08-01-2018 04:02 AM - edited 08-01-2018 04:16 AM
I just groomed all krb5.* files on all hosts and re-enable the kerberos through CM where it can regenerate all missing credentials including managing krb. This time I gave freehand to CM to create individual service princiaples to various services(hdfs, hive, hue, etc.) instead of existing service principle (a system user).
This time Zookeeper started successfully but not HDFS. The HttpFS is also started in HDFS. I can't see any errors but can see WARNINGS in log file
CredentialManager kt_renewer WARNING Couldn't kinit as 'HTTP/xxx.xx.com' using
/run/cloudera-scm-agent/process/1330-hdfs-HTTPFS/httpfs.keytab --- kinit:
Client 'HTTPfirstname.lastname@example.org' not found in Kerberos database while getting
08-27-2018 10:45 PM
What you provided appears to be an agent log message that indicates an attempt to kinit with the HTTP principal on the host where HTTPFS role runs was not successful. Check on the host where the httpfs role runs and make sure the krb5.conf file is correct. This shoud not impact HDFS as a whole since HTTPFS is a client of HDFS really.
Cloudera Manager should merge the HTTP principal automatically, so please run the following to make sure the keytab has the right keys:
# klist -kte /run/cloudera-scm-agent/process/1330-hdfs-HTTPFS/httpfs.keytab