AMBARI-1343. Service Check fails after secure install due to wrong kinit path. (Siddharth Wagle via mahadev)

git-svn-id: https://svn.apache.org/repos/asf/incubator/ambari/trunk@1448903 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -318,6 +318,9 @@ Trunk (unreleased changes):
  AMBARI-1357. Smoke Tests failing on secure cluster. (Siddharth Wagle via
  mahadev)
 
+ AMBARI-1343. Service Check fails after secure install due to wrong kinit
+ path. (Siddharth Wagle via mahadev) 
+
  BUG FIXES
 
  AMBARI-1455. Setting App.testMode=true, alwaysGoToInstaller=true does not

ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp

@@ -297,7 +297,7 @@ define hdp-hadoop::exec-hadoop(
       $keytab = "${hdp-hadoop::params::keytab_path}/${user}.headless.keytab" 
       $principal = $user
     }
-    $kinit_if_needed = "/usr/kerberos/bin/kinit  -kt ${keytab} ${principal}; "
+    $kinit_if_needed = "${kinit_path_local} -kt ${keytab} ${principal}; "
   } else {
     $kinit_if_needed = ""
   }

ambari-agent/src/main/puppet/modules/hdp-hcat/manifests/hcat/service_check.pp

@@ -28,7 +28,7 @@ class hdp-hcat::hcat::service_check()
   $smoke_user_keytab = "${hdp-hcat::params::keytab_path}/${smoke_test_user}.headless.keytab"
 
   if ($security_enabled == true) {
-    $smoke_user_kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+    $smoke_user_kinitcmd="${kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user}; "
   } else {
     $smoke_user_kinitcmd=""
   }

ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_hive_metastore_status.sh

@@ -27,7 +27,8 @@ SEC_ENABLED=$4
 if [[ "$SEC_ENABLED" == "true" ]]; then
   NAGIOS_KEYTAB=$5
   NAGIOS_USER=$6
-  out1=`/usr/kerberos/bin/kinit -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
+  KINIT_PATH=$7
+  out1=`${KINIT_PATH} -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
   if [[ "$?" -ne 0 ]]; then
     echo "CRITICAL: Error doing kinit for nagios [$out1]";
     exit 2;

ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_oozie_status.sh

@@ -27,7 +27,8 @@ SEC_ENABLED=$4
 if [[ "$SEC_ENABLED" == "true" ]]; then
   NAGIOS_KEYTAB=$5
   NAGIOS_USER=$6
-  out1=`/usr/kerberos/bin/kinit -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
+  KINIT_PATH=$7
+  out1=`${KINIT_PATH} -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
   if [[ "$?" -ne 0 ]]; then
     echo "CRITICAL: Error doing kinit for nagios [$out1]";
     exit 2;

ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_templeton_status.sh

@@ -27,7 +27,8 @@ SEC_ENABLED=$4
 if [[ "$SEC_ENABLED" == "true" ]]; then 
   NAGIOS_KEYTAB=$5
   NAGIOS_USER=$6
-  out1=`/usr/kerberos/bin/kinit -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
+  KINIT_PATH=$7
+  out1=`${KINIT_PATH} -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
   if [[ "$?" -ne 0 ]]; then
     echo "CRITICAL: Error doing kinit for nagios [$out1]";
     exit 2;

ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb

@@ -425,7 +425,7 @@ define service {
         service_description     HIVE-METASTORE::Hive Metastore status check
         servicegroups           HIVE-METASTORE
         <%if scope.function_hdp_template_var("security_enabled")-%>
-        check_command           check_hive_metastore_status!9083!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>
+        check_command           check_hive_metastore_status!9083!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>/"/usr/bin/kinit"
         <%else-%>
         check_command           check_hive_metastore_status!9083!<%=scope.function_hdp_template_var("java64_home")%>!false
         <%end-%>
@@ -442,7 +442,7 @@ define service {
         service_description     OOZIE::Oozie Server status check
         servicegroups           OOZIE
         <%if scope.function_hdp_template_var("security_enabled")-%>
-        check_command           check_oozie_status!11000!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>
+        check_command           check_oozie_status!11000!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>/"/usr/bin/kinit"
         <%else-%>
         check_command           check_oozie_status!11000!<%=scope.function_hdp_template_var("java64_home")%>!false
         <%end-%>
@@ -459,7 +459,7 @@ define service {
         service_description     WEBHCAT::WebHCat Server status check
         servicegroups           WEBHCAT 
         <%if scope.function_hdp_template_var("security_enabled")-%>
-        check_command           check_templeton_status!50111!v1!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>
+        check_command           check_templeton_status!50111!v1!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>/"/usr/bin/kinit"
         <%else-%>
         check_command           check_templeton_status!50111!v1!false
         <%end-%>

