Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

I want to kerberized REST API Url's of Ambari Hadoop Server. Please help for correct configuration steps .

avatar
author-rank Nitin0858
Explorer

Created on ‎08-10-2021 02:36 AM - last edited on ‎08-10-2021 08:56 PM by Moderator

1) Ambari Server Url : http://host:port

 

2) Amabri server services rest api url : http://host:port/api/v1/clusters/<clustername>/services/<service name>

 

Trying to enable kerberos authentication for point 2 url.

 

please help for same.

 

Thank you!!!

2,072 Views
0 Kudos
6 REPLIES 6

avatar
niparmar author-rank
Cloudera Employee

Created ‎08-10-2021 05:20 AM

@Nitin0858 below command will work if you enable kerberos for ambari
curl --negotiate -u: 'http://<hostname>:8080/api/v1/clusters/<cluster_name>/services/<service_name>;'
eg:
curl --negotiate -u: 'http://ambari-host:8080/api/v1/clusters/clusterabc/services/HIVE'

Please find the steps below:

1) ambari-server setup-kerberos

2) ambari-server restart

3) Verify kerberos properties are updated in ambari.properties | grep kerberos

4) kinit with ambari admin principal and run the curl call.

 

2,051 Views
0 Kudos

avatar
author-rank Nitin0858
Explorer

Created ‎08-10-2021 05:58 AM

@niparmar 

Hi

I have kerberos enabled hadoop server so its name node , datanode yarn mapreduce are kerberos enabled but its service url is not kerberos enabled as I can hit that url on web and get the output on web but if it is kerberos enabled then it should not be hit on web .

 

while running below command getting :- 

 

 

curl --negotiate -u: 'http://ambari-host:8080/api/v1/clusters/clusterabc/services/HDFS

 

output :

{
"status": 403,
"message": "Authentication required"
}

 

 

Please suggest some solution for it .

 

Thanks in advance.

2,039 Views
0 Kudos

avatar
niparmar author-rank
Cloudera Employee

Created ‎08-10-2021 11:35 PM

@Nitin0858 Was the ambari-server setup-kerberos run? Can you check the auth_to_local rule and mapping. 

2,003 Views
0 Kudos

avatar
author-rank Nitin0858
Explorer

Created ‎08-10-2021 11:54 PM

@niparmar 

some rules are defined in hadoop.security.auth_to_local property.

and some property as below -

hadoop.security.authentication    kerberos

hadoop.security.authorization      true

hadoop.http.authentication.simple.anonymous.allowed   false

 

I am posting it in regards hdfs configuration .

 

Please suggest what we missed here.

2,001 Views
0 Kudos

avatar
author-rank Nitin0858
Explorer

Created ‎08-10-2021 11:56 PM

and below two properties are found in ambari.properties file -

kerberos.check.jaas.configuration=true
kerberos.keytab.cache.dir=/var/lib/ambari-server/data/cache

2,000 Views
0 Kudos

avatar
author-rank Nitin0858
Explorer

Created ‎08-17-2021 02:31 AM

Please help if anyone knows about it .

Thanks in advance!!!

1,935 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements