Configuring Ambari 2.4.2 and HDP 2.5 for Kerberos using AD as the KDC
Add bonus coverage of adding a new datanode to a HDP cluster that is secured.
There are empty OUs created
in AD to store hadoop principals/hadoop nodes (HadoopServices)
Hadoopadmin user has
administrative credentials with delegated control of "Create, delete, and
manage user accounts" on above OU
Delegate OU permissions to hadoopadmin
for OU=HadoopServices. In 'Active Directory Users and Computers' app:
right click HadoopServices
Select "Create, delete, and manage
KDC host: ad01.prod.hortonworks.net
Realm name: PROD.HORTONWORKS.NET
LDAP url: ldaps://ad01.prod.hortonworks.net
Kadmin host: ad01.prod.hortonworks.net
Admin password: xxxxxx
@mthiele Your video is great. I really like the way we can see what is going on in with Ambari, the hosts, and the Active Directory. This is a great addition to the documentation.
One quick question: Does ambari server and all other datanodes will have krb5.conf file by default? or it will be available under /etc folder only after we enabling kerberos via ambari?
Because when I see in our prod env. krb5.file is available even though we did not enable.
If yes, after Configuring KDC in Ambari does it change the conf for all nodes?
Manjunath P N