Support Questions
Find answers, ask questions, and share your expertise

Hive, Storm, Kafka, Hbase cannot connect to Zookeeper after Kerberos Integration

I have enabled Kerberos using Ambari 2.2 with HDP 2.3.4 with non local user and service accounts, which are stored in AD. However Hive, Storm, Kafka and Hbase starts but then immediately shuts down.

All indicate an issue similar to the following - Authfailed in zookeeper:

2581-screen-shot-2016-03-03-at-44224-pm.png

3 REPLIES 3

Re: Hive, Storm, Kafka, Hbase cannot connect to Zookeeper after Kerberos Integration

Explorer

Hi @Ancil McBarnett!

Can you connect to Zookeeper from the command line with a valid ticket without any errors?

Is HDFS in HA mode? If yes, can it connect to zookeeper?

Can you obtain a valid kerberos ticket?

Are the user and service keytabs working?

Re: Hive, Storm, Kafka, Hbase cannot connect to Zookeeper after Kerberos Integration

@Stefan Kupstaitis-Dunkler

HDFS is not on HA mode. So we tried using zookeeper principal, but cannot connect to ZCli Error is

2608-screen-shot-2016-03-04-at-120921-pm.png

Re: Hive, Storm, Kafka, Hbase cannot connect to Zookeeper after Kerberos Integration

Ok.. got the answer.

For centrify we created service names that were prefixed with the cluster name. This was also done during the Kerberos wizard.

Unfortunately if you do have the cluster with customized service names (as you should, if you are managing multiple clusters in an AD domain), you would have to ensure that zookeeper is aware of it.

We got everything working by setting zookeeper.sasl.client.username to the affected services.

Add

export HADOOP_OPTS="$HADOOP_OPTS -Dzookeeper.sasl.client.username=<cluster prefix>-zookeeper"

to the following:

  1. Hive -> Advanced hive-env -> hive-env template
  2. HBase -> Advanced hbase-env -> hbase-env template
  3. Storm -> Nimbus -> nimbus.childopts
  4. Storm -> Supervisor -> supervisor.childopts
  5. Kafka -> Advanced kafka-env -> kafka-env template