Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Kerberos on Ambari 2.6.2.2: 500 status code received on POST method for API: /api/v1/clusters/hdp265/requests

Labels:
avatar
author-rank vsrikanth9
Explorer

Created on ‎10-09-2019 09:39 AM - last edited on ‎10-09-2019 09:47 AM by Guru Guru

I am trying to enable Kerberos on Ambari 2.6.2.2 on CentOS 7.  Below are the errors
***********************

500 status code received on POST method for API: /api/v1/clusters/hdp265/requests
Error message: An internal system exception occurred: Failed to execute the command: Broken pipe

***********************************

Below is my krb5.conf file

nano /etc/krb5.conf

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
default_realm = HADOOPSECURITY.COM
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
HADOOPSECURITY.COM = {
kdc = p1.bigdata.com
admin_server = p1.bigdata.com
}

[domain_realm]
.p1.bigdata.com = HADOOPSECURITY.COM
p1.bigdata.com = HADOOPSECURITY.COM

 

************************************

nano /var/kerberos/krb5kdc/kadm5.acl
*/admin@HADOOPSECURITY.COM *

3,637 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank vsrikanth9
Explorer

Created ‎10-10-2019 09:41 AM

Finally, it worked when I added admin/admin into /var/kerberos/krb5kdc/kadm5.acl file.  Here I have added admin/admin and root/admin as well... just created the root user.

View solution in original post

3,526 Views
0 Kudos
11 REPLIES 11

avatar
author-rank Shelton
Master Mentor

Created ‎10-10-2019 10:24 AM

@vsrikanth9 

 

Great, it worked but you should recognize even if you had modified the    /var/kerberos/krb5kdc/kadm5.acl still  krb5.conf was wrong and your Ambari UI  was wrong so you still wouldn't have resolved it 🙂 

Happy hadooping 

1,356 Views
0 Kudos

avatar
author-rank vsrikanth9
Explorer

Created ‎10-10-2019 11:58 AM

Thanks for your help Shelton.  I have one other question... trying to enable Kerberos in other server but it is saying not reachable.  Using similar configuration... server name different.  What would be be the issue?  btw. it is on HDP 3.1(Ambari 2.7) on CentOS 7 server.  What could be the reason to not able to reach the KDC?

HDP 2.7.jpg

1,355 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements