Reply
Highlighted
Explorer
Posts: 15
Registered: ‎11-27-2017

How to access Encryption_Zone data through another cluster Gateway.

[ Edited ]

Hi Team,

 

I have 2 clusters A and B. 

 

i) Cluster A is Kerberos enabled and it has Encryption_zone with KMS.

ii) Cluster B is Kerberos enabled and it has Encryption_zone with KMS.

 

From cluster A to B I have enabled trust between 2 KDC's and its working fine. I was able to do Distcp from B cluster.

I am able to access the cluster A from cluster B and able read the data from Users Home directory. 

 

1)But I have a requirement such way that from Cluster B I have read cluster A encrytion_zone data. I looged with Cluster A kerberos Cred's in cluster B and when i am trying to access cluster A encryption_zone i am not able to see decrypt output.

2) Through spark-shell, I read cluster B data and trying access and facing below error.

I am doing this from cluster B

scala> val txt =
sc.textFile("hdfs://Exnameservice/user/Exuser/tmp/sk_stg.conf")
txt: org.apache.spark.rdd.RDD[String] =
hdfs://Exnameservice/user/Exuser/tmp/sk_stg.conf MapPartitionsRDD[1]
at textFile at <console>:27

scala> txt.take(3)

18/02/26 14:41:45 WARN scheduler.TaskSetManager: Lost task 0.0 in stage
0.0 (TID 0, clusterB15.examaple.com): java.io.IOException:
Failed on local exception: java.io.IOException:
org.apache.hadoop.security.AccessControlException: Client cannot
authenticate via:[TOKEN, KERBEROS]; Host Details : local host is:
"clusterB15.examaple.com/172.xx.xx.xx"; destination host is:
"clusterAnamenode1.example1.com":8020;

Caused by: java.io.IOException:
org.apache.hadoop.security.AccessControlException: Client cannot
authenticate via:[TOKEN, KERBEROS]

 

 

Could you please someone help here. 

 

 

 

 

 

Announcements