I do not have any information on in the release date of the next version of Ambari. This way of authenticating to the kadmin server is new for Ambari 2.7, so your issue would not have been seen in previous versions ... View more

@huzaira bashir It seems like there may be an issue exporting keytab files from the KDC. Can you try to do this manually using the admin user you configured in Ambari? /bin/kinit -c /tmp/my_cc -S kadmin/<KDC Admin Server Host> <KDC Admin Principal Name> /bin/kadmin -c /tmp/my_cc -s <KDC Admin Server Host> -r <Realm> -q "xst -k /tmp/ambari_tmp.keytab -e des3-cbc-sha1-kd:normal,rc4-hmac:normal,des-cbc-md5:normal,aes128-cts-hmac-sha1-96:normal,aes256-cts-hmac-sha1-96:normal ambari-qa-<Cluster Name>@<Realm>" /bin/klist -kte /tmp/ambari_tmp.keytab You will need to change the specifics to match your cluster. For my cluster I am using: KDC Admin Server Host: c7402.ambari.apache.org KDC Admin Principal Name: admin/admin!@EXAMPLE.COM Realm: EXAMPLE.COM Cluster Name: c1 Also, I assume that you haven't changed: The default temporary directory: /tmp The kadmin principal name: kadmin/<KDC Admin Server Host> The format of the Ambari smoke user principal name: ambari-qa-<Cluster Name>@<Realm> The default encryption types: aes des3-cbc-sha1 rc4 des-cbc-md5 Using the commands from above, I get the following: [root@c7402 ~]# /bin/kinit -c /tmp/my_cc -S kadmin/c7402.ambari.apache.org admin/admin@EXAMPLE.COM Password for admin/admin@EXAMPLE.COM:<br>[root@c7402 ~]# /bin/kadmin -c /tmp/my_cc -s c7402.ambari.apache.org -r EXAMPLE.COM -q "xst -k "/tmp/ambari_tmp.keytab" -e des3-cbc-sha1-kd:normal,rc4-hmac:normal,des-cbc-md5:normal,aes128-cts-hmac-sha1-96:normal,aes256-cts-hmac-sha1-96:normal ambari-server-c1@EXAMPLE.COM" Authenticating as principal admin/admin@EXAMPLE.COM with existing credentials. Entry for principal ambari-server-c1@EXAMPLE.COM with kvno 4, encryption type des3-cbc-sha1 added to keytab WRFILE:/tmp/ambari_tmp.keytab. Entry for principal ambari-server-c1@EXAMPLE.COM with kvno 4, encryption type arcfour-hmac added to keytab WRFILE:/tmp/ambari_tmp.keytab. Entry for principal ambari-server-c1@EXAMPLE.COM with kvno 4, encryption type des-cbc-md5 added to keytab WRFILE:/tmp/ambari_tmp.keytab. Entry for principal ambari-server-c1@EXAMPLE.COM with kvno 4, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/ambari_tmp.keytab. Entry for principal ambari-server-c1@EXAMPLE.COM with kvno 4, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/ambari_tmp.keytab. Administration credentials NOT DESTROYED.<br>[root@c7402 ~]# /bin/klist -kte /tmp/ambari_tmp.keytab Keytab name: FILE:/tmp/ambari_tmp.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 4 01/09/2019 15:31:29 ambari-server-c1@EXAMPLE.COM (des3-cbc-sha1) 4 01/09/2019 15:31:29 ambari-server-c1@EXAMPLE.COM (arcfour-hmac) 4 01/09/2019 15:31:29 ambari-server-c1@EXAMPLE.COM (des-cbc-md5) 4 01/09/2019 15:31:29 ambari-server-c1@EXAMPLE.COM (aes128-cts-hmac-sha1-96) 4 01/09/2019 15:31:29 ambari-server-c1@EXAMPLE.COM (aes256-cts-hmac-sha1-96) Can you try this to see if you get any errors? ... View more

@huzaira bashir Is the Ambari server on a host that is registered with the cluster? If not, I was recently alerted to an issue where this case was causing an error. But enabling Kerberos would have failed for you... unless you had enabled Kerberos before upgrading to Ambari 2.7.1. See AMBARI-25088 - Enable Kerberos fails when Ambari server is not on a registered host. ... View more

@huzaira bashir Can you take a look at your Ambari server log (/var/log/ambari-server/ambari-server.log) and see if there are any interesting error messages? ... View more

@Rajeswaran Govindan If you are running the Ambari server as a non-root user, then you need to set up sudoers so that Ambari can properly sudo and execute the needed commands. See https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/sudoer_configuration_server.html for information on how to set this up. ... View more

I am at a loss as far as what the issue is. All tests I have proposed yielded results that make it seem like all should be working. Maybe Manually remove the credential from the credential store Restart Ambari Add it again, through Ambari when it asks for it To remove the credential using keytool - <JAVA_HOME>/bin/keytool -remove -alias -keystore /var/lib/ambari-server/keys/credentials.jceks -store-type JCEKS ... View more

@Qureshi F The column in question should be able to hold a hostname that is 255 characters long. Either the _hosts_ table in your database has been modified or your host name is really large. Can you log into your Ambari database and execute DESCRIBE hosts; Then post the results. No data will be returned, just the table definition. If the column type for hosts.public_host_name does not look lime the following, then someone or something has changed it and we need to get it fixed. public_host_name VARCHAR(255), I have to assume that your hostnames are not larger than 255 characters long. ... View more

So Ambari really cannot find the KDC administrator credentials. Can you execute the following to see if the alias exists in the Ambari credential store? <JAVA_HOME>/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -store-type JCEKS For Example: [root@c7401 ~]# /usr/jdk64/jdk1.8.0_112/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -store-type JCEKS Enter keystore password: Keystore type: JCEKS Keystore provider: SunJCE Your keystore contains 2 entries cluster.ambari_predev.kdc.admin.credential, Dec 12, 2018, SecretKeyEntry, ambari.db.password, Dec 12, 2018, SecretKeyEntry, Here you see that my persisted KDC admin credential is listed as cluster.ambari_predev.kdc.admin.credential. If you do not see this, then something is wrong. ... View more