Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Error after enabling kerberos in CDH cluster

Labels:
avatar
author-rank HanzalaShaikh
Expert Contributor

Created ‎08-06-2020 03:25 AM

I can't open /run/cloudera-scm-agent/process/256-yarn-NODEMANAGER/container-executor.cfg: Permission denied.
+ perl -pi -e 's#{{CGROUP_GROUP_CPU}}##g' /run/cloudera-scm-agent/process/256-yarn-NODEMANAGER/yarn-site.xml

I am getting this error after enabling Kerberos in CDH cluster, HDFS  and yarn are not able to start. After checking the yarn Node Manager logs I see the below error.

 yarn nodemanager logs:
: org.apache.hadoop.yarn.exceptions.YarnRuntimeException: org.apache.hadoop.security.authorize.AuthorizationException: : User: cloudera@CLUSTERIE.LOCAL is not allowed to impersonate yarn/ip-10-0-xxxxx@xyz.com

Any suggestion why am I getting this error, when I disable the Kerberos everything works well. Please assist as the severity of this is very high.

3,260 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎08-10-2020 02:18 AM

@HanzalaShaikh You are most probably hitting a known bug with Java recent versions (OpenJDK 1.8u242 or JDK 11.0.6). TSB-394. 

 

To resolve this issue, take the following action on all impacted nodes solved as appropriate for the environment.

  1. Edit java.security file located in the active JDK on the clusters.
  2. Add or alter sun.security.krb5.disableReferrals parameter, to ensure that the following is set to true:
    sun.security.krb5.disableReferrals=true

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

3,233 Views
0
2 REPLIES 2

avatar
author-rank GangWar author-rank
Master Guru

Created ‎08-10-2020 02:18 AM

@HanzalaShaikh You are most probably hitting a known bug with Java recent versions (OpenJDK 1.8u242 or JDK 11.0.6). TSB-394. 

 

To resolve this issue, take the following action on all impacted nodes solved as appropriate for the environment.

  1. Edit java.security file located in the active JDK on the clusters.
  2. Add or alter sun.security.krb5.disableReferrals parameter, to ensure that the following is set to true:
    sun.security.krb5.disableReferrals=true

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
3,234 Views
0

avatar
author-rank HanzalaShaikh
Expert Contributor

Created ‎08-11-2020 04:30 AM

Thanks a lot, @GangWar . You are absolutely correct I was using OpenJDK instead of Oracle JDK. I thought there is a bug in this but I didn't have any clue how to fix this but after making changes as per your suggestion it worked. Thanks a lot. I am accepting it as a solution.

3,220 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements