Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How does ambari server calculates UID while creating new local user?

Labels:
avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎09-19-2017 11:48 PM

How does ambari server calculates UID while creating new local user?

Here is the situation:

One of my customer has a node synced to LDAP, while installing hadoop client, it throws below error because UID conflicts with LDAP user. This is strange! Does anybody knows from where ambari-server/ambari-agent picks next available UID? Does it read /etc/login.defs? I tried changing range over there as well, did not help!

Here is an error for your reference:

stderr:   /var/lib/ambari-agent/data/errors-21613.txt
Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py", line 35, in <module>
    BeforeAnyHook().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 329, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py", line 29, in hook
    setup_users()
  File "/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py", line 51, in setup_users
    fetch_nonlocal_groups = params.fetch_nonlocal_groups,
  File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 166, in __init__
    self.env.run()
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 160, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 124, in run_action
    provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/accounts.py", line 84, in action_create
    shell.checked_call(command, sudo=True)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 72, in inner
    result = function(command, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 102, in checked_call
    tries=tries, try_sleep=try_sleep, timeout_kill_strategy=timeout_kill_strategy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 150, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 303, in _call
    raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of 'useradd -m -u 1001 -G hadoop -g hadoop streamline' returned 4. useradd: UID 1001 is not unique
Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py', 'ANY', '/var/lib/ambari-agent/data/command-21613.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY', '/var/lib/ambari-agent/data/structured-out-21613.json', 'INFO', '/var/lib/ambari-agent/tmp', 'PROTOCOL_TLSv1', '']

Note - UID 1001 is assigned to some other user which is managed by LDAP.

Please help!

Ambari server is running as non root user.

3,870 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎09-20-2017 09:34 PM

Thanks @Aravindan Vijayan for helping me offline on this.

For public users:

This is known issue https://issues.apache.org/jira/browse/AMBARI-21483.

Regarding answer to my question, there is a function find_available_uid in changeToSecureUid.sh script which looks for UIDs in the range of 1001 to 2000.

function find_available_uid() {
 for ((i=1001; i<=2000; i++))
 do
   grep -q $i /etc/passwd
   if [ "$?" -ne 0 ]
   then
    newUid=$i
    break
   fi
 done
}

For workaround to resolve this issue:

You can change the UID range in above for loop(after making sure that range is clean and no UID is taken by LDAP user) and distribute this script on all the ambari agents at /var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/files/changeToSecureUid.sh

View solution in original post

3,382 Views
4 REPLIES 4

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎09-19-2017 11:57 PM

Looks like it refers OS's passwd file. Can someone please confirm exact procedure?

3,382 Views
0 Kudos

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎09-20-2017 09:34 PM

Thanks @Aravindan Vijayan for helping me offline on this.

For public users:

This is known issue https://issues.apache.org/jira/browse/AMBARI-21483.

Regarding answer to my question, there is a function find_available_uid in changeToSecureUid.sh script which looks for UIDs in the range of 1001 to 2000.

function find_available_uid() {
 for ((i=1001; i<=2000; i++))
 do
   grep -q $i /etc/passwd
   if [ "$?" -ne 0 ]
   then
    newUid=$i
    break
   fi
 done
}

For workaround to resolve this issue:

You can change the UID range in above for loop(after making sure that range is clean and no UID is taken by LDAP user) and distribute this script on all the ambari agents at /var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/files/changeToSecureUid.sh

3,383 Views

avatar
author-rank klksrinivas
Super Collaborator

Created ‎12-19-2017 07:29 AM

We had the same scenario in our environment and thanks for the resolution... Its picking LDAP user id and worked perfectly when the userid range has been updated.

3,382 Views
0 Kudos

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎06-14-2018 01:08 AM

@Krishna Srinivas

Glad to know that this helped! 🙂

3,382 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements