Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
Super Guru

Note - For this tutorial I assume that you already have HDP cluster kerberized. If you want to configure automated kerberos then please refer to https://community.hortonworks.com/articles/29203/automated-kerberos-installation-and-configuration.h....

.

First you need to configure your Ambari Server for Kerberos configuration, without configuring Ambari for Kerberos, views will not work.

.

Use below commands to configure Ambari for Kerberos:

.

1 Login to kadmin and create principal for Ambari Server

Note - Please replace your REALM in REALM.COM

addprinc -randkey ambari-server@REALM.COM

.

2 Extract principal created in above step to keytab file
xst -k ambari.server.keytab ambari-server@REALM.COM

.

3 Above command should generate keytab file in current working directory, copy keytab file to /etc/security/keytabs/ location
cp ambari.server.keytab /etc/security/keytabs/ambari.server.keytab

Note - Please make sure that, user running ambari server daemon should have read access to ambari.server.keytab

.

4 Stop Ambari server daemon and setup security using below command.
service ambari-server stop

ambari-server setup-security

.

5 Select 3 for Setup Ambari kerberos JAAS configuration. Enter the Kerberos principal name for the Ambari Server you set up in step 1.1. Enter the path to the keytab for the Ambari principal. Restart Ambari Server.
ambari-server restart

.

6. Add below properties in yarn-site.xml using Ambari UI.
yarn.timeline-service.http-authentication.proxyuser.ambari-server.hosts=*
yarn.timeline-service.http-authentication.proxyuser.ambari-server.users=*
yarn.timeline-service.http-authentication.proxyuser.ambari-server.groups=*

.

7. Add below properties in core-site.xml
hadoop.proxyuser.ambari-server.hosts=*
hadoop.proxyuser.ambari-server.groups=*
hadoop.proxyuser.admin.hosts=*
hadoop.proxyuser.admin.groups=*

Your TEZ view should be accessible now!

.

5105-screen-shot-2016-06-19-at-11606-pm.png

.

Happy Hadooping!!

2,385 Views
Comments
Contributor

In order to work with the Tez view in a Kerberized environment, follow the instructions given at the following link:

http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_optional_s...

Contributor

In order to work with the Tez view in a Kerberized environment, follow these instructions

http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_optional_s...

Contributor

@Kuldeep Kulkarni

I've all these properties in place. Tez view is working fine, however it's not showing any jobs after we implemented kerberos.

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
2 of 2
Last update:
‎08-17-2019 11:49 AM
Updated by:
 
Contributors
Top Kudoed Authors