Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar

Question:

I am about to initiate the cluster install wizard on a new Ambari install. I reviewed the information on service users at http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.0.0/bk_ambari_reference_guide/content/_defining_...

I am wondering whether I should take the "Skip Group Modifications" option.

The doc states "Choosing this option is typically required if your environment manages groups using LDAP and not on the local Linux machines". In our environment, users and groups are managed via Active Directory (via Centrify).

We are planning to enable security on the cluster after it's installed, and that will include a host of new users being created, after which many of the initial users and groups will be orphaned.

What does that "Skip group modifications" option actually do? Should it be used in this case?

Answer:

I believe the answer lies in the fact that we do a groupmod hadoop statement and there is no group called hadoop, or this is not allowed in your environment.

Since you will be integrating with LDAP or AD you should use the "Skip Group Modifications". Upon installing of your Linux nodes references groupds from LDAP, the groupmod hadoop statement would fail.

See http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.0.0/bk_Installing_HDP_AMB/content/_customize_ser...

"Service Account Users and Groups

The service account users and groups are available under the Misc tab. These are the operating system accounts the service components will run as. If these users do not exist on your hosts, Ambari will automatically create the users and groups locally on the hosts. If these users already exist, Ambari will use those accounts.

Depending on how your environment is configured, you might not allow groupmod or usermod operations. If this is the case, you must be sure all users and groups are already created and be sure to select the "Skip group modifications" option on the Misc tab. This tells Ambari to not modify group membership for the service users."

Also in

http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.0.0/bk_ambari_troubleshooting/content/_resolving...

"3.7. Problem: Cluster Install Fails with Groupmod Error

The cluster fails to install with an error related to running groupmod. This can occur in environments where groups are managed in LDAP, and not on local Linux machines. You may see an error message similar to the following one:

Fail: Execution of 'groupmod hadoop' returned 10. groupmod: group 'hadoop' does not exist in /etc/group

3.7.1. Solution

When installing the cluster using the Cluster Installer Wizard, at the Customize Services step, select the Misc tab and choose the Skip group modifications during install option."

1,479 Views