Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How does ambari server calculates UID while creating new local user?

avatar
Master Guru

How does ambari server calculates UID while creating new local user?

Here is the situation:

One of my customer has a node synced to LDAP, while installing hadoop client, it throws below error because UID conflicts with LDAP user. This is strange! Does anybody knows from where ambari-server/ambari-agent picks next available UID? Does it read /etc/login.defs? I tried changing range over there as well, did not help!

Here is an error for your reference:

stderr:   /var/lib/ambari-agent/data/errors-21613.txt
Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py", line 35, in <module>
    BeforeAnyHook().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 329, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py", line 29, in hook
    setup_users()
  File "/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py", line 51, in setup_users
    fetch_nonlocal_groups = params.fetch_nonlocal_groups,
  File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 166, in __init__
    self.env.run()
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 160, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 124, in run_action
    provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/accounts.py", line 84, in action_create
    shell.checked_call(command, sudo=True)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 72, in inner
    result = function(command, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 102, in checked_call
    tries=tries, try_sleep=try_sleep, timeout_kill_strategy=timeout_kill_strategy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 150, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 303, in _call
    raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of 'useradd -m -u 1001 -G hadoop -g hadoop streamline' returned 4. useradd: UID 1001 is not unique
Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py', 'ANY', '/var/lib/ambari-agent/data/command-21613.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY', '/var/lib/ambari-agent/data/structured-out-21613.json', 'INFO', '/var/lib/ambari-agent/tmp', 'PROTOCOL_TLSv1', '']

Note - UID 1001 is assigned to some other user which is managed by LDAP.

Please help!

Ambari server is running as non root user.

1 ACCEPTED SOLUTION

avatar
Master Guru

Thanks @Aravindan Vijayan for helping me offline on this.

For public users:

This is known issue https://issues.apache.org/jira/browse/AMBARI-21483.

Regarding answer to my question, there is a function find_available_uid in changeToSecureUid.sh script which looks for UIDs in the range of 1001 to 2000.

function find_available_uid() {
 for ((i=1001; i<=2000; i++))
 do
   grep -q $i /etc/passwd
   if [ "$?" -ne 0 ]
   then
    newUid=$i
    break
   fi
 done
}

For workaround to resolve this issue:

You can change the UID range in above for loop(after making sure that range is clean and no UID is taken by LDAP user) and distribute this script on all the ambari agents at /var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/files/changeToSecureUid.sh

View solution in original post

4 REPLIES 4

avatar
Master Guru

Looks like it refers OS's passwd file. Can someone please confirm exact procedure?

avatar
Master Guru

Thanks @Aravindan Vijayan for helping me offline on this.

For public users:

This is known issue https://issues.apache.org/jira/browse/AMBARI-21483.

Regarding answer to my question, there is a function find_available_uid in changeToSecureUid.sh script which looks for UIDs in the range of 1001 to 2000.

function find_available_uid() {
 for ((i=1001; i<=2000; i++))
 do
   grep -q $i /etc/passwd
   if [ "$?" -ne 0 ]
   then
    newUid=$i
    break
   fi
 done
}

For workaround to resolve this issue:

You can change the UID range in above for loop(after making sure that range is clean and no UID is taken by LDAP user) and distribute this script on all the ambari agents at /var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/files/changeToSecureUid.sh

avatar
Super Collaborator

We had the same scenario in our environment and thanks for the resolution... Its picking LDAP user id and worked perfectly when the userid range has been updated.

avatar
Master Guru

@Krishna Srinivas

Glad to know that this helped! 🙂