Hadoop -- Principles getting lost from cluster nod...

cjervis · ‎02-06-2020

Dear Community,

I have set the Kerberos on Hadoop Cluster Ambari on 8 nodes.

I was getting errors like

20/02/06 11:09:13 WARN ipc.Client: Exception encountered while connecting to the server : org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
mkdir: DestHost:destPort namenode:8020 , LocalHost:localPort edgenode/10.48.142.32:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]

When I registered the principles on all nodes like :

kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-cluster@REALM.COM

and the error getting disappeared

I have integrated hadoop with active directory, so I also do this

su user1

kinit -kt user1.keytab user1@REALM.COM

otherwise user1 could not sent jobs to yarn

Should I create keytab per user? (active directory ones?)

The main issue that when I reconnect to the cluster the day after I get the same issue of kerberos token!!

I have to set again principals on all nodes and for all users

Is there any way to set permanently these principles please?

Thanks a lot in advance

Asma

GangWar · ‎02-06-2020

@asmarz I think this is the duplicate of this thread:

https://community.cloudera.com/t5/Support-Questions/Adding-Active-Directory-Users-on-Hadoop-Cluster-...

Let me know if I am wrong.

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Hadoop -- Principles getting lost from cluster nodes

Hadoop -- Principles getting lost from cluster nodes

Re: Hadoop -- Principles getting lost from cluster nodes