Created 08-24-2017 10:47 PM
Hi I have 6 node cluster setup as HDP 2.5 and ambari 2.4
Need to enable Kerberos Security:
Steps Did In ambari server :
1.
2. Yum install Kerberos and clients in all nodes
3. check /etc/krb.conf and checked on all nodes same files and realms
4. checked acl.file and edited and saved and restarted Kdc again
5. Enabling kerberos in ambari it was throwing error in Test Clients:
Error message: An internal system exception occurred: The 'krb5-conf' configuration is not available
500 status codereceived on POST method for API: /api/v1/clusters/Cluster/requests
Created 08-24-2017 11:53 PM
Want to get a detailed solution you have to login/registered on the community
Register/LoginCreated 08-24-2017 11:11 PM
Did you create an admin principal? Are the krb5.conf file in /etc/krb5.conf? I just did kerberize a HDP 2.6 an hour ago without any issue what is the OS?
We can quickly resolve that !
Created 08-24-2017 11:15 PM
@Geoffrey Shelton Okot Yes I did created principal as admin/admin@host.com and OS is centos 7
Created 08-24-2017 11:21 PM
@Geoffrey Shelton Okot If you can share step by step that much heplful to get done.
Created 08-24-2017 11:53 PM
Want to get a detailed solution you have to login/registered on the community
Register/LoginCreated 08-25-2017 04:58 PM
@Geoffrey Shelton Okot followed all these steps when i am starting Krb5kdc and kadmin I am Getting error like these.
Job for krb5kdc.service failed because the control process exited with error code. See "systemctl status krb5kdc.service" and "journalctl -xe" for details.
Created 08-24-2017 11:54 PM
There you go !
Created 08-25-2017 04:10 PM
Thank You.
Created 08-25-2017 05:38 PM
if you are root the remove the sudo !
What is the output of
# systemctl status krb5kdc.service
The result should be
# systemctl status krb5kdc.service ● krb5kdc.service - Kerberos 5 KDC Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-08-24 15:30:12 CEST; 1 day 4h ago Main PID: 23781 (krb5kdc) CGroup: /system.slice/krb5kdc.service └─23781 /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid Aug 24 15:30:12 bombay.test.com systemd[1]: Starting Kerberos 5 KDC... Aug 24 15:30:12 bombay.test.com systemd[1]: Started Kerberos 5 KDC
Please let me know
Created 08-25-2017 05:56 PM
@Geoffrey Shelton Okot Thank you so much for your help. These are the configs i specified On ambari server
Configs here :
kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88 [realms]
RELAY.COM = { #master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
cat kadm5.acl
* /admin@RELAY.COM *
[libdefaults]
renew_lifetime = 7d
forwardable = true default_realm = RELAY.COM
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[logging] default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
RELAY.COM =
{ admin_server = RELAY.COM
kdc = IP
kdc = IP
kdc = IP
kdc = IP
kdc = IP
kdc = IP
}
krb5kdc.service - Kerberos 5 KDC
Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2017-08-25 10:53:48 PDT; 3s ago
Process: 22602 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=1/FAILURE)
Main PID: 1911 (code=exited, status=0/SUCCESS)
Aug 25 10:53:48 systemd[1]: Starting Kerberos 5 KDC...
Aug 25 10:53:48 krb5kdc[22602]: krb5kdc: cannot initialize realm RELAY.COM - see log file for details
Aug 25 10:53:48 : krb5kdc.service: control process exited, code=exited status=1
Aug 25 10:53:48: Failed to start Kerberos 5 KDC.
Aug 25 10:53:48 Unit krb5kdc.service entered failed state.
Aug 25 10:53:48 krb5kdc.service failed.