Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDFS and HBASE are not starting after enabling kerberos

Highlighted

HDFS and HBASE are not starting after enabling kerberos

New Contributor

We enabled kerberos in our Ambari Cluster ( Ambari version :- 2.7.3.0) with HDP version 3.1.0.0-78. But after kerberos implementation , we are getting the below error in HDFS and HBASE. Please suggest us to resolve the issue.


File "/usr/lib/ambari-agent/lib/resource_management/libraries/providers/hdfs_resource.py", line 334, in _assert_valid

self.target_status = self._get_file_status(target)

File "/usr/lib/ambari-agent/lib/resource_management/libraries/providers/hdfs_resource.py", line 497, in _get_file_status

list_status = self.util.run_command(target, 'GETFILESTATUS', method='GET', ignore_status_codes=['404'], assertable_result=False)

File "/usr/lib/ambari-agent/lib/resource_management/libraries/providers/hdfs_resource.py", line 214, in run_command

return self._run_command(*args, **kwargs)

File "/usr/lib/ambari-agent/lib/resource_management/libraries/providers/hdfs_resource.py", line 295, in _run_command

raise WebHDFSCallException(err_msg, result_dict)

resource_management.libraries.providers.hdfs_resource.WebHDFSCallException: Execution of 'curl -sS -L -w '%{http_code}' -X GET -d '' -H 'Content-Length: 0' --negotiate -u : 'http://nladfmrvu11.mtn.co.za:50070/webhdfs/v1/apps/hbase/data?op=GETFILESTATUS'' returned status_code=401.

<html>

<head>

<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>

<title>Error 401 Authentication required</title>

</head>

<body><h2>HTTP ERROR 401</h2>

<p>Problem accessing /webhdfs/v1/apps/hbase/data. Reason:

<pre> Authentication required</pre></p>

</body>

</html>

4 REPLIES 4

Re: HDFS and HBASE are not starting after enabling kerberos

Mentor

@Pritam Konar

Can you check that below value in your Advancecore-site is set to TRUE

hadoop.http.authentication.simple.anonymous.allowed=true

110217-1565011830791.png

Set I to this value

hadoop.security.authentication=simple


110218-1565011896039.png


Please have a look at this document too Kerberos authentication on Windows

HTH

Re: HDFS and HBASE are not starting after enabling kerberos

New Contributor

@ Geoffrey Shelton Okot Please note that we are setting this cluster in Linux servers. We are facing this issue after enabling Kerberos in the cluster.


In our cluster the values of the above two properties are below. We need all the services up and running with kerberos implementation.


110202-capture1.png


110236-capture2.png



Re: HDFS and HBASE are not starting after enabling kerberos

Mentor

@Pritam Konar

Can you regenerate the keytabs and revert if the issue persists

HTH

Re: HDFS and HBASE are not starting after enabling kerberos

New Contributor

@Geoffrey Shelton Okot

We regenerated the keytabs for all the services from Ambari and restarted all the services. Still we are getting the same error with Namenode restart.


File "/usr/lib/ambari-agent/lib/resource_management/libraries/providers/hdfs_resource.py", line 295, in _run_command

raise WebHDFSCallException(err_msg, result_dict)

resource_management.libraries.providers.hdfs_resource.WebHDFSCallException: Execution of 'curl -sS -L -w '%{http_code}' -X GET -d '' -H 'Content-Length: 0' --negotiate -u : 'http://nladfmrvu11.mtn.co.za:50070/webhdfs/v1/tmp?op=GETFILESTATUS'' returned status_code=401.

<html>

<head>

<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>

<title>Error 401 Authentication required</title>

</head>

<body><h2>HTTP ERROR 401</h2>

<p>Problem accessing /webhdfs/v1/tmp. Reason:

<pre> Authentication required</pre></p>

</body>

</html>


Please also let us know if we modify the below two properties in Advancecore-site like below , will the kerberos implementation be impacted :-


  1. hadoop.http.authentication.simple.anonymous.allowed=true
  2. hadoop.security.authentication=simple


Please suggest.