Kerberos: kadmin.local: no existe tal archivo o directorio al inicializar la interfaz kadmin.local (cloudera quickstart) [cerrado]

Navega tus respuestas
1

Estoy ejecutando (como sudo) una secuencia de comandos para configurar Kerberos (que pegaré a continuación) en una máquina CentOS (en un contenedor Cloudera Quickstart Docker).
Lo extraño es que he ejecutado con éxito este script muchas veces en otras máquinas.

Lamentablemente, no trabajo y recibo el error mencionado anteriormente.

En más detalle, este es el script que ejecuté: 

#! /usr/bin/env bash

set -e

function terminate() {
    if [ "${PAUSE}" == 'true' ]; then
        read -p "Press [Enter] to exit..."
    fi
    exit ${1}
}

function ensure_user_is_root() {
    if [[ "$EUID" -ne "0" ]]; then
        echo "You must run this script as root. Try 'sudo ${0} ${@}'."
        terminate 1
    fi
}

function parse_arguments() {
    for argument in ${@}; do
        if [ "${argument}" == '--force' ]; then
            export FORCE='true'
        elif [ "${argument}" == '--pause' ]; then
            export PAUSE='true'
        else
            echo "Unknown option: ${argument}"
            terminate 1
        fi
    done
}

function log() {
    echo "[QuickStart] ${1}"
}

parse_arguments ${@}

KERBEROS_REALM=${KERBEROS_REALM:-CLOUDERA}
KERBEROS_DOMAIN=${KERBEROS_DOMAIN:-cloudera}
KERBEROS_HOSTNAME=${KERBEROS_HOSTNAME:-quickstart.${KERBEROS_DOMAIN}}
KERBEROS_PRINCIPAL=${KERBEROS_PRINCIPAL:-cloudera-scm/admin}
KERBEROS_PASSWORD=${KERBEROS_PASSWORD:-cloudera}
JAVA_HOME=${JAVA_HOME:-/usr/java/jdk1.7.0_*-cloudera}

ensure_user_is_root

# Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
# for JDK/JRE 7 must be installed in order to use 256-bit AES encryption
#if [ ! -e /home/cloudera/Downloads/UnlimitedJCEPolicyJDK7.zip ]; then
#    echo "You must first download the \"Java Cryptography Extension (JCE) Unlimited"
#    echo "Strength Jurisdiction Policy Files for JDK/JRE 7\" to /home/cloudera/Downloads."
#    echo "You can download them here:"
#    echo ""
#    echo "    http://www.oracle.com/technetwork/java/javase/downloads/index.html"
#    echo ""
#    terminate 2
#fi

#log 'Unpacking Unlimited JCE policy files...'
#cd /tmp
#unzip /home/cloudera/Downloads/UnlimitedJCEPolicyJDK7.zip

#log 'Installing Unlimited JCE policy files...'
#mv UnlimitedJCEPolicy/*.jar ${JAVA_HOME}/jre/lib/security/

log 'Installing Kerberos...'
yum install -y krb5-server krb5-workstation openldap
chkconfig krb5kdc on
chkconfig kadmin on

touch /var/lib/cloudera-quickstart/.kerberos

log 'Configuring Kerberos...'

cat > /etc/krb5.conf <<EOF
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = ${KERBEROS_REALM}
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 ${KERBEROS_REALM} = {
  kdc = ${KERBEROS_HOSTNAME}
  admin_server = ${KERBEROS_HOSTNAME}
  max_renewable_life = 7d 0h 0m 0s
  default_principal_flags = +renewable
 }

[domain_realm]
 .${KERBEROS_DOMAIN} = ${KERBEROS_REALM}
 ${KERBEROS_DOMAIN} = ${KERBEROS_REALM}
EOF

cat > /var/kerberos/krb5kdc/kdc.conf <<EOF
[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88

