Support Questions

saloniudani_23 · ‎04-26-2018

I have an Ambari 2.6.1.5 with HDP 2.6.4.0 cluster setup.I run ambari and ambari-agent with non-root users. I added HDF 3.1.1.0 mpack onto it and started with installing NiFi service. NiFi installation failed with the following error:

resource_management.core.exceptions.ExecutionFailed: Execution of 'touch /var/log/nifi/nifi-setup.log' returned 1. Sorry, user ambari is not allowed to execute '/bin/su nifi -l -s /bin/bash -c export  PATH='/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/ambari/bin:/var/lib/ambari-agent' ; touch /var/log/nifi/nifi-setup.log' as root on c6805.ambari.apache.org.

After adding /bin/su nifi * to sudoers list, NiFi installation finished successfully.

Similarly, an error occurred in NiFi service check action:

raise Fail("Call to admin-toolkit encountered error: {0}".format(out)

)
resource_management.core.exceptions.Fail: Call to admin-toolkit encountered error: Sorry, user ambari is not allowed to execute '/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/files/nifi-toolkit-1.5.0.3.1.1.0-35/bin/node-manager.sh -d /usr/hdf/current/nifi -b /usr/hdf/current/nifi/conf/bootstrap.conf -o status -u http://c6805.ambari.apache.org:9090'
 as root on c6805.ambari.apache.org.

So do we have any consolidated list of sudoers configuration that are required for installing HDF services?

Thanks

jsensharma · ‎04-26-2018

@Saloni Udani

Are you sure that you have configured the ambari agent to run as Non-Root user by following the docs instructions as mentioned in :

1. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-security/content/commands_agent.h...

2. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-security/content/sudo_defaults_ag...

3. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-security/content/how_to_configure...

.

Please notice that the "/bin/touch" command is included in your sudoer command or not as mentioned in link1? We see error as:

Execution of 'touch /var/log/nifi/nifi-setup.log' returned 1. Sorry, user ambari is not allowed to execute

Example:

# Ambari: Core System Commands
ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/ls, /bin/chown, /bin/chmod, /bin/chgrp, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /bin/touch, /usr/bin/mysql, /sbin/service mysqld *, /usr/bin/dpkg *, /bin/rpm *, /usr/sbin/hst *, /sbin/service rpcbind *, /sbin/service portmap *

.

saloniudani_23 · ‎04-26-2018

@Jay Kumar SenSharma

Yes, I have followed the same document link for setting up non-root ambari agent.

jsensharma · ‎04-26-2018

@Saloni Udani

Using the non root user (which is running the ambari agent) are you able to create the file manually using command line ?

# touch /var/log/nifi/nifi-setup.log

.

saloniudani_23 · ‎04-26-2018

@Jay Kumar SenSharma

[ambari@c6805 ~]$ sudo touch /var/log/nifi/nifi-setup.log

I am able to successfully run this command.

Support Questions

Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?