Hi,
I am setting up TLS/SSL and Kerberos on a single-user setup of Cloudera Manager. The cloudera Manager version used is 5.12 and the underlying CDH parcel is 5.11.
Kerberors setup is done using MIT KDC and TLS/SSL is configured upto Level 1. After doing this, when I restart CM, Agents and HDFS I see that the HDFS doesn't restart. The error is as below:
| 5:49:39.498 PM | FATAL | DataNode | Exception in secureMain
java.lang.RuntimeException: Cannot start secure DataNode without configuring either privileged resources or SASL RPC data transfer protection and SSL for HTTP. Using privileged resources in combination with SASL RPC data transfer protection is not supported.
at org.apache.hadoop.hdfs.server.datanode.DataNode.checkSecureConfig(DataNode.java:1333)
at org.apache.hadoop.hdfs.server.datanode.DataNode.startDataNode(DataNode.java:1233)
at org.apache.hadoop.hdfs.server.datanode.DataNode.<init>(DataNode.java:464)
at org.apache.hadoop.hdfs.server.datanode.DataNode.makeInstance(DataNode.java:2545)
at org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:2432)
at org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:2479)
at org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2661)
at org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2685) |
After searching for a probable solution on Google, I stumbled upon a link that asks to do additional configuration for single-user seutps. The section '
Configuration for Secure Clusters' talks about the additional 4 steps to be performed.
https://www.cloudera.com/documentation/enterprise/5-11-x/topics/install_singleuser_reqts.html
I have performed the steps of HDFS with TLS but not sure what to do for the remaining two :
- Do not configure the DataNode Transceiver port and HTTP Web UI port to use privileged ports.
- Configure DataNode data transfer protection.
Please suggest what is the expectation for these 2 steps in single-user mode.
Thanks
