Support Questions

Find answers, ask questions, and share your expertise

Can I put keytab file for llap daemons on hdfs?

avatar
Contributor

I know in case we launch hbase cluster with slider on yarn, we can put keytab files on hdfs to launch hbase components by adding followings to appConfig.json instead of putting keytab files on local directory /etc/security/keytabs.

"site.hbase-site.hbase.regionserver.kerberos.principal": "${USER_NAME}/_HOST@EXAMPLE",

"site.hbase-site.hbase.regionserver.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.service.keytab",

"site.hbase-site.hbase.master.kerberos.principal": "${USER_NAME}/_HOST@EXAMPLE",

"site.hbase-site.hbase.master.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.service.keytab",

Can we do same thing for launching LLAP daemons with Slider?

1 ACCEPTED SOLUTION

avatar
Contributor

I think, no response means you guys do not recommend this my use case. I decided to follow install guide. Thanks!

View solution in original post

4 REPLIES 4

avatar
Contributor

avatar
Contributor

Yes, it relates to my question.

I'm asking about "3. On each node (specified by their fully qualified domain names), create the host and headless principals, and a keytab with each:"

I think, this part says, we need to create keytab file for each nodes (for all nodes with NodeManager) and put it in "OS local directory (/etc/security/keytabs)" on each node to launch LLAP daemons.

Of course, I can follow this procedure, but if possible, I want to avoid putting the keytab files on OS local directory for our administration reason.

As you may know, when we launch HBase with Slider on Yarn, we can put required keytab files to launch HBase components such as HBase Master, RegionServers on hdfs instead of putting keytab files on OS local directory.

In this case, we don't need to put the keytab files on OS local directory on each node. Instead, we just need to put keytab file with principals for all nodes on hdfs and configure appConfig.json to make Hbase components use the keytab file on hdfs.

So, I'm asking whether we can do the same to launch LLAP daemons or not.

avatar
Contributor

Can you someone answer to my question? If my question is not clear, please let me know 🙂

avatar
Contributor

I think, no response means you guys do not recommend this my use case. I decided to follow install guide. Thanks!