Support Questions

Find answers, ask questions, and share your expertise

Issue Generating principals in Cloudera Manager - 5.16.2 - Parcels.

avatar
New Contributor

Hi,

 

When i try to 'Generate Missing Credentials' in Cloudera Manager:

 CM >Administration>Secuity>Kerberos Credentials , I get the following error

2020-11-20 00:13:31,793 INFO GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: Generating kerberos credentials using custom script /etc/hadoop/conf/keytabgen.sh
2020-11-20 00:13:31,794 INFO GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: Creating credentials for roleId 132
2020-11-20 00:13:31,794 INFO GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: Generating new keytab for spark/clouderadp02.ibm.cloud@IBM.CLOUD
2020-11-20 00:13:31,805 ERROR GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: unable to create credential for role 132 due to:/etc/hadoop/conf/keytabgen.sh failed with exit code 1 and output of <<
cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>>
2020-11-20 00:13:36,926 ERROR CommandPusher:com.cloudera.cmf.command.CommandHelpers: GenerateCredentials - Execution error:
java.io.IOException: /etc/hadoop/conf/keytabgen.sh failed with exit code 1 and output of <<
cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>>
at com.cloudera.cmf.security.GenerateCredentialsCommand.generateKeytab(GenerateCredentialsCommand.java:404)
at com.cloudera.cmf.security.GenerateCredentialsCommand.createKeytab(GenerateCredentialsCommand.java:501)
at com.cloudera.cmf.security.GenerateCredentialsCommand.generateMissingKeytabs(GenerateCredentialsCommand.java:250)
at com.cloudera.cmf.security.GenerateCredentialsCommand.access$300(GenerateCredentialsCommand.java:62)
at com.cloudera.cmf.security.GenerateCredentialsCommand$2$1.run(GenerateCredentialsCommand.java:593)
at com.cloudera.cmf.security.GenerateCredentialsCommand$2$1.run(GenerateCredentialsCommand.java:581)
at com.cloudera.cmf.security.components.SecurityUtils.runWithGenerateKrb5Conf(SecurityUtils.java:375)
at com.cloudera.cmf.security.GenerateCredentialsCommand$2.call(GenerateCredentialsCommand.java:581)
at com.cloudera.cmf.security.GenerateCredentialsCommand$2.call(GenerateCredentialsCommand.java:577)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2020-11-20 00:13:36,927 INFO CommandPusher:com.cloudera.cmf.model.DbCommand: Command 2831(GenerateCredentials) has completed. finalstate:FINISHED, success:false, msg:/etc/hadoop/conf/keytabgen.sh failed with exit code 1 and output of <<
cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>>

Not sure what is causing this issue. The '/etc/hadoop/conf/keytabgen.sh' is a very simple script :

 

#!/bin/bash

# Cloudera Manager will input a destination path
DEST="$1"

# Cloudera Manager will input the principal name in the format: <service>/<fqdn>@REALM
PRINC="$2"

# Assuming the '<service>_<fqdn>@REALM.keytab' naming convention for keytab files
IN=$(echo $PRINC | sed -e 's/\//_/')
src="/etc/hadoop/conf/keytabs/${IN}.keytab"

# Copy the keytab to the destination input by Cloudera Manager
cp -v $SRC $DEST

 

 

When i check in /etc/hadoop/conf/keytab path. I find that to be empty.

When i check the principals in the KDC server(listprincs), I see the principals for each every service and user required. 

 

Not sure what is going wrong.

 

regards,

Haree Krushnan

 

1 ACCEPTED SOLUTION

avatar
Expert Contributor

Hello @HareeKrushnan 

 

I see that you are using a custom script to retrieve keytabs from the local filesystem. The script is failing as it is unable to find the required keytabs at the location

cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>>

 

Please note that to use the custom script the KDC administrators should create the required principals and keytabs, and store them securely on the Cloudera Manager Server host.

 

Please review the below document for more information on using a Custom Kerberos Keytab Retrieval Script

https://docs.cloudera.com/documentation/enterprise/5-16-x/topics/sg_keytab_retrieval_script.html

 

Let us know if this helps.

 

Cheers!

Was your question answered? Make sure to mark the answer as the accepted solution.

If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

2 REPLIES 2

avatar
Expert Contributor

Hello @HareeKrushnan 

 

I see that you are using a custom script to retrieve keytabs from the local filesystem. The script is failing as it is unable to find the required keytabs at the location

cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>>

 

Please note that to use the custom script the KDC administrators should create the required principals and keytabs, and store them securely on the Cloudera Manager Server host.

 

Please review the below document for more information on using a Custom Kerberos Keytab Retrieval Script

https://docs.cloudera.com/documentation/enterprise/5-16-x/topics/sg_keytab_retrieval_script.html

 

Let us know if this helps.

 

Cheers!

Was your question answered? Make sure to mark the answer as the accepted solution.

If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

Hi Tjangid,

Thanks for the info, it indeed was the custom script which was causing the issue. 

 

Regards,

Haree Krushnan