Hi,
We are trying to install Ranger KMS using Ambari. Our Cluster is Kerberos enabled & disabled multiple times using Ambari Kerberos Automated Wizard. Right now, Kerberos is enabled.
Ranger KMS Installation is failing due to failure to distribute Keytab file by Ambari although it generates it in the Ambari server side, also principal generated successfully in AD KDC. Also noticed that Ambari shows Kerberos has been manually installed on the cluster, although we used Ambari Kerberos Wizard always.
Ambari Server logs shared below along with screenshot of manual message mention above. Any idea on how to resolve this issue ? @dvillarreal @dgiri_india1989
2021-07-10 16:14:58,119 INFO [Server Action Executor Worker 73541] CreateKeytabFilesServerAction:193 - Creating keytab file for rangerkms/{FULLY_QUALIFIED_DOMAIN_NAME}@MTNIRANCELL.IR on host {FULLY_QUALIFIED_DOMAIN_NAME}
2021-07-10 16:14:58,137 INFO [Server Action Executor Worker 73541] CreateKeytabFilesServerAction:252 - Successfully created keytab file for rangerkms/{FULLY_QUALIFIED_DOMAIN_NAME}@MTNIRANCELL.IR at /var/lib/ambari-server/data/tmp/.ambari_1625917470341-0.d/{FULLY_QUALIFIED_DOMAIN_NAME}/78235da43a7af6b2b8c061e49f5777df4f71251151a10e8baeccaf0eacc65b79
2021-07-10 16:14:58,213 INFO [Server Action Executor Worker 73541] CreateKeytabFilesServerAction:193 - Creating keytab file for HTTP/{FULLY_QUALIFIED_DOMAIN_NAME}@MTNIRANCELL.IR on host {FULLY_QUALIFIED_DOMAIN_NAME}
2021-07-10 16:14:58,224 INFO [Server Action Executor Worker 73541] KerberosServerAction:479 - Processing identities completed.
2021-07-10 16:15:39,174 ERROR [Server Action Executor Worker 73542] FinalizeKerberosServerAction:119 - Failed to update the owner of the keytab file at /etc/security/keytabs/rangerkms.service.keytab to kms: chown: cannot access ‘/etc/security/keytabs/rangerkms.service.keytab’: No such file or directory
2021-07-10 16:15:39,174 INFO [Server Action Executor Worker 73542] FinalizeKerberosServerAction:128 - Updated the group of the keytab file at /etc/security/keytabs/rangerkms.service.keytab to null
2021-07-10 16:15:39,181 ERROR [Server Action Executor Worker 73542] FinalizeKerberosServerAction:150 - Failed to update the access mode of the keytab file at /etc/security/keytabs/rangerkms.service.keytab to owner:'r' and group:'null': chmod: cannot access ‘/etc/security/keytabs/rangerkms.service.keytab’: No such file or directory
Came across similar issue reported by other member, but not sure what payload.json file to be used to get rid of this situation. Yet to get response in another thread. https://community.cloudera.com/t5/Support-Questions/Ambari-is-not-creating-keytab-files-though-it-sa...
