- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Error after enabling kerberos in CDH cluster
Created ‎08-06-2020 03:25 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can't open /run/cloudera-scm-agent/process/256-yarn-NODEMANAGER/container-executor.cfg: Permission denied.
+ perl -pi -e 's#{{CGROUP_GROUP_CPU}}##g' /run/cloudera-scm-agent/process/256-yarn-NODEMANAGER/yarn-site.xml
I am getting this error after enabling Kerberos in CDH cluster, HDFS and yarn are not able to start. After checking the yarn Node Manager logs I see the below error.
yarn nodemanager logs:
: org.apache.hadoop.yarn.exceptions.YarnRuntimeException: org.apache.hadoop.security.authorize.AuthorizationException: : User: cloudera@CLUSTERIE.LOCAL is not allowed to impersonate yarn/ip-10-0-xxxxx@xyz.com
Any suggestion why am I getting this error, when I disable the Kerberos everything works well. Please assist as the severity of this is very high.
Created ‎08-10-2020 02:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@HanzalaShaikh You are most probably hitting a known bug with Java recent versions (OpenJDK 1.8u242 or JDK 11.0.6). TSB-394.
To resolve this issue, take the following action on all impacted nodes solved as appropriate for the environment.
- Edit java.security file located in the active JDK on the clusters.
- Add or alter sun.security.krb5.disableReferrals parameter, to ensure that the following is set to true:
sun.security.krb5.disableReferrals=true
Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created ‎08-10-2020 02:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@HanzalaShaikh You are most probably hitting a known bug with Java recent versions (OpenJDK 1.8u242 or JDK 11.0.6). TSB-394.
To resolve this issue, take the following action on all impacted nodes solved as appropriate for the environment.
- Edit java.security file located in the active JDK on the clusters.
- Add or alter sun.security.krb5.disableReferrals parameter, to ensure that the following is set to true:
sun.security.krb5.disableReferrals=true
Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created ‎08-11-2020 04:30 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot, @GangWar . You are absolutely correct I was using OpenJDK instead of Oracle JDK. I thought there is a bug in this but I didn't have any clue how to fix this but after making changes as per your suggestion it worked. Thanks a lot. I am accepting it as a solution.
