I have set the Kerberos on Hadoop Cluster Ambari on 8 nodes.
I was getting errors like
20/02/06 11:09:13 WARN ipc.Client: Exception encountered while connecting to the server : org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
mkdir: DestHost:destPort namenode:8020 , LocalHost:localPort edgenode/10.48.142.32:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
When I registered the principles on all nodes like :
kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-cluster@REALM.COM
and the error getting disappeared
I have integrated hadoop with active directory, so I also do this
kinit -kt user1.keytab user1@REALM.COM
otherwise user1 could not sent jobs to yarn
Should I create keytab per user? (active directory ones?)
The main issue that when I reconnect to the cluster the day after I get the same issue of kerberos token!!
I have to set again principals on all nodes and for all users
Is there any way to set permanently these principles please?
Thanks a lot in advance
@asmarz I think this is the duplicate of this thread:
Let me know if I am wrong.