Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Error after enabling kerberos in CDH cluster

Labels:
avatar
author-rank HanzalaShaikh
Expert Contributor

Created ‎08-06-2020 03:25 AM

I can't open /run/cloudera-scm-agent/process/256-yarn-NODEMANAGER/container-executor.cfg: Permission denied.
+ perl -pi -e 's#{{CGROUP_GROUP_CPU}}##g' /run/cloudera-scm-agent/process/256-yarn-NODEMANAGER/yarn-site.xml

I am getting this error after enabling Kerberos in CDH cluster, HDFS  and yarn are not able to start. After checking the yarn Node Manager logs I see the below error.

 yarn nodemanager logs:
: org.apache.hadoop.yarn.exceptions.YarnRuntimeException: org.apache.hadoop.security.authorize.AuthorizationException: : User: cloudera@CLUSTERIE.LOCAL is not allowed to impersonate yarn/ip-10-0-xxxxx@xyz.com

Any suggestion why am I getting this error, when I disable the Kerberos everything works well. Please assist as the severity of this is very high.

2,472 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎08-10-2020 02:18 AM

@HanzalaShaikh You are most probably hitting a known bug with Java recent versions (OpenJDK 1.8u242 or JDK 11.0.6). TSB-394. 

 

To resolve this issue, take the following action on all impacted nodes solved as appropriate for the environment.

  1. Edit java.security file located in the active JDK on the clusters.
  2. Add or alter sun.security.krb5.disableReferrals parameter, to ensure that the following is set to true:
    sun.security.krb5.disableReferrals=true

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

2,445 Views
2 REPLIES 2

avatar
author-rank GangWar author-rank
Master Guru

Created ‎08-10-2020 02:18 AM

@HanzalaShaikh You are most probably hitting a known bug with Java recent versions (OpenJDK 1.8u242 or JDK 11.0.6). TSB-394. 

 

To resolve this issue, take the following action on all impacted nodes solved as appropriate for the environment.

  1. Edit java.security file located in the active JDK on the clusters.
  2. Add or alter sun.security.krb5.disableReferrals parameter, to ensure that the following is set to true:
    sun.security.krb5.disableReferrals=true

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,446 Views

avatar
author-rank HanzalaShaikh
Expert Contributor

Created ‎08-11-2020 04:30 AM

Thanks a lot, @GangWar . You are absolutely correct I was using OpenJDK instead of Oracle JDK. I thought there is a bug in this but I didn't have any clue how to fix this but after making changes as per your suggestion it worked. Thanks a lot. I am accepting it as a solution.

2,432 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements