You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/02/22 21:18:11 UTC

[jira] [Commented] (AMBARI-9739) Kerberos: regenerate keytabs not handled for all hosts

    [ https://issues.apache.org/jira/browse/AMBARI-9739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14332338#comment-14332338 ] 

Hadoop QA commented on AMBARI-9739:
-----------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12700110/AMBARI-9739_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/1764//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/1764//console

This message is automatically generated.

> Kerberos: regenerate keytabs not handled for all hosts
> ------------------------------------------------------
>
>                 Key: AMBARI-9739
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9739
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos, keytabs
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9739_01.patch
>
>
> 1. Installed cluster on three hosts c6401, c6402, c6403
> 2. using oracle jdk 1.7, put JCE in place on all hosts
> 3. ambari-agent stop on c6403 (which just has DN, ZK and NM)
> 4. Enable kerberos, which means c6403 does not get keytabs
> 5. ambari-agent start on c6403
> 6. go to regen keytabs. Clicked to only do missing. c6403 does not get keytabs.
> 7. go to regen keytabs. just left the default which should do all. No hosts get the keytabs.
> What I found is since the Kerberos client didn't get installed on c6403, the "Set keytab kerberos client" command is "Host Role in invalid state". I went to that host, and did install clients from the UI to get the kerberos client installed. Once that happened, I could then regen keytabs.
> The main issue: Regen only works if all hosts can regen. Once c6403 did not have a client, and Host Role in invalid state, it didn't do keytabs for any other hosts.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)