Support Questions

Find answers, ask questions, and share your expertise

Ambari 2.5.3 - Are there are additional to steps in adding a node to a kerberized cluster versus non-kerberized. I only see documentation on adding host in non-kerberized cluster.


@Debra Montague

If you are using Ambari, Ambari will perform the additional steps needed to create any new Kerberos identities when adding new host to the cluster. Actually the work related to Kerberos occurs when components are installed on new hosts; not when new hosts are registered with Ambari.

If Ambari is managing the Kerberos identities for the cluster, the KERBEROS/KERBEROS_CLIENT needs to be installed on the new host. This will cause the needed Kerberos libraries to be installed and the krb5.conf file to be setup properly. Then when adding components to the the new host, Ambari will create and distribute the any needed principals and keytab files.

If you are not using the Ambari UI to do this and are adding new host and components via the REST API, then you will need to make sure you set the KDC administrator credentials if they have not be stored in the persisted credential store. See Adding KDC Administrator Credentials to the Ambari Credential Store for more information on how to do this via the REST API.

If the default principal names and keytab files are acceptable, then Ambari should handle the rest. Else you can update the default value by updating the user-supplied Kerberos descriptor. See Updating the User-sepecified Kerberos Descriptor for information on how do this via the REST API.