Support Questions

Find answers, ask questions, and share your expertise

Ambari non-root config for 2.4.0.1 incorrect

avatar
Expert Contributor

Hi community,

it seems like the docs are incorrect in regard to non-root configuration for Ambari:

sudo-rights for "/usr/bin/ambari-python-wrap" are missing.

I am running HDP 2.5.0 and Ambari 2.4.0.1 on RHEL 6.7

Otherwise my Ambari prompts:

resource_management.core.exceptions.Fail: Execution of 'ambari-python-wrap /usr/bin/conf-select set-conf-dir --package hadoop --stack-version 2.5.0.0-1245 --conf-version 0' returned 1. Sorry, user ambari is not allowed to execute '/usr/bin/ambari-python-wrap /usr/bin/conf-select set-conf-dir --package hadoop --stack-version 2.5.0.0-1245 --conf-version 0' as root on fsdebsup0053.d-fs01.d-vwf.d-vwfs-ad.
Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-START/scripts/hook.py', 'START', '/var/lib/ambari-agent/data/command-3158.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-START', '/var/lib/ambari-agent/data/structured-out-3158.json', 'INFO', '/var/lib/ambari-agent/tmp']
1 ACCEPTED SOLUTION
6 REPLIES 6

avatar

@Roland Simonis

Please try to install using root or add your user in sudoers list.

Add /etc/sudoers

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

avatar
Expert Contributor

This will work but is definately not the solution!

The documentation does list all required rights, so that I am not required to give some ambari user all rights: https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.1.0/bk_ambari-security/content/configuring_amba...

However the list is incorrect as mentioned in the inital post.

avatar

When you are getting following error? Will you describe please

avatar
Expert Contributor

Thank you!

avatar
Expert Contributor

@Mike Hovermale

Adding more components to the cluster, more missing sudo-commands were detected. Currently, the cluster is up with this additional block of in the sudoers config:

ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/ambari-python-wrap, /usr/sbin/ambari-metrics-grafana, /usr/bin/java, /usr/lib/ambari-infra-solr-client/solrCloudCli.sh

Could you guys please confirm the really required sudo-config. We do not want to hotfix the config over and over until everything works fine...