Isilon / isilon_hadoop_tools

Tools for Using Hadoop with OneFS
https://pypi.org/project/isilon-hadoop-tools/
MIT License
14 stars 21 forks source link

workaround to run script "The authentication provider was created in a zone that makes it unmodifiable" #72

Closed ariffewear closed 4 years ago

ariffewear commented 5 years ago

Hi master,

how to run isilon_create_users as local zone provider. because running it using default causing me "The authentication provider was created in a zone that makes it unmodifiable" error

seanvetter commented 5 years ago

Can you give a little more information? I'm not even sure what this error means. Is this Isilon cluster setup with anything special, hardening, compliance, worm, AD, LDAP, kerberos? Does it work if you create a temporary zone and try running it in that zone? What version of onefs and what distribution of hadoop?

Are you by chance trying to run this script in the system zone but are currently in a different zone?

ngie-eign commented 5 years ago

@ariffewear: please provide more information about the invocation so we can help you, e.g.,

  1. Target OneFS version.
  2. Arguments provided when invoking the script.

Please be sure to omit/remove/obscure any and all identifiable information from the output when providing it, e.g., cluster IP addresses, usernames, passwords, etc.

I recommend using Gist, when posting the information; just be sure to paste a link to the Gist in this issue.

tucked commented 4 years ago

The only way I have been able to reproduce this is by replacing the zone's default local provider (e.g. lsa-local-provider:somezone) with the System local provider before running isilon_create_users:

isi zone modify somezone --auth-providers=lsa-local-provider:System

Any chance that is what happened here?

bonibruno commented 4 years ago

The key is to make sure the Auth Prodivider is pointing to the same zone you are trying to modify. If for example you are modifying the customer-az zone with this script and your Auth Providers is pointing to a different zone you will get this error. Check your auth setting with "isi zone view".

Isilon OneFS v8.2.1.0

isi zone view customer-az

                   Name: customer-az
                   Path: /ifs/data/testing
               Groupnet: groupnet0
          Map Untrusted:
         **Auth Providers: lsa-local-provider:customer-az**
           NetBIOS Name:
     User Mapping Rules: -
   Home Directory Umask: 0077
     Skeleton Directory: /usr/share/skel
     Cache Entry Expiry: 4H

Negative Cache Entry Expiry: 1m Zone ID: 2

bonibruno commented 4 years ago

This issue is a result of a misconfiguration of the auth provider pointing to a different zone than where the isilon_hadoop_tools were executed on. Users can check auth settings with isi zone view. If you get this "unmodifiable" error it's because your auth provider is pointing to a different zone.