AMBARI-13295. ACCUMULO_TRACER START failed after enabling Kerberos (dlysnichenko)

ambari-common/src/main/python/resource_management/libraries/functions/__init__.py

@@ -42,7 +42,7 @@ from resource_management.libraries.functions.get_hdp_version import *
 from resource_management.libraries.functions.get_lzo_packages import *
 from resource_management.libraries.functions.setup_ranger_plugin import *
 from resource_management.libraries.functions.curl_krb_request import *
-
+from resource_management.libraries.functions.get_bare_principal import *
 IS_WINDOWS = platform.system() == "Windows"
 
 if IS_WINDOWS:

ambari-common/src/main/python/resource_management/libraries/functions/get_bare_principal.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+import re
+__all__ = ["get_bare_principal"]
+
+
+def get_bare_principal(normalized_principal_name):
+  """
+  Given a normalized principal name (nimbus/c6501.ambari.apache.org@EXAMPLE.COM) returns just the
+  primary component (nimbus)
+  :param normalized_principal_name: a string containing the principal name to process
+  :return: a string containing the primary component value or None if not valid
+  """
+
+  bare_principal = None
+
+  if normalized_principal_name:
+    match = re.match(r"([^/@]+)(?:/[^@])?(?:@.*)?", normalized_principal_name)
+
+    if match:
+      bare_principal = match.group(1)
+
+  return bare_principal

ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/params.py

@@ -23,6 +23,7 @@ from resource_management.libraries.resources.hdfs_resource import HdfsResource
 from resource_management.libraries.functions import format
 from resource_management.libraries.functions.version import format_hdp_stack_version
 from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
 from resource_management.libraries.script.script import Script
 
 import status_params
@@ -142,6 +143,7 @@ accumulo_principal_name = config['configurations']['accumulo-env']['accumulo_pri
 # kinit properties
 kinit_path_local = status_params.kinit_path_local
 if security_enabled:
+  bare_accumulo_principal = get_bare_principal(config['configurations']['accumulo-site']['general.kerberos.principal'])
   kinit_cmd = format("{kinit_path_local} -kt {accumulo_user_keytab} {accumulo_principal_name};")
 else:
   kinit_cmd = ""

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py

@@ -26,26 +26,10 @@ from ambari_commons.constants import AMBARI_SUDO_BINARY
 from resource_management.libraries.functions import format
 from resource_management.libraries.functions.version import format_hdp_stack_version
 from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
 from resource_management.libraries.script import Script
 
 
-def get_bare_principal(normalized_principal_name):
-  """
-  Given a normalized principal name (nimbus/c6501.ambari.apache.org@EXAMPLE.COM) returns just the
-  primary component (nimbus)
-  :param normalized_principal_name: a string containing the principal name to process
-  :return: a string containing the primary component value or None if not valid
-  """
-
-  bare_principal = None
-
-  if normalized_principal_name:
-    match = re.match(r"([^/@]+)(?:/[^@])?(?:@.*)?", normalized_principal_name)
-
-    if match:
-      bare_principal = match.group(1)
-
-  return bare_principal
 
 
 # server configurations

ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json

@@ -84,6 +84,11 @@
             "general.delegation.token.lifetime": "7d",
             "general.delegation.token.update.interval": "1d"
           }
+        },
+        {
+          "client": {
+            "kerberos.server.primary": "{{bare_accumulo_principal}}"
+          }
         }
       ],
       "components": [