Support Questions
Find answers, ask questions, and share your expertise

Configuring ambari views on Kerberized Cluster

Solved Go to solution

Re: Configuring ambari views on Kerberized Cluster

Explorer

Thanks @Predrag Minovic

Indeed this is quite detailed. I've a user ambariserver and principal ambariserver/ambari_host_name@KDCRealm.com

I also verified following two properties are added in the custom core site.

hadoop.proxyuser.ambariserver.groups=*
hadoop.proxyuser.ambariserver.hosts=*

PIG/Hive view, I've added following two properties in the webhcat-site.xml

webhcat.proxyuser.ambariserver.groups=*
webhcat.proxyuser.ambariserver.hosts=*

Accessing the Hive View we see error.

H020 Could not establish connecton to HiveServer2_HOST:10000:org.apache.thrift.transport.TTransportException

Re: Configuring ambari views on Kerberized Cluster

Okay, what's the status of the Files view now? Can you now browse the files? Also try to restart ambari-server just in case.

Regarding Hive error, what's your Hive transport mode, binary or http? Only Hive view packaged with Ambari-2.1.2.1 (and I guess 2.2) supports http mode, old Ambari versions support only binary mode.

Re: Configuring ambari views on Kerberized Cluster

Explorer

@Predrag Minovic

The hive.server2.transport.mode is set to http. File explorer is working. We are on Ambari version: 2.1.2 Thank you. Is there any thing possibly missing?

Re: Configuring ambari views on Kerberized Cluster

Is there any special reason you are using http Hive transport mode? [For example, Knox requires http mode.] If not, then set the transport mode to binary and Hive view should work. If you want to keep the http transport than you need Ambari-2.1.2.1 or 2.2.

Re: Configuring ambari views on Kerberized Cluster

@Darpan Patel Regarding NN HA support, as I mentioned above, based on our recent experience with Ambari-2.1.2.1 in a kerberized cluster, Files and Hive views support NN HA, while Pig view doesn't. I haven't had time to explore Ambari-2.2 yet.

Re: Configuring ambari views on Kerberized Cluster

Contributor

@Darpan Patel

Darpan, I have one question related to what you did. I am newbie to Kerberos. I am actually running a similar configuration, where I have AD that holds all principals. Regarding what you have said:

>>After Kerberization I created a user "ambari­-user/ambari-Host_name_here@KDCRealm.com

you did this in the AD right ?

>>And also created a key tab, copied on the ambari -server machine

How did you do that? You created the keytab at the ambari-server host ? or created it in AD and somehow you copied the keytab to /etc/security/keytabs of your ambari server host ?