Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Manual KDC and kerberos option in ambari

Labels:
avatar
author-rank arunpoy
Guru

Created ‎03-16-2016 07:53 AM

I am trying to use the option "Manage Kerberos principals and keytabs manually" in ambari while trying to kerberise the cluster.

I am trying to use the kerberos_Setup.sh provided by ambari. does it work as expected?

I dont see that, it is throwing up lot of errors and trying to replace the krb5.conf (i changed) with the default one. also it is trying to create a kdc database. what is the password for that. Also the script is not installing rngd,pdsh, i did it manually. Finally i do see the error . Even though i see the hosts entry at accepted_hosts.

HAs anyone the correct version of this script. I am using HDP 2.4

pdsh@instance-1: no remote hosts specified

5,798 Views
1 ACCEPTED SOLUTION

avatar
author-rank sdutta
Guru

Created ‎03-17-2016 06:13 AM

@ARUNKUMAR RAMASAMY

Please provide the documentation link that you are using. Also why are you managing the kerberos keytabs manually? I would let the wizard create it irrespective of if you do it on AD or MIT KDC. This is a much cleaner process.

View solution in original post

5,532 Views
4 REPLIES 4

avatar
author-rank arunpoy
Guru

Created ‎03-16-2016 12:47 PM

Some items i noticed are , the scripts kerberos-setup.sh doesnt have the setting for redhat 7 , i added it.

But there are a couple of other issues too . The script removes the sudo permissions too. Instead the old script of generate_keytabs.sh is better. but that script is not part of the latest ambari. Do someone have the rectified version of this script or is the old script available somewhere in the github repos, i would take that and proceed.

5,532 Views

avatar
author-rank sdutta
Guru

Created ‎03-17-2016 06:13 AM

@ARUNKUMAR RAMASAMY

Please provide the documentation link that you are using. Also why are you managing the kerberos keytabs manually? I would let the wizard create it irrespective of if you do it on AD or MIT KDC. This is a much cleaner process.

5,533 Views

avatar
author-rank arunpoy
Guru

Created ‎03-17-2016 06:57 AM

@Shivaji

I dont have an AD integration as of now. Also i have done kerberos setup in the older versions of sandbox, where manual was the only option, i used to download the csv file and generate the keytabs. I just followed a couple of urls from the web. the below one is what i referred, but i dont need the AD integration

http://hortonworks.com/blog/enabling-kerberos-hdp-active-directory-integration/

I havent explored the MIT KDC option. does that option allow us to install a KDC on one of the hosts and does everything cleanly. I will give a try that. Also another question is as of now i have only few components of the HDP stack. Suppose i want to add few more components in the future and kerberize them . How can i do that? IS it possible with Ambari?

5,532 Views

avatar
author-rank arunpoy
Guru

Created ‎03-21-2016 06:52 AM

@Shivaji

Thanks for your solution. It worked fine.

5,532 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements