Overview:

IOP 4.2 provides the ability to manage the UIDs of service accounts for services managed by Ambari. Users have the option to let Ambari create service users with UIDs specified at install time. This enables keeping the UID for a service user consistent across the nodes in a cluster.

This blog provides an example of having Ambari manage UIDs for a service. We will pick ZooKeeper service user as an example and create the zookeeper user with a UID specified at install time.

I. Specifying the UID of a service user:

Depending on the method used for installing the cluster, the UID of a service user can be specified in one of the following ways:

1. When the cluster is installed using Ambari web UI:

If the cluster is being installed using the Cluster Install Wizard in the Ambari web user interface, the following steps must be completed.

 a. Enable specifying UIDs for service accounts in the Cluster Install / Add Service wizard:

1. Before cluster creation / service install, the UID property must be added to the <service-name>-env.xml.

For this example, we will add the following property to the zookeeper-env.xml before service install:

<property>
   <name>zookeeper_uid</name>
   <value>1441</value>
   <display-name>ZooKeeper uid</display-name>
   <property-type>UID</property-type>
   <description>Zookeeper local uid.</description>
</property>

Note: The uid property must follow the pattern <service-user>_uid

You can specify a value for the property or leave it blank. The value of the UID property can be specified / modified during service install.

2. Restart ambari-server so that the newly added UID property will be available during service install.

b. Select the option to manage UIDs in the Cluster Install Wizard:

During cluster creation, users can make the decision to have Ambari manage UIDs.

To allow Ambari to¬†manage UIDs, a configuration property ‘Have Ambari manage UIDs’¬†is available in the Misc services tab of the Cluster Install Wizard.

For this example, we will check the¬†property so that we can view and modify the UID for ZooKeeper service user “zookeeper”.

Note: If users choose not to have Ambari manage UIDs during cluster install, they cannot change this decision when adding services to the cluster, post cluster creation.

c. View and/or Modify the UID value for a service user during install:

If the UID property has been specified in the <service>-env.xml, you can view and/or modify its value when installing the service as follows.

1. In the Misc tab, if the configuration property “Have Ambari manage UIDs” is checked, a text-box that displays the UID value will appear next to the service user property field for each service user for which the UID property has been specified in the corresponding <service-name>-env.xml. The value for UID field can be edited as required.

For this example, since we added the UID property in the zookeeper-env.xml, we can see the UID displayed next to the ZooKeeper service user.

We will change the ZooKeeper uid value to 1440.

Once the desired value has been specified, users can proceed with the install as usual.

       Note: We assume that the UID 1440 is available on all the hosts in the cluster. In case the UID is unavailable on one of the hosts, service installation on that host will fail.

2. When the cluster is installed using an Ambari blueprint:

If the cluster is being installed using an Ambari blueprint, the following must be added to the configuration in the blueprint json file that defines the cluster configuration:

a. The override_uid flag which indicates that the user wishes to have Ambari manage user ids must be set to true.

b. The <service-user>_uid field must be specified along with the desired value of UID.

For this example, we will add the uid for the zookeeper user to the blueprint json file as follows:

“configurations” : [{

¬† ¬† ¬†“cluster-env” : {
¬† ¬† ¬† ¬† ¬† “override_uid” : “true”
      }

},
{

¬† ¬† ¬† “zookeeper-env” : {

¬† ¬† ¬† ¬† ¬† ¬† “zookeeper_uid” : “1440”
      }
}],   

The blueprint json file can then be used when installing a cluster using blueprint.

II. Verifying the UID of a service user post install:

After successful installation of the service, you can verify the UID of the service user on all nodes in the cluster where the service is installed by running

id -u <username>

For this example, we will verify that the zookeeper service user has been created with the desired UID of 1440 by running:

id -u zookeeper 
1440

 

 

 

 

Join The Discussion

Your email address will not be published. Required fields are marked *