Support Questions
Find answers, ask questions, and share your expertise

Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

Highlighted

Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

I have an Ambari 2.6.1.5 with HDP 2.6.4.0 cluster setup.I run ambari and ambari-agent with non-root users. I added HDF 3.1.1.0 mpack onto it and started with installing NiFi service. NiFi installation failed with the following error:

resource_management.core.exceptions.ExecutionFailed: Execution of 'touch /var/log/nifi/nifi-setup.log' returned 1. Sorry, user ambari is not allowed to execute '/bin/su nifi -l -s /bin/bash -c export  PATH='/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/ambari/bin:/var/lib/ambari-agent' ; touch /var/log/nifi/nifi-setup.log' as root on c6805.ambari.apache.org.

After adding /bin/su nifi * to sudoers list, NiFi installation finished successfully.

Similarly, an error occurred in NiFi service check action:

raise Fail("Call to admin-toolkit encountered error: {0}".format(out)

)
resource_management.core.exceptions.Fail: Call to admin-toolkit encountered error: Sorry, user ambari is not allowed to execute '/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/files/nifi-toolkit-1.5.0.3.1.1.0-35/bin/node-manager.sh -d /usr/hdf/current/nifi -b /usr/hdf/current/nifi/conf/bootstrap.conf -o status -u http://c6805.ambari.apache.org:9090'
 as root on c6805.ambari.apache.org.

So do we have any consolidated list of sudoers configuration that are required for installing HDF services?

Thanks

4 REPLIES 4
Highlighted

Re: Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

Super Mentor

@Saloni Udani

Are you sure that you have configured the ambari agent to run as Non-Root user by following the docs instructions as mentioned in :

1. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-security/content/commands_agent.h...

2. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-security/content/sudo_defaults_ag...

3. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.5/bk_ambari-security/content/how_to_configure...

.

Please notice that the "/bin/touch" command is included in your sudoer command or not as mentioned in link1? We see error as:

Execution of 'touch /var/log/nifi/nifi-setup.log' returned 1. Sorry, user ambari is not allowed to execute

Example:

# Ambari: Core System Commands
ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/ls, /bin/chown, /bin/chmod, /bin/chgrp, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /bin/touch, /usr/bin/mysql, /sbin/service mysqld *, /usr/bin/dpkg *, /bin/rpm *, /usr/sbin/hst *, /sbin/service rpcbind *, /sbin/service portmap *

.

Highlighted

Re: Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

@Jay Kumar SenSharma

Yes, I have followed the same document link for setting up non-root ambari agent.

Highlighted

Re: Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

Super Mentor

@Saloni Udani

Using the non root user (which is running the ambari agent) are you able to create the file manually using command line ?

# touch /var/log/nifi/nifi-setup.log

.

Re: Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

@Jay Kumar SenSharma

[ambari@c6805 ~]$ sudo touch /var/log/nifi/nifi-setup.log

I am able to successfully run this command.