[realms]
 ${KERBEROS_REALM} = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  # Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
  # for JDK/JRE 7 must be installed in order to use 256-bit AES encryption (aes256-cts:normal)
  supported_enctypes = aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal max_life = 30d
  max_renewable_life = 30d
 }
EOF

echo "*/admin@${KERBEROS_REALM}  *" > /var/kerberos/krb5kdc/kadm5.acl

log 'Setting root password for Kerberos...'
expect - <<EOF
set timeout 60

spawn kdb5_util create -s
expect "Enter KDC database master key:"
send "${KERBEROS_PASSWORD}\r"
expect "Re-enter KDC database master key to verify:"
send "${KERBEROS_PASSWORD}\r"
expect eof
EOF

log 'Creating Kerberos principal...'
expect - <<EOF
set timeout 60

spawn kadmin.local -q "addprinc ${KERBEROS_PRINCIPAL}"
expect "Enter password for principal \"${KERBEROS_PRINCIPAL}@${KERBEROS_REALM}\":"
send "${KERBEROS_PASSWORD}\r"
expect "Re-enter password for principal \"${KERBEROS_PRINCIPAL}@${KERBEROS_REALM}\":"
send "${KERBEROS_PASSWORD}\r"
expect eof
EOF

log 'Starting Kerberos services...'
service krb5kdc start
service kadmin start

cat <<EOF
________________________________________________________________________________

Success! Kerberos is now running. You can enable Kerberos in a Cloudera Manager
cluster from the drop-down menu for that cluster on the CM home page. It will
ask you to confirm that this script performed the following steps:

    * set up a working KDC.
    * checked that the KDC allows renewable tickets.
    * installed the client libraries.
    * created a proper account for Cloudera Manager.

Then, it will prompt you for the following details (accept defaults if not
specified here):

    KDC Type:                MIT KDC
    KDC Server Host:         ${KERBEROS_HOSTNAME}
    Kerberos Security Realm: ${KERBEROS_REALM}

Later, it will prompt you for KDC account manager credentials:

    Username: ${KERBEROS_PRINCIPAL} (@ ${KERBEROS_REALM})
    Password: ${KERBEROS_PASSWORD}

EOF

terminate

Y esta es la salida exacta que recibo: 

[root@quickstart /]# sudo ./home/cloudera/kerberos
[QuickStart] Installing Kerberos...
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: ftp.cvut.cz
 * epel: mirror.slu.cz
 * extras: ftp.cvut.cz
 * updates: ftp.cvut.cz
Package krb5-server-1.10.3-65.el6.x86_64 already installed and latest version
Package krb5-workstation-1.10.3-65.el6.x86_64 already installed and latest version
Package openldap-2.4.40-16.el6.x86_64 already installed and latest version
Nothing to do
[QuickStart] Configuring Kerberos...
[QuickStart] Setting root password for Kerberos...
spawn kdb5_util create -s
Loading random data
cloudera
cloudera
[QuickStart] Creating Kerberos principal...
spawn kadmin.local -q addprinc cloudera-scm/admin
Authenticating as principal root/admin@CLOUDERA with password.
kadmin.local: No such file or directory while initializing kadmin.local interface
send: spawn id exp4 not open
    while executing
"send "cloudera\r""

Las líneas exactas del script que fallan en la ejecución son: 

log 'Creating Kerberos principal...'
expect - <<EOF
set timeout 60

spawn kadmin.local -q "addprinc ${KERBEROS_PRINCIPAL}"
expect "Enter password for principal \"${KERBEROS_PRINCIPAL}@${KERBEROS_REALM}\":"
send "${KERBEROS_PASSWORD}\r"
expect "Re-enter password for principal \"${KERBEROS_PRINCIPAL}@${KERBEROS_REALM}\":"
send "${KERBEROS_PASSWORD}\r"
expect eof
EOF
    
pregunta Dorian 21.08.2017 - 19:18
fuente

1 respuesta

0

Después de toda la impresión de estado, el primer error impreso en su salida es:

  

kadmin.local: no existe tal archivo o directorio al inicializar la interfaz kadmin.local

El formato del mensaje de error se ajusta a un patrón común que se ve en muchas utilidades de Kerberos:

  

"program_name:" "mensaje de error" mientras "task".

Por lo tanto, el mensaje de error es de kadmin.local que dice "no existe tal archivo o directorio". Mira en eso; Apúntelo si es necesario. Averigüe qué archivo o directorio falta.

    
respondido por el Jacob 27.09.2017 - 19:44
fuente

Lea otras preguntas en las etiquetas

¿Puede una computadora ser vulnerable a BroadPwn? Marca de agua de flujo / toma de huellas dactilares