Apache Ambari Release Notes
Also available as:

Known Issues

Ambari 2.7.1 has the following known issues, scheduled for resolution in a future release.

Table 1.3. Ambari 2.7.1 Known Issues

Apache Jira

Hortonworks Bug ID




'ambari-server setup-ldap' fails with AttributeError when master_key is not persisted

  1. Installed ambari-server and configured password encryption, but chose not to persist master key:

    Choose one of the following options:
      [1] Enable HTTPS for Ambari server.
      [2] Encrypt passwords stored in ambari.properties file.
      [3] Setup Ambari kerberos JAAS configuration.
      [4] Setup truststore.
      [5] Import certificate to truststore.
    Enter choice, (1-5): 2
    Password encryption is enabled.
    Do you want to reset Master Key? [y/n] (n): y
    Master Key not persisted.
    Enter current Master Key:
    Enter new Master Key:
    Re-enter master key:
    Do you want to persist master key. If you choose not to persist, you need to
    provide the Master Key while starting the ambari server as an env variable
    named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key.
    Persist [y/n] (y)? n
    Adjusting ambari-server permissions and ownership...
    Ambari Server 'setup-security' completed successfully.

    Then, export environment variable.


    Then, run LDAP setup with the following settings:

    ambari-server setup-ldap -v
    Review Settings
    Primary LDAP Host (ldap.ambari.apache.org):
    Primary LDAP Port (389):  389
    Use SSL [true/false] (false):  false
    User object class (posixUser):  posixUser
    User ID attribute (uid):  uid
    Group object class (posixGroup):  posixGroup
    Group name attribute (cn):  cn
    Group member attribute (memberUid):  memberUid
    Distinguished name attribute (dn):  dn
    Search Base (dc=ambari,dc=apache,dc=org):  dc=apache,dc=org
    Referral method [follow/ignore] (follow):  follow
    Bind anonymously [true/false] (false):  false
    Handling behavior for username collisions [convert/skip] for LDAP sync (skip):
     skip ambari.ldap.connectivity.bind_dn: uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
    ambari.ldap.connectivity.bind_password: *****
    Save settings [y/n] (y)? y
  2. Issues:

    1. Master Key generation fails:

      INFO: Loading properties from /etc/ambari-server/conf/ambari.properties
      Traceback (most recent call last):
        File "/usr/sbin/ambari-server.py", line 1060, in <module>
        File "/usr/sbin/ambari-server.py", line 1030, in mainBody
          main(options, args, parser)
        File "/usr/sbin/ambari-server.py", line 980, in main
        File "/usr/sbin/ambari-server.py", line 79, in execute
          self.fn(*self.args, **self.kwargs)
        File "/usr/lib/ambari-server/lib/ambari_server/setupSecurity.py", line 860, in setup_ldap
          encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password, options)
        File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 858, in encrypt_password
          return get_encrypted_password(alias, password, properties, options)
        File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 867, in get_encrypted_password
          masterKey = get_original_master_key(properties, options)
        File "/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py", line 1022, in get_original_master_key
          if options is not None and options.master_key is not None and options.master_key:
      AttributeError: Values instance has no attribute 'master_key'
      [root@ctr-e138-1518143905142-473336-01-000002 ~]#
    2. Repeated prompt for Master Key, despite providing correct value.

    3. Returns an incorrect master key value and the shell repeats printing "ERROR: ERROR: Master key does not match." and scrolls the page

  3. The issues are seen when master key is not persisted as part of the initial password encryption step.

Persist the master key BEFORE setting up LDAP.


BUG-109436Upgrade History page is blank after a cluster is upgraded multiple timesNo known workaround.

YARN Timeline Service V 2.0 Reader component stops after a patch upgrade of the service HBase from HDP 3.0.0 to HDP 3.0.1.

Manually start the YARN Timeline Service V 2.0 Reader component.
AMBARI-24536BUG-109839When SPNEGO is enabled (`ambari-server setup-kerberos`), the SSO (`ambari-server setup-sso`) redirect no longer works.No known workaround. Do not enable both kerberos and SSO using ambari-server setup.
N/ABUG-111345This issue only applies when performing a "minor" Apache Ambari rolling upgrade from HDP-3.0.0 to HDP-3.0.1. After performing a rolling upgrade, some Apache Spark2 components may not start. Select Spark2 > Configs > Custom spark2-thrift-sparkconf and add the following properties: spark.yarn.keytab and spark.yarn.principal. Set the value of these properties to match the values of the spark.history.kerberos.keytab and spark.history.kerberos.principal properties in Spark2 > Configs > Advanced spark2-defaults. Click Save, then restart Spark and any other services that require a restart.