Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Cloudbreak kerberos - yarn unable to find user

I'm working on a kerberized cluster that was provisioned through cloudbreak. When running a spark sql query through Zeppelin I am hitting an error stating Yarn is unable to find the user. ldap sync is enabled in ambari and ranger and the users and groups have been populated. Is there something else that needs to be enabled in cloudbreak to make this work. I did notice that cloudbreak doesnt domain join the nodes so an os ldap lookup isnt possible.



It looks Yarn job is running as end-user (Kerberos ticket user). You need to have the user on all the Nodemanager hosts with the same UserID. If you are using AD/LDAP user for Kerberos ticket, you may want to sync users to all the Nodemanagers via SSSD.

Hi Chiran, thanks for your response. I figured this may be the issue. What would be the best way for me to accomplish this with cloudbreak. As far as I can tell SSSD isnt working as no domain joining has happened.

I have manually connected the hosts to the domain and apart from a strange Atlas issue (not recognizing that a user is part of an ad group) all is working well. My issue now is how can I accomplish this with cloudbreak so that I can maintain scale up and down capability?

Expert Contributor

Hi @James,

You might use a recipe for this:

The only drawback that you can assign recipes only in cluster creation time, so you can't attach a new recipe to an existing cluster.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.