Support Questions

rajeswaran_govi · ‎12-26-2018

HDP 2.6.4 on RHEL 7

Ambari is running under non-root user. While enabling Kerberos using Ambari, "Configure Ambari Identity" step errors out as the keytab file, /etc/security/keytabs/spnego.service.keytab is owned by non-root Ambari user. Error: ambari.server.AmbariException:chown: changing ownership of ‘/usr/hdp/security/keytabs/spnego.service.keytab’: Operation not permitted

The .csv file shows it has to be owned by root:hadoop and the non-root user is not able to do chown due to OS limitations. How to get around this issue ?

Can the Ambari-server be changed to run as root user by running "ambari-server setup" and restarting Ambari at this point and then restart "Enable Kerberos Wizard" ?

Any advice is welcome.

akhilsnaik · ‎12-26-2018

Hi @Rajeswaran Govindan ,

If you cant give the suoders permissions as listed docs , Its always better to run the ambari-server as root.

to run ambari server again as root again follow this steps

1)stop ambari-server
[root@asnaik-asnaik1 ~]# ambari-server stop
Using python  /usr/bin/python
Stopping ambari-server
Waiting for server stop...
Ambari Server stopped
2) perform ambari-server setup and customize the user-account for ambari server
[root@asnaik-asnaik1 ~]# ambari-server setup
Using python  /usr/bin/python
Setup ambari-server
Checking SELinux...
SELinux status is 'enabled'
SELinux mode is 'permissive'
WARNING: SELinux is set to 'permissive' mode and temporarily disabled.
OK to continue [y/n] (y)?
Customize user account for ambari-server daemon [y/n] (n)? y
Enter user account for ambari-server daemon (root):root
Adjusting ambari-server permissions and ownership...
WARNING: Command chown  -R -L root /var/lib/ambari-server returned exit code /var/lib/ambari-server with message: chown: cannot dereference ‘/var/lib/ambari-server/resources/mysql-connector-java.jar’: No such file or directory
chown: cannot dereference ‘/var/lib/ambari-server/resources/mysql-jdbc-driver.jar’: No such file or directory
Checking firewall status...
Checking JDK...
Do you want to change Oracle JDK [y/n] (n)? n
Checking GPL software agreement...
Completing setup...
Configuring database...
Enter advanced database configuration [y/n] (n)? n
Configuring database...
....
3) start ambari-server
[root@asnaik-asnaik1 ~]# ambari-server start
Using python  /usr/bin/python
Starting ambari-server
Ambari Server running with administrator privileges.
Organizing resource files at /var/lib/ambari-server/resources...

Refer to help : https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.0/bk_ambari-installation/content/set_up_the_a...

If you have any doubt.

Please accept this answer if its helpful

View solution in original post

sampathkumar_ma · ‎12-26-2018

Hi @Rajeswaran Govindan,

Since Ambari is running a non-privileged user, it is possible that the chown for keytab file failed due to permission issues.

Make sure that the sudoers file is setup properly. Please refer the below documentation for this.

http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/sudoer_configurat...

Hope this helps!

rlevas · ‎12-26-2018

@Rajeswaran Govindan

If you are running the Ambari server as a non-root user, then you need to set up sudoers so that Ambari can properly sudo and execute the needed commands. See https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/sudoer_configuration_se... for information on how to set this up.

rajeswaran_govi · ‎12-26-2018

Thanks you Robert and Sampath. In our environment editing the sudoers file is not an option.