Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Does Kerberos needs to be redone after a Hadoop Upgrade

avatar
Contributor

Hello Team, Do we need to re-do the Kerberos and SSL set up again after the upgrade to HDP 2.5 from HDP 2.3 or HDP 2.4. Thanks

1 ACCEPTED SOLUTION

avatar
Expert Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
3 REPLIES 3

avatar

I assumed that this was in the documentation, but a quick search revealed that it is not. After upgrading either Ambari or HDP (or both), you should regenerate the missing keytab files and restart the services by

  1. Log into Ambari using an Ambari Administrator account
  2. Go to the Kerberos Administrator page (Admin -> Kerberos)
  3. Click on Regenerate Keytabs button
  4. On the first page of the dialog that appears, click on the checkbox for "Only regenerate keytabs for missing hosts and components"
  5. Continue to the next page
  6. Click on the checkbox for "Automatically restart components after keytab regeneration"
  7. Complete the dialog

As of Ambari 2.5.x and below, Ambari does not have a way to automatically create new Kerberos identities or keytab files during either the Ambari or stack upgrade processes. So the user is expected to do this manually using the steps above.

avatar
Expert Contributor
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Contributor

Thanks Graham and Robert. This is helpful.