Use the regenerate keytabs utility in Big Data Service to regenerate keytabs for all the services or a specific list of services on all hosts or the hosts that are missing keytabs with specific configuration type updates.
python /home/opc/cloud/flask-microservice/bigdataservice/devops/regenerate_keytabs.pyUsage:
regenerate_keytabs.py [-h] [-au AMBARI_ADMIN_USER][-ap AMBARI_ADMIN_PASSWORD] [-ht HOSTS][-c COMPONENTS][-ct {none,identities_only,new_and_identities,all}]Argument Details:
-h, --help: Show this help message and exit.-au AMBARI_ADMIN_USER, --ambari_admin_user AMBARI_ADMIN_USER: Ambari admin username.-ap AMBARI_ADMIN_PASSWORD, --ambari_admin_password AMBARI_ADMIN_PASSWORD: Ambari admin password.-ht HOSTS, --hosts HOSTS: Comma-separated list of hosts.Use 'all' to regenerate keytabs on all hosts or 'missing' for only missing hosts.
-c COMPONENTS, --components COMPONENTS: Comma-separated list of components whose keytabs need to be regenerated.Provide proper service name as registered by Ambari. For example: AMBARI_METRICS,HDFS,SPARK3.
-ct {none,identities_only,new_and_identities,all}, --config_type {none,identities_only,new_and_identities,all}: Controls how Kerberos configurations are updated:none: Don't update any configs. Regenerate keytabs using existing ones.identities_only: Update only identity-related configs (for example: keytab path, principal).new_and_identities: Update identity configs, including any new configs introduced for Kerberos.all: Reapply all Kerberos configs (such as a fresh Kerberos setup).Keytabs are generated based on updated or existing configs.
Example:
python /home/opc/cloud/flask-microservice/bigdataservice/devops/regenerate_keytabs.py -au <ambari_admin_username> -ap <ambari_admin_password> -ht 'all' -c 'AMBARI_METRICS' -ct all