Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Impalad behind load balancer problem

Highlighted

Impalad behind load balancer problem

Explorer

Hi Community.

I'm experiencing a weird issue while accessing a Kerberized Impala through HAProxy on a dedicated node

My setup is:

 

 

Client ----> HAproxy ---> Impalad

 

All principals, included the impala/load balancer dedicated node, are in KDC

As read on documentation I've configured the impalad safety valve with:

 

--principal=impala/edl-pr-cdhlb00.domain@EDHPROD.COM
--be_principal=impala/edl-pr-worker01.domain@EDHPROD.COM 

 

 

Impala daemon starts succesfully.

If I run an impala-shell to connect through HAproxy i receive this error:

 

# impala-shell --ssl -u sadm_prod  -k

default> connect edl-pr-cdhlb001.domain:21000;
Error connecting: TTransportException, TSocket read 0 bytes

 

 

Looking at impalad log files I see:

 

 

E0311 14:20:16.559967 20303 authentication.cc:161] SASL message (Kerberos (external)): GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No key table entry found matching impala/edl-pr-cdhlb00.domain@)

 

 

As you can see the previously configured realm is not there.

 

Any idea? Am I missing something?

Don't have an account?
Coming from Hortonworks? Activate your account here