Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Can't restart services after removing kerberos through ambari.

Labels:
avatar
author-rank shashankkumar_m
Contributor

Created on ‎06-21-2018 02:28 PM - edited ‎09-16-2022 06:22 AM

I removed kerberos completely from ambari but when I tried to restart the services throws error some. Checked logs and found that it's failing due to performing 'kinit". My question is since I removed kerberos it's not supposed to generate ticket automatically. There's some configuration which is triggering this. Can anyone help on this issue.

I restarted vm's and performed KDESTROY also, no luck.

Below is error when I tried to restart services.

 File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 102, in checked_call
    tries=tries, try_sleep=try_sleep, timeout_kill_strategy=timeout_kill_strategy)
  File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 150, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/ambari-agent/lib/resource_management/core/shell.py", line 303, in _call
    raise ExecutionFailed(err_msg, code, out, err) 

resource_management.core.exceptions.ExecutionFailed: Execution of 'kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa-hwx_tvx@FHILLS.LOCAL;' returned 127. bash: kinit: command not found
3,804 Views
0 Kudos
0
6 REPLIES 6

avatar
author-rank rjain1
Expert Contributor

Created ‎06-30-2018 09:26 AM

@sk

It seems like kerberos is not disabled propelry, Please share below command output

/var/lib/ambari-server/resources/scripts/configs.py -a get -l <ambari-host> -t <ambari-port> 
-n <cluster-name> -u <admin-username> -p <admin-password> -c kerberos-env
3,596 Views
0 Kudos

avatar
author-rank Manjunath
Explorer

Created ‎04-17-2019 10:27 AM

@Rishi, @Gaurav Sharma @Jay Kumar SenSharma


Please guide me on the similar issue.

resource_management.core.exceptions.ExecutionFailed: Execution of 'kinit -kt /etc/security/keytabs/hdfs.headless.keytab ' returned 127. -bash: kinit: command not found
raise Fail("Configuration parameter '" + self.name + "' was not found in configurations dictionary!") resource_management.core.exceptions.Fail: Configuration parameter 'dfs.datanode.kerberos.principal' was not found in configurations dictionary!

I am getting these error when i restart Hadoop services.

I disabled Kerberos and removed and manually removed these files :

  1. rm -rf /var/kerberos/
  2. rm /etc/krb5.conf
  3. rm -rf /usr/lib64/krb5

Now i dont know whats causing this issue please guide me on this.


Regards,

Manjunath P N

3,596 Views
0 Kudos

avatar
author-rank Manjunath
Explorer

Created ‎04-17-2019 03:23 PM 

Traceback (most recent call last):  File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py", line 73, in <module>    HdfsClient().execute()  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 367, in execute    method(env)  File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py", line 35, in install    import params  File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/params.py", line 25, in <module>    from params_linux import *  File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py", line 343, in <module>    dn_principal_name = dn_principal_name.replace('_HOST',hostname.lower())  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py", line 73, in __getattr__    raise Fail("Configuration parameter '" + self.name + "' was not found in configurations dictionary!") resource_management.core.exceptions.Fail: Configuration parameter 'dfs.datanode.kerberos.principal' was not found in configurations dictionary



3,596 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎04-17-2019 05:19 PM

@sk

Can you remove this 2 entries in ambari.properties and restart Ambari

kerberos.keytab.cache.dir=/var/lib/ambari-server/data/cache
kerberos.operation.verify.kdc.trust=true

Then proceed with starting the services


3,596 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎04-18-2019 10:50 AM

@sk

Any update?

3,596 Views
0 Kudos

avatar
author-rank ElephantAdmin
New Contributor

Created ‎10-19-2020 05:00 AM

Try below. Some times the ambari cluster environment variable security_enabled might still hold the value true and hence all services expect keytabs .

 

To validate the value of the environment variable 

/var/lib/ambari-server/resources/scripts/configs.py -a get -l <ambari-server host> -t 8080 -n <cluster-name> -u <admin-user> -p <admin-password> -c cluster-env | grep security
    "security_enabled": "true", 
    "smokeuser_keytab": "/etc/security/keytabs/smokeuser.headless.keytab"

 

/var/lib/ambari-server/resources/scripts/configs.py -a set -k security_enabled -v false -l <ambari-server host> -t 8080 -n <cluster name> -u <admin user> -p <admin password> -c cluster-env

 

Try setting that variable to false

2,980 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements