[jira] [Created] (AMBARI-6185) Secure cluster: JCE policy files not distributed on non-client hosts.

["Andrew Onischuk (JIRA)" <ji...@apache.org>]

Andrew Onischuk created AMBARI-6185:
---------------------------------------

             Summary: Secure cluster: JCE policy files not distributed on non-client hosts.
                 Key: AMBARI-6185
                 URL: https://issues.apache.org/jira/browse/AMBARI-6185
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 1.6.1


Looks like code to distribute JCE policy is in before-install hooks
[code](https://git-wip-
us.apache.org/repos/asf/ambari/repo?p=ambari.git;a=blob;f=ambari-
server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared
_initialization.py;h=a1196a8d2c997be37d65760aa3cd5de13e2cc747;hb=HEAD#l210).
So if no INSTALL task has executed on a host in secure cluster (for agent
hadoop.security.authentication=kerberos is security enabled) then JCE policy
will not be distributed and unzipped on that host

Cluster can easily fall in a situation where a host has no client component.
Following are example scenarios

  1. While installing partial set of services with default selection for serviceComponent allocation to hosts in installer wizard
  2. Adding a new host with slave components but no client components.

This leads to failure of starting serviceComponent that has no client
installed with them on a host in secure cluster.

I discovered this bug while securing a cluster with just HDFS+ZK+STORM
installed. Security wizard start all services failed with ZK quorum check
failure. Once I installed HDFS_CLIENT on all hosts and restarted all services
then all services came up in secure cluster.





--
This message was sent by Atlassian JIRA
(v6.2#6252)