Support Questions
Find answers, ask questions, and share your expertise

Kerberos wizard vs through code

New Contributor


I'm new to Cloudera, and is trying to get my cluster up and running with Kerberos(FreeIPA).

I have one cluster that seems to work as it should. In this cluster I enabled kerberos through the enable kerberos wizard in cloudera manager. 

Then I created one additional cluster, were I tried to enable Kerberos through the API.

/cm/config -> Setting the kerberos parameters
commands/configureForKerberos -> Enabling kerberos
Have verified in FreeIPA that all principals are created and that kerberos is enabled in the Cloudera Manager UI.
Still I get a lot of permisson issues in the manual cluster.
Yarn, JobHistoryServer: 
Error creating done directory:[hdfs://master3:8020/user/history/done]
Caused by: Permission denied: user=mapred, access=WRITE, inode="/":hdfs:supergroup:drwxr-xr-x


Bad : Canary test failed to create parent directory for /tmp/.cloudera_health_monitoring_canary_files.

(Probably some permisson issue as well)


Same permisson issue, tried pushing the butt to create root directory, that fixed the issue.


So, do anybody have an idea on what's being done in the wizard and what i'm not doing in code on a general basis, stepwize ? 

I forgot to stop the cluster before running API calls, could that cause any issues? 


Answers are much appreciated! 


@kimanore For the Error snippet you mentioned is related with permission which seems fixed as you said [1]. However for the cannery test you have to see the logs, also you mentioned that you forget to stop cluster I guess that's okay you can still make this workable. 


[1] These step can also fit that. 

a) Namenode => Actions => Format

b) For JobHistory:
===> All you need to do is:

kinit as hdfs if Kerberized


sudo -u hdfs hdfs dfs -mkdir -p /user/history/done


hdfs dfs -mkdir /user
hdfs dfs -mkdir /user/history 
hdfs dfs -mkdir /tmp
hdfs dfs -mkdir /tmp/logs
hdfs dfs -chown mapred:mapred /user/history
hdfs dfs -chown mapred:mapred /tmp/logs


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
; ;