In Ambari 2.2.0, the Regenerate Keytabs button should be available, if Kerberos was enabled using the MIT KDC or Active Directory options, not the manual option. In the manual case, the user is responsible for managing the Kerberos identities and therefore must manually create and distribute the keytab files. Because of this, the Regenerate Keytabs button will not be available.
However, if either the MIT KDC or Active Directory options were selected, than maybe you have hit an issue that seems to have been introduced in Ambari 2.1.2 and hopefully fixed in Ambari 2.2.1. This issue causes service configurations to get removed from the Ambari database. I am not sure what is causing this; however if the Kerberos-related configurations are affected the Regenerate Keytabs button will go missing. Other issue will be seen as well. For example starting and stopping some services may encounter an error claiming the kerberos-env configurations is missing and the request operation fails to go through.
To fix this issue, the keberos-env and krb5-conf configuration need to be recreated via the Ambari REST API.
For example:
PUT /api/v1/clusters/CLUSER_NAME
[
{
"Clusters": {
"desired_config": {
"type": "krb5-conf",
"tag": "version1",
"properties": {
"domains":"",
"manage_krb5_conf": "true",
"conf_dir":"/etc",
"content" : "[libdefaults]\n renew_lifetime = 7d\n forwardable= true\n default_realm = {{realm|upper()}}\n ticket_lifetime = 24h\n dns_lookup_realm = false\n dns_lookup_kdc = false\n #default_tgs_enctypes = {{encryption_types}}\n #default_tkt_enctypes ={{encryption_types}}\n\n{% if domains %}\n[domain_realm]\n{% for domain in domains.split(',') %}\n {{domain}} = {{realm|upper()}}\n{% endfor %}\n{%endif %}\n\n[logging]\n default = FILE:/var/log/krb5kdc.log\nadmin_server = FILE:/var/log/kadmind.log\n kdc = FILE:/var/log/krb5kdc.log\n\n[realms]\n {{realm}} = {\n admin_server = {{admin_server_host|default(kdc_host, True)}}\n kdc = {{kdc_host}}\n }\n\n{# Append additional realm declarations below #}\n"
}
}
}
},
{
"Clusters": {
"desired_config": {
"type": "kerberos-env",
"tag": "version1",
"properties": {
"kdc_type": "mit-kdc",
"manage_identities": "true",
"install_packages": "true",
"encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
"realm" : "EXAMPLE.COM",
"kdc_host" : "hdc.host",
"admin_server_host" : "kadmin.host",
"executable_search_paths" : "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin",
"password_length": "20",
"password_min_lowercase_letters": "1",
"password_min_uppercase_letters": "1",
"password_min_digits": "1",
"password_min_punctuation": "1",
"password_min_whitespace": "0",
"service_check_principal_name" : "${cluster_name}-${short_date}",
"case_insensitive_username_rules" : "false"
}
}
}
}
]
NOTE: This example will need to be modified to set the appropriate properties for the relevant cluster.
