Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Configure Nifi to mutliple kerberized HDP Cluster

Labels:
avatar
author-rank dupuy_gregory
Explorer

Created ‎08-12-2021 05:55 AM

Hi everyone,

 

I'm working to a new feature with an existing nifi cluster to provide a new service to add an interface with serveral kerberized HDP Cluster.

 

I would like to know if a single Nifi cluster can use several realms in the same krb5 file.

Reading official documentation, nifi can do it (https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#kerberos_properties) : " If necessary the krb5 file can support multiple realms."

 

It seems ok but because at this time I have no way to have several hadoop cluster for testing (to notice : my cluster is working already with one kerberized cluster hadoop ), is anybody can confirm or reject this design: one cluster Nifi with different realms to communicate with multiple kerberized hdp cluster.

 

Thanks for your help and as soon as I have several kerberized cluster hadoop for testing, I will update this article.

 

5,431 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank dupuy_gregory
Explorer

Created ‎12-20-2021 10:22 AM

Hello !


Sorry I was out during few months.

No need to have a cross-realm trust setup because it's just a single one direction.

 

hadoop.JPG


Solution and it's now running :

[realms]
  romulus = {
    admin_server = <...>
    kdc = <...>
  }

  remus = {
    admin_server = <...>
    kdc = <...>
  }

[domain_realm]

  <IP Name Node 1 romulus cluster> = romulus
  <IP Name Node 2 romulus cluster> = romulus

  <IP Name Node 1 remus cluster> = remus
  <IP Name Node 2 remus cluster> = remus

 

Let me explain :

Nifi needs a default realm. the default realm is not used to communicate with project Hadoop cluster kerberised (romus and remulus).

To help Nifi you must maps the name node hostnames to Kerberos realms in the section domain_realm.

 

In this case, Nifi will try to use the default realm and the realm of the main kerberos defined in the HDFS processor of the project and will failed.

hadoop2.JPG

It was a little bit tricky 😉

View solution in original post

4,651 Views
0 Kudos
12 REPLIES 12

avatar
christopher author-rank
Cloudera Employee

Created ‎12-20-2021 03:25 PM

Thank you so much, @dupuy_gregory !


Regards,

Chris McConnell,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
2,577 Views
0 Kudos

avatar
author-rank TB_19
Explorer

Created ‎03-27-2023 12:13 AM

Hi

 

Do i need to config nifi  kerberos in order to connect to HDFS that already configure with Kerberos?

 

Thanks 

1,624 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎03-27-2023 02:09 AM

@TB_19 as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
1,603 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements