Reply
New Contributor
Posts: 3
Registered: ‎03-31-2017

Cloudera Express 5.12.2 - Changing Domain Controllers

[ Edited ]

Greetings!

 

I'm wondering if anyone has any experience with changing Cloudera and a recently changed domain controller(s).

 

At my place of work, we're going to be retiring several older domain controllers and migrating over to replacement hardware.

 

Does anyone have any advice on how to do this? For what its worth, our cluster has these deployed:

HBase

HDFS

Hive

Hue

Impala

Oozie

Spark

Yarn

Zookeeper

 

My initial thought was to simply change the following Administration > Settings > Kerberos options:

KDC Server Host

KDC Admin Server Host

Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf

 

 

I saw this, which was about as close as I can get to my current scenario. It's mostly helpful, but not quite my scenario.

http://community.cloudera.com/t5/Cloudera-Manager-Installation/Change-AD-domain-in-CDH-v5-3-via-CM/t...

 

Do you think I am missing anything? I've already checked through the service list above and the only place I can find anything remotely related to the domain controllers is in the Kerberos settings.

 

Also, we're running this on a RHEL 7.5 platform, so we obviously need to make changes to the /etc/krb5.conf file, as well as /etc/resolv.conf

 

Could there be anything else I'm missing?

 

Thanks a ton!

Posts: 910
Topics: 1
Kudos: 208
Solutions: 111
Registered: ‎04-22-2014

Re: Cloudera Express 5.12.2 - Changing Domain Controllers

@jcrockett,

 

What you need to do in this situation really depends on what your "DC migration" encompasses.  If the "new" Domain Controllers have exactly the same Active Directory Objects then you should only need to update your krb5.conf with the new KDCs.

In terms of Kerberos, a Domain Controller is the KDC (Key Distribution Center) so if the content served does not change, there is no need to do anything except make sure the clients and CM know which KDC to use.

 

In that case, what you said is correct:

 

My initial thought was to simply change the following Administration > Settings > Kerberos options:

KDC Server Host

KDC Admin Server Host

Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf (if you have configured CM to mange krb5.conf)

 

Without knowing the specifics of what the transition from one DC host to another will look like, it is hard to be more specific.

Just remember that all the hadoop services leverage the /etc/krb5.conf (by default).  As long as it is configured for the new DCs you should be all set ethere without further changes.

 

If your DCs have a new domain or if all objects are getting recreated, then you will likely need to do a few more steps, but the change should not be that big a deal for hadoop/CM

New Contributor
Posts: 3
Registered: ‎03-31-2017

Re: Cloudera Express 5.12.2 - Changing Domain Controllers

Thanks so much for the quick reply!

This will very much be a same-for-same DC replacement. Most of the new DC's are already online and replicating. Nothing aside from servername should change, as far as what's served out through AD.
Announcements