Support Questions

Find answers, ask questions, and share your expertise

Ambari enable Kerberos does not create principals

avatar
Guru

Hi,

I am using Ambari 2.0.1 and MIT Kerberos.

After running through the enabling Kerberos wizard, the services are failing to start. After some search I found out that there are no principals being created in the KDC:

"listprincs" just shows the previously (manually) created admin/admin@REALM principal, but no further principals as expected from enabling Kerberos via the wizard?!?!?!

This is the first time I see this strange behaviour, several other kerberized clusters didn't have this problem.

Why doesn't the Ambari wizard create principals in the KDC, while showing no errors at running through the wizard ?

Thanks in advance...

1 ACCEPTED SOLUTION

avatar
Guru

Hi @Robert Levas , @mahadev ,

just wanted to drop you the note that I now have a Kerberos enabled cluster.

How?

I just ignored the failure messages during service startup and wanted to deep dive into what is going on while Ambari creates principals and keytabs. I left the cluster in the stopped state including all errors ( ~60 red alerts)

To start the journey I ran in Ambari=>Admin=>Kerberos "regenerate keytabs"

Surprisingly this triggered the creation of principals and keytabs successfully and I ended up in the state I expected from the Wizard, to have all the required principals and keytabs on the corresponding hosts.

Anyway, after the "regenerate keytabs" I was able to successfully start all the services.

View solution in original post

11 REPLIES 11

avatar
Guru

Hi @Robert Levas , @mahadev ,

just wanted to drop you the note that I now have a Kerberos enabled cluster.

How?

I just ignored the failure messages during service startup and wanted to deep dive into what is going on while Ambari creates principals and keytabs. I left the cluster in the stopped state including all errors ( ~60 red alerts)

To start the journey I ran in Ambari=>Admin=>Kerberos "regenerate keytabs"

Surprisingly this triggered the creation of principals and keytabs successfully and I ended up in the state I expected from the Wizard, to have all the required principals and keytabs on the corresponding hosts.

Anyway, after the "regenerate keytabs" I was able to successfully start all the services.

avatar

@Gerd Koenig thanks for the update. You solution is definitely a means to get the desired result. Nice work on getting passed the issue.