You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Jayush Luniya <jl...@hortonworks.com> on 2016/04/01 00:59:34 UTC
Re: Review Request 45548: Upgrading Kerberized JournalNode requires
HDFS principal to perform 'role edits' task
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45548/#review126487
-----------------------------------------------------------
Ship it!
If jn_kinit_cmd is not used anywhere, lets remove it.
- Jayush Luniya
On March 31, 2016, 4:35 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45548/
> -----------------------------------------------------------
>
> (Updated March 31, 2016, 4:35 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Jayush Luniya, Sumit Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-15645
> https://issues.apache.org/jira/browse/AMBARI-15645
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After upgrading HDP in Ambari version 2.1.2.1 a task a performed to _role edits_ while restarting JournalNodes. If Kerberos is enabled, the JN Kerberos identity is established before making this call when really the HDFS identity should be established - since this is an administrative HDFS call that requires the HDFS administrator user to perform.
>
> Because of this, the following error is generated and seen in the :
> {noformat}
> Fail: Execution of 'hdfs dfsadmin -rollEdits' returned 255. rollEdits: Access denied for user jn. Superuser privilege is required
> {noformat}
>
> The offending code is
> # common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py
> ```
> if params.security_enabled:
> Execute(params.jn_kinit_cmd, user=params.hdfs_user)
>
> time.sleep(5)
> hdfs_roll_edits()
> time.sleep(5)
> ```
>
> It should probably be something like:
>
> # common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py
> ```
> if params.security_enabled:
> Execute(params.hdfs_kinit_cmd, user=params.hdfs_user)
>
> time.sleep(5)
> hdfs_roll_edits()
> time.sleep(5)
> ```
>
> # *Note the change from jn to hdfs in the kinit command line.*
>
> This issue has also been posted in https://issues.apache.org/jira/browse/AMBARI-10519.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py bd9f014
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py d6dec26
>
> Diff: https://reviews.apache.org/r/45548/diff/
>
>
> Testing
> -------
>
> Manually tested, but issues seems to be intermittent in *control* cluster.
>
>
> Thanks,
>
> Robert Levas
>
>