search

Isilon / isilon_hadoop_tools

Tools for Using Hadoop with OneFS
https://pypi.org/project/isilon-hadoop-tools/
MIT License
14 stars 21 forks source link

Found the shortage of the users for ambari #66

Closed ryojsb closed 1 year ago

ryojsb commented 5 years ago

Added the 3user (rm, amshbase and jhs) to hwx's SUPERUSER in isilon_create_user.sh because these users need to exist when ambari linked to isilon is kerberized.

ryojsb commented 5 years ago

We practiced from page 48 "Active Directory section".

Yesterday,when we restart the ambari metrics, we hit the error below.

2019-07-11T18:53:20+09:00 <30.6> isilon01-1 hdfs[8072]: [hdfs] RPC V9 user: amshbase/@ exception: org.apache.hadoop.security.authorize.AuthorizationException cause: Username: 'amshbase/@' not found. Make sure your client's username exists on the cluster

After we did the addition amshbase to isilon, We send the command [isi zone modify zone1-hdp --add-user-mapping-rules="amshbase=>ams"]

Then, This problem is solved.

About the environment we did is below. hwx HDP-3.0.1.0-centos7-rpm.tar.gz HDP-UTILS-1.1.0.22-centos7.tar.gz HDP-GPL-3.0.1.0-centos7-gpl.tar.gz HDF-3.4.1.1-centos7-rpm.tar.gz ambari-2.7.1.0-centos7.tar.gz

isilon OneFS 8.1.2 OneFS 8.2.0

ryojsb commented 5 years ago

Add "nm" for Spark Livy Server and Thrift Server in kerberized cluster.

ryojsb commented 5 years ago

nifiregistry and nifi doesn't make an effect on some ambari service. However, unless these user is added, the difference in user occur between ambari server and isilon.

tucked commented 5 years ago

nm is like rm and jhs... They are principals that should be changed to avoid issues like the ones you're probably seeing.

I believe we are looking into amshbase.

nifiregistry and nifi doesn't make an effect on some ambari service.

Does this mean you're not seeing an error involving/requiring those users?

We'd really like to keep what these scripts do to a minimum (and let Ambari manage as much as possible). If these users aren't required to have a working deploy, maybe we should just let those be added manually if they are desired.

ryojsb commented 5 years ago

Exactly. As you said, "nifi" and "nifiregistry" don't matter just in the deployment of ambari. I understand what you want to say, so I omitted them.

tucked commented 1 year ago

This hasn't come up again, and the legacy branch is long, long out of support at this time. If this is still needed, please re-submit to the main branch.