You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/06/18 16:06:04 UTC
[jira] [Created] (AMBARI-6185) Secure cluster: JCE policy files not
distributed on non-client hosts.
Andrew Onischuk created AMBARI-6185:
---------------------------------------
Summary: Secure cluster: JCE policy files not distributed on non-client hosts.
Key: AMBARI-6185
URL: https://issues.apache.org/jira/browse/AMBARI-6185
Project: Ambari
Issue Type: Bug
Reporter: Andrew Onischuk
Assignee: Andrew Onischuk
Fix For: 1.6.1
Looks like code to distribute JCE policy is in before-install hooks
[code](https://git-wip-
us.apache.org/repos/asf/ambari/repo?p=ambari.git;a=blob;f=ambari-
server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared
_initialization.py;h=a1196a8d2c997be37d65760aa3cd5de13e2cc747;hb=HEAD#l210).
So if no INSTALL task has executed on a host in secure cluster (for agent
hadoop.security.authentication=kerberos is security enabled) then JCE policy
will not be distributed and unzipped on that host
Cluster can easily fall in a situation where a host has no client component.
Following are example scenarios
1. While installing partial set of services with default selection for serviceComponent allocation to hosts in installer wizard
2. Adding a new host with slave components but no client components.
This leads to failure of starting serviceComponent that has no client
installed with them on a host in secure cluster.
I discovered this bug while securing a cluster with just HDFS+ZK+STORM
installed. Security wizard start all services failed with ZK quorum check
failure. Once I installed HDFS_CLIENT on all hosts and restarted all services
then all services came up in secure cluster.
--
This message was sent by Atlassian JIRA
(v6.2#6252)