COM; defaulting to no policy
> add_principal: Principal or policy already exists while creating "HTTP/host1.example.com@EXAMPLE.COM".
> {noformat}
>
> Stdout:
> {noformat}
> 2016-04-21 01:27:32,400 - Processing identities...
> 2016-04-21 01:28:29,874 - Processing principal, HTTP/host1.example.com@EXAMPLE.COM
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java f48052f
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java d15db17
>
> Diff: https://reviews.apache.org/r/46500/diff/
>
>
> Testing
> -------
>
> Manually tested enabling Kerberos and Regenerating Keytabs both having unexpected principals in or removed from the KDC as needed to attempt to generate the issue.
>
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:19:08.563s
> [INFO] Finished at: Thu Apr 21 12:45:33 EDT 2016
> [INFO] Final Memory: 60M/1866M
> [INFO] ------------------------------------------------------------------------
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 46500: Regenerating keytabs on re-imaged hosts
results in error during 'Creating Principals'
Posted by Oliver Szabo <os...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46500/#review129924
-----------------------------------------------------------
Ship it!
Ship It!
- Oliver Szabo
On April 21, 2016, 5:01 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46500/
> -----------------------------------------------------------
>
> (Updated April 21, 2016, 5:01 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Nate Cole, Oliver Szabo, Srimanth Gunturi, and Sid Wagle.
>
>
> Bugs: AMBARI-16009
> https://issues.apache.org/jira/browse/AMBARI-16009
>
>
> Repository: ambari
>
>
> Description
> -------
>
> We had a 1600 unsecured cluster initially, from which 700 nodes were destroyed. Though Ambari-server knew of 1600 hosts, only 900 were heartbeating. At this point we secured the cluster and everything was good. Then we brought back the 700 hosts, which started heartbeating with ambari-server.
>
> At this point we did 'Regenerate Keytabs' which failed at the 'Create Principals' step (image attached), as it was trying to re-create principal which is already existing with kadmin, and with ambari-server.
>
> #Create Principals
> Stderr:
> ```
> 2016-04-21 01:28:52,985 - Failed to create or update principal, HTTP/host1.example.com@EXAMPLE.COM - Failed to create service principal for HTTP/host1.example.com@EXAMPLE.COM
> STDOUT: Authenticating as principal admin/admin with password.
>
> STDERR: WARNING: no policy specified for HTTP/host1.example.com@EXAMPLE.COM; defaulting to no policy
> add_principal: Principal or policy already exists while creating "HTTP/host1.example.com@EXAMPLE.COM".
> {noformat}
>
> Stdout:
> {noformat}
> 2016-04-21 01:27:32,400 - Processing identities...
> 2016-04-21 01:28:29,874 - Processing principal, HTTP/host1.example.com@EXAMPLE.COM
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java f48052f
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java d15db17
>
> Diff: https://reviews.apache.org/r/46500/diff/
>
>
> Testing
> -------
>
> Manually tested enabling Kerberos and Regenerating Keytabs both having unexpected principals in or removed from the KDC as needed to attempt to generate the issue.
>
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:19:08.563s
> [INFO] Finished at: Thu Apr 21 12:45:33 EDT 2016
> [INFO] Final Memory: 60M/1866M
> [INFO] ------------------------------------------------------------------------
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 46500: Regenerating keytabs on re-imaged hosts
results in error during 'Creating Principals'
Posted by Srimanth Gunturi <sr...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46500/#review129921
-----------------------------------------------------------
Ship it!
Ship It!
- Srimanth Gunturi
On April 21, 2016, 5:01 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46500/
> -----------------------------------------------------------
>
> (Updated April 21, 2016, 5:01 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Nate Cole, Oliver Szabo, Srimanth Gunturi, and Sid Wagle.
>
>
> Bugs: AMBARI-16009
> https://issues.apache.org/jira/browse/AMBARI-16009
>
>
> Repository: ambari
>
>
> Description
> -------
>
> We had a 1600 unsecured cluster initially, from which 700 nodes were destroyed. Though Ambari-server knew of 1600 hosts, only 900 were heartbeating. At this point we secured the cluster and everything was good. Then we brought back the 700 hosts, which started heartbeating with ambari-server.
>
> At this point we did 'Regenerate Keytabs' which failed at the 'Create Principals' step (image attached), as it was trying to re-create principal which is already existing with kadmin, and with ambari-server.
>
> #Create Principals
> Stderr:
> ```
> 2016-04-21 01:28:52,985 - Failed to create or update principal, HTTP/host1.example.com@EXAMPLE.COM - Failed to create service principal for HTTP/host1.example.com@EXAMPLE.COM
> STDOUT: Authenticating as principal admin/admin with password.
>
> STDERR: WARNING: no policy specified for HTTP/host1.example.com@EXAMPLE.COM; defaulting to no policy
> add_principal: Principal or policy already exists while creating "HTTP/host1.example.com@EXAMPLE.COM".
> {noformat}
>
> Stdout:
> {noformat}
> 2016-04-21 01:27:32,400 - Processing identities...
> 2016-04-21 01:28:29,874 - Processing principal, HTTP/host1.example.com@EXAMPLE.COM
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java f48052f
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java d15db17
>
> Diff: https://reviews.apache.org/r/46500/diff/
>
>
> Testing
> -------
>
> Manually tested enabling Kerberos and Regenerating Keytabs both having unexpected principals in or removed from the KDC as needed to attempt to generate the issue.
>
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:19:08.563s
> [INFO] Finished at: Thu Apr 21 12:45:33 EDT 2016
> [INFO] Final Memory: 60M/1866M
> [INFO] ------------------------------------------------------------------------
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>