Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Has anyone done distcp between secured clusters but different REALM?

Labels:
avatar
author-rank hosako
Guru

Created ‎11-25-2015 05:57 AM

As long as reading http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Sys_Admin_Guides/content/ref-263ee41f-a0a... , looks like implying same realm.

Even Cloudera mentions Distinct Realms...

http://www.cloudera.com/content/www/en-us/documentation/enterprise/latest/topics/cdh_admin_distcp_da...

3,047 Views
2 ACCEPTED SOLUTIONS

avatar
author-rank mfoley
Guru

Created ‎11-25-2015 08:06 PM

hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
1,947 Views

avatar
author-rank sprakash author-rank
Contributor

Created ‎06-21-2016 05:32 PM

hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
1,947 Views
0 Kudos
4 REPLIES 4

avatar
author-rank jstraub
Guru

Created ‎11-25-2015 06:10 AM

I have not done distcp with different Kerberos REALMS, but I think this should be possible. Our documentation only mentions "same principal name must be assigned to the applicable NameNodes", so that auth_to_local configuration can calculate the same username on both sides (Kerberos principal: nn/host1@realm will be user "nn"). As long as the different realms use the same KDC or the KDCs trust each other, this should be possible.

1,947 Views

avatar
author-rank mfoley
Guru

Created ‎11-25-2015 08:06 PM

hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
1,948 Views

avatar
author-rank sprakash author-rank
Contributor

Created ‎06-21-2016 05:32 PM

hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
1,948 Views
0 Kudos

avatar
author-rank mfoley
Guru

Created ‎06-23-2016 08:35 PM

@sprakash

The fact that distcp works with some configurations indicates you probably have Security set up right, as well as giving you an obvious work-around. To try to answer your question, please provide some clarifying information:

  1. When you speak of mapred-client.xml, do you mean mapred-site.xml on the client machine?
  2. When you speak of changing the framework, do you mean the "mapreduce.framework.name" configuration parameter in mapred-side.xml?
  3. Do you change it only on the client machine, or throughout both clusters?
  4. The allowed values of that parameter are "local", "classic", and "yarn". When you change it to not be "yarn", what do you set it to?
  5. Do you have "mapreduce.application.framework.path" set? If so, to what value?
1,947 Views
0 Kudos
webinar banner
Announcements
What's New @ Cloudera
Apache Flink is Now Generally Available in the Cloudera Stre...
Product Announcements
[ANNOUNCE] Cloudera Data Services 1.5.4 on Private Cloud Rel...
What's New @ Cloudera
Run your Apache NiFi and Apache Kafka workloads on Kubernete...
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
Community Announcements
May 2024 Community Highlights
View More Announcements
meetups banner