- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Is Kerberos ready for production?
Created on ‎09-29-2016 10:42 AM - edited ‎09-16-2022 03:42 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
While looking at kerberos authentication in hdp2.4, I came across a number of issues
1) Looks like a number of UIs (Atlas, Ambari-views etc.) need Browser to be set up for Kerberos
2) Zeppelin doesn't work with kerberos
3) There are issues around oozie - sqoop
I am wondering is kerberos production-ready or we should wait for further releases.
Do we have a list of all known issues with Kerberos?
Thanks,
Avijeet
Created ‎10-01-2016 03:51 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Avijeet Dash,
Support for Kerberos in HDP 2.x is very much production ready. A lot of users are already running Kerberos in their production clusters. It also depends on which Hadoop components you are trying to use in production. Lets look at component level issues:
> 1) Looks like a number of UIs (Atlas, Ambari-views etc.) need Browser to be set up for Kerberos
This is basic requirement for any Kerberos enabled service. For access over HTTP, the service usually support SPNEGO. Hence SPNEGO needs to be enabled in browser.
> 2) Zeppelin doesn't work with kerberos
Zeppelin doesn't require any special configuration to work over Kerberos. It relies on underlying services (YARN etc.) to work with Kerberos. Moreover, Zeppelin was added as technical preview in HDP 2.4 so it was not meant to be used in production cluster. Hortonworks recommend to upgrade to HDP 2.5 if you want to use in production.
> 3) There are issues around oozie - sqoop
Oozie sqoop action with Kerberos is tested and working successfully. Most of the errors are usually the configuration issues. You can encouraged to post the issues here so that we can suggest solution.
On a generic note, it is highly recommended to upgrade to HDP 2.5.0 so that you get the latest components version with loads of fixes & new features.
Thank you.
Created ‎10-01-2016 03:51 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Avijeet Dash,
Support for Kerberos in HDP 2.x is very much production ready. A lot of users are already running Kerberos in their production clusters. It also depends on which Hadoop components you are trying to use in production. Lets look at component level issues:
> 1) Looks like a number of UIs (Atlas, Ambari-views etc.) need Browser to be set up for Kerberos
This is basic requirement for any Kerberos enabled service. For access over HTTP, the service usually support SPNEGO. Hence SPNEGO needs to be enabled in browser.
> 2) Zeppelin doesn't work with kerberos
Zeppelin doesn't require any special configuration to work over Kerberos. It relies on underlying services (YARN etc.) to work with Kerberos. Moreover, Zeppelin was added as technical preview in HDP 2.4 so it was not meant to be used in production cluster. Hortonworks recommend to upgrade to HDP 2.5 if you want to use in production.
> 3) There are issues around oozie - sqoop
Oozie sqoop action with Kerberos is tested and working successfully. Most of the errors are usually the configuration issues. You can encouraged to post the issues here so that we can suggest solution.
On a generic note, it is highly recommended to upgrade to HDP 2.5.0 so that you get the latest components version with loads of fixes & new features.
Thank you.
Created ‎10-02-2016 03:09 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Avijeet Dash,
As Vipin Rathor, many companies are in production with Kerberos with 2.x versions. Please post your issues as individual questions.
Created ‎10-14-2016 04:35 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my config zeppelin working with kerberos )