Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Impalad behind load balancer problem


Impalad behind load balancer problem


Hi Community.

I'm experiencing a weird issue while accessing a Kerberized Impala through HAProxy on a dedicated node

My setup is:



Client ----> HAproxy ---> Impalad


All principals, included the impala/load balancer dedicated node, are in KDC

As read on documentation I've configured the impalad safety valve with:





Impala daemon starts succesfully.

If I run an impala-shell to connect through HAproxy i receive this error:


# impala-shell --ssl -u sadm_prod  -k

default> connect edl-pr-cdhlb001.domain:21000;
Error connecting: TTransportException, TSocket read 0 bytes



Looking at impalad log files I see:



E0311 14:20:16.559967 20303] SASL message (Kerberos (external)): GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No key table entry found matching impala/edl-pr-cdhlb00.domain@)



As you can see the previously configured realm is not there.


Any idea? Am I missing something?

Don't have an account?
Coming from Hortonworks? Activate your account here