Support Questions
Find answers, ask questions, and share your expertise

I want to kerberized REST API Url's of Ambari Hadoop Server. Please help for correct configuration steps .

Explorer

1) Ambari Server Url : http://host:port

 

2) Amabri server services rest api url : http://host:port/api/v1/clusters/<clustername>/services/<service name>

 

Trying to enable kerberos authentication for point 2 url.

 

please help for same.

 

Thank you!!!

6 REPLIES 6

Cloudera Employee

@Nitin0858 below command will work if you enable kerberos for ambari
curl --negotiate -u: 'http://<hostname>:8080/api/v1/clusters/<cluster_name>/services/<service_name>;'
eg:
curl --negotiate -u: 'http://ambari-host:8080/api/v1/clusters/clusterabc/services/HIVE'

Please find the steps below:

1) ambari-server setup-kerberos

2) ambari-server restart

3) Verify kerberos properties are updated in ambari.properties | grep kerberos

4) kinit with ambari admin principal and run the curl call.

 

Explorer

@niparmar 

Hi

I have kerberos enabled hadoop server so its name node , datanode yarn mapreduce are kerberos enabled but its service url is not kerberos enabled as I can hit that url on web and get the output on web but if it is kerberos enabled then it should not be hit on web .

 

while running below command getting :- 

 

 

curl --negotiate -u: 'http://ambari-host:8080/api/v1/clusters/clusterabc/services/HDFS

 

output :

{
"status": 403,
"message": "Authentication required"
}

 

 

Please suggest some solution for it .

 

Thanks in advance.

Cloudera Employee

@Nitin0858 Was the ambari-server setup-kerberos run? Can you check the auth_to_local rule and mapping. 

Explorer

@niparmar 

some rules are defined in hadoop.security.auth_to_local property.

and some property as below -

hadoop.security.authentication    kerberos

hadoop.security.authorization      true

hadoop.http.authentication.simple.anonymous.allowed   false

 

I am posting it in regards hdfs configuration .

 

Please suggest what we missed here.

Explorer

and below two properties are found in ambari.properties file -

kerberos.check.jaas.configuration=true
kerberos.keytab.cache.dir=/var/lib/ambari-server/data/cache

Explorer

Please help if anyone knows about it .

Thanks in advance!!!