ambari-agent/src/main/puppet/modules/hdp-oozie/files/oozieSmoke.sh

@@ -77,7 +77,7 @@ sed -i "s|jobTracker=localhost:9001|jobTracker=$JOBTRACKER|g" examples/apps/map-
 sed -i "s|oozie.wf.application.path=hdfs://localhost:9000|oozie.wf.application.path=$NAMENODE|g" examples/apps/map-reduce/job.properties
 
 if [[ $security_enabled == "true" ]]; then
-  kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+  kinitcmd="${kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user}; "
   echo "dfs.namenode.kerberos.principal=nn/`echo ${NNHOST} | tr '[:upper:]' '[:lower:]'`@${realm}" >> examples/apps/map-reduce/job.properties
   echo "mapreduce.jobtracker.kerberos.principal=jt/`echo ${JTHOST} | tr '[:upper:]' '[:lower:]'`@${realm}" >> examples/apps/map-reduce/job.properties
 else 

ambari-agent/src/main/puppet/modules/hdp-sqoop/manifests/sqoop/service_check.pp

@@ -27,7 +27,7 @@ class hdp-sqoop::sqoop::service_check()
   $security_enabled=$hdp::params::security_enabled
   $smoke_user_keytab = "${hdp-sqoop::params::keytab_path}/${smoke_test_user}.headless.keytab"
   if ($security_enabled == true) {
-    $smoke_user_kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+    $smoke_user_kinitcmd="${kinit_path_local}  -kt ${smoke_user_keytab} ${smoke_test_user}; "
   } else {
     $smoke_user_kinitcmd=""
   }

ambari-agent/src/main/puppet/modules/hdp-templeton/files/templetonSmoke.sh

@@ -27,7 +27,7 @@ export security_enabled=$4
 export ttonurl="http://${ttonhost}:50111/templeton/v1"
 
 if [[ $security_enabled == "true" ]]; then
-  kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+  kinitcmd="${kinit_path_local}  -kt ${smoke_user_keytab} ${smoke_test_user}; "
 else
   kinitcmd=""
 fi

ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp

@@ -33,6 +33,7 @@ class hdp::params()
   $kerberos_domain = hdp_default("kerberos_domain","EXAMPLE.COM")
   $smoketest_user_secure_uid = hdp_default("smoketest_user_secure_uid",1012)
   ## $smoketest_user_secure_uid = 1012
+  $kinit_path_local = hdp_default("kinit_path_local","/usr/bin/kinit")
 
   ###### hostnames
   $namenode_host = hdp_default("namenode_host")

contrib/addons/src/addOns/nagios/plugins/check_hadoop.sh

@@ -23,6 +23,7 @@
 user=""
 secure="false"
 keytab=""
+kinit_path="/usr/kerberos/bin/kinit"
 while getopts ":u:k:s" opt; do
   case $opt in
     u)
@@ -57,8 +58,12 @@ if [[ "$keytab" == "" ]]; then
   keytab="/homes/$user/$user.headless.keytab"
 fi
 
+if [[ ! -f "$kinit_path" ]]; then
+  kinit_path="kinit"
+fi
+
 if [[ "$secure" == "true" ]]; then
-  sudo -u $user -i "/usr/kerberos/bin/kinit -kt $keytab $user" > ${outfile} 2>&1
+  sudo -u $user -i "$kinit_path -kt $keytab $user" > ${outfile} 2>&1
 fi
 
 sudo -u $user -i "hadoop dfs -copyFromLocal /etc/passwd ${fname}.input " > ${outfile} 2>&1

contrib/addons/src/addOns/nagios/plugins/check_hbase.sh

@@ -23,6 +23,7 @@
 user=""
 secure="false"
 keytab=""
+kinit_path="/usr/kerberos/bin/kinit"
 while getopts ":u:k:s" opt; do
   case $opt in
     u)
@@ -57,8 +58,12 @@ if [[ "$keytab" == "" ]]; then
   keytab="/homes/$user/$user.headless.keytab"
 fi
 
+if [[ ! -f "$kinit_path" ]]; then
+  kinit_path="kinit"
+fi
+
 if [[ "$secure" == "true" ]]; then
-  sudo -u $user -i "/usr/kerberos/bin/kinit -kt $keytab $user" > ${outfile} 2>&1
+  sudo -u $user -i "$kinit_path -kt $keytab $user" > ${outfile} 2>&1
 fi
 
 output=`sudo -u $user -i "echo status | /usr/bin/hbase --config /etc/hbase shell"`