Support Questions

sridhararao_mut · ‎11-21-2016

Hi Team,

I am installing 15node cluster with HDP 2.4 and unable to proceed with below error:

========================== Creating target directory... ==========================

Command start time 2016-11-21 12:12:42

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). SSH command execution finished host=xxx, exitcode=255 Command end time 2016-11-21 12:12:42

ERROR: Bootstrap of host hdpmaster01.supermoon.com fails because previous action finished with non-zero exit code (255) ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

I followed below steps:

Generate public and private SSH keys on the Ambari Server host.
ssh-keygen
Copy the SSH Public Key (id_rsa.pub) to the root account on your target hosts.
.ssh/id_rsa
.ssh/id_rsa.pub
Add the SSH Public Key to the authorized_keys file on your target hosts.
cat id_rsa.pub >> authorized_keys
Depending on your version of SSH, you may need to set permissions on the .ssh directory (to 700) and the authorized_keys file in that directory (to 600) on the target hosts.
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
copy authorizedkeys files to all hosts
ssh is working without password.
selinux is disabled and firewall is off on all nodes and my /etc/hosts file first two lines shows:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

Please help me in resolving issue.

Sridhar

sunile_manjee · ‎11-21-2016

One item I noticed in your comments is your etc host file. your etc hosts file should have lines for all nodes in the cluster

mqureshi · ‎11-21-2016

@Sridhar M

Are you sure about ssh working on all nodes without password. That is you are able to ssh from your node where Ambari is running to all other nodes without a password using root? Can you please confirm?

Finally in your ambari, when you provide ssh key for root user, you need to provide your private and not public key. Is that how you are doing it?

sridhararao_mut · ‎11-21-2016

1)I am able to login without password from ambari server node.

2)I am using /root/.ssh/id_rs.pub

mqureshi · ‎11-21-2016

@Sridhar M

Are you saying you are providing /root/.ssh/id_rsa.pub to ambari? If yes, then that's your problem. You need to provide your private key, not public key. You need to provide /root/.ssh/id_rsa to ambari. Notice that it asks you for private key, not public key.

sridhararao_mut · ‎11-21-2016

I provided /root/.ssh/id_rsa and got same error now :

RROR: Bootstrap of host hdpmaster02.supermoon.com fails because previous action finished with non-zero exit code (255)
ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

STDOUT: 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

mqureshi · ‎11-21-2016

Here is the thing. You are able to login without password from outside using "root" user. Right? Then it should not fail with this error. Did you downloaded the id_rsa file and imported into ambari from your machine or did you copied and pasted the content? If you copied and pasted the content then it should include everything in the file including "-----------------BEGIN CERTIFICATE--------------" and "------------------------END CERTIFICATE--------------------"

Report Inappropriate Content · ‎11-21-2016

@Sridhar M

- Please make sure that if you are using non-root user, then that user needs to be able to "sudo" in the hosts without entering a password.

- Check which user is ambari server running? You can find it by running the

ps -fe | grep ambari-server

.

sridhararao_mut · ‎11-21-2016

root 30660 2914 0 13:25 pts/1 00:00:00 grep --color=auto ambari-server root 56948 1 1 11:18 pts/0 00:01:36 /usr/java/default/bin/java -server -XX:NewRatio=3 -XX:+UseConcMarkSweepGC -XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 -XX:+CMSClassUnloadingEnabled -Dsun.zip.disableMemoryMapping=true -Xms512m -Xmx2048m -XX:MaxPermSize=128m -Djava.security.auth.login.config=/etc/ambari-server/conf/krb5JAASLogin.conf -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -cp /etc/ambari-server/conf:/usr/lib/ambari-server/*:/usr/share/java/postgresql-jdbc.jar org.apache.ambari.server.controller.AmbariServer

Report Inappropriate Content · ‎11-21-2016

@Sridhar M

Can you please do "ls -laZ" and see if it is showing "ssh_home_t" ?

Example:

[root@erie1 ~]# cd /root/.ssh/

[root@erie1 .ssh] # ls -laZ
drwx------. root root system_u:object_r:ssh_home_t:s0  .
dr-xr-x---. root root system_u:object_r:admin_home_t:s0 ..
-rw-------. root root system_u:object_r:ssh_home_t:s0  authorized_keys

.