Ambari allows services to define users it needs for operation. Admins are able to customize these users in the install wizard, and also via blueprints.
However there is no officially supported way to update these users once the cluster has been installed.
In the very rare cases where these service-accounts need to be modified, the below steps can be used as guideline to make the change.
Update Smoke User
Ambari Smoke User runs service checks for multiple services, and is defined in the cluster-env config-type. The latest value can be seen at http://ambariserver-1:8080/api/v1/clusters/c1/configurations?type=cluster-env&tag=version1
On Ambari-server machine use the configs.sh script to set new value (say new_ambari_qa)
> cd /var/lib/ambari-server/resources/scripts > ./configs.sh -u admin -p admin set localhost c1 cluster-env smokeuser new_ambari_qa
- With Ambari-server aware of the new Smoke User, restart all services so that the new_ambari_qa user can be generated across all nodes in the system
- Depending on your cluster's setup and usage, some of the files on different systems, and data in various services could still belong to the old user. Due to this some service checks could fail.
For example HBase service check executes /tmp/hbase_chk_verify which could belong to the old user. Fix these issues on a case by case basis
> chown ambari_qa /tmp/hbase_chk_verify
Verify all service-checks pass in Ambari
Update Service Accounts
For each service, the basic approach is to update account name in configurations and then restart the service.
As an example we show how to update Spark service's account name
On Ambari-server machine use the configs.sh script to set new value (say new_spark)
> cd /var/lib/ambari-server/resources/scripts > ./configs.sh -u admin -p admin set localhost c1 spark-env spark_user new_spark
- Restart Spark service
- Verify service check passed