You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Emil Anca (JIRA)" <ji...@apache.org> on 2015/05/08 13:25:59 UTC

[jira] [Updated] (AMBARI-11022) Kerberos: Keytab files are not distributed during add host if a retry is necessary during installation

     [ https://issues.apache.org/jira/browse/AMBARI-11022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emil Anca updated AMBARI-11022:
-------------------------------
    Attachment: AMBARI-11022_01.patch

> Kerberos: Keytab files are not distributed during add host if a retry is necessary during installation
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-11022
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11022
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Emil Anca
>            Assignee: Emil Anca
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11022_01.patch
>
>
> When adding a new host to a cluster where Kerberos is enabled and the installation of the new components fails, upon retry the keytabs are not distributed to the host after successfully installing the components.  _Note:  the new identities were not created either_.
> *Workaround*
> To recover from this, the missing keytabs can be regenerated using the _Regenerate Keytabs_ feature with the _missing only_ option specified. The component can then be started successfully.
> *Steps to reproduce*
> # Create cluster (can be small, one node with only HDFS and Zookeeper)
> # Enable Kerberos
> # Add new host with only DataNode (no clients, only to make the failure happen quicker)
> # While the relevant hadoop packages are being installed, kill the package manger (i.e., yum, zypper, etc...)
> # The installation of the component will fail and the retry button will be available
> # Click the retry button and allow the installation to complete
> # Startup of the Datanode component will fail due to missing keytab
> {code}
> 2015-03-21 01:43:47,911 FATAL datanode.DataNode (DataNode.java:secureMain(2385)) - Exception in secureMain
> java.io.IOException: Login failure for dn/c6504.ambari.apache.org@EXAMPLE.COM from keytab /etc/security/keytabs/dn.service.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
> {code}
> _Note: Error indicates a keytab file was found but wrong password, this isn't the case since the keytab file was not on the host._



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)