Created 03-16-2016 07:53 AM
I am trying to use the option "Manage Kerberos principals and keytabs manually" in ambari while trying to kerberise the cluster.
I am trying to use the kerberos_Setup.sh provided by ambari. does it work as expected?
I dont see that, it is throwing up lot of errors and trying to replace the krb5.conf (i changed) with the default one. also it is trying to create a kdc database. what is the password for that. Also the script is not installing rngd,pdsh, i did it manually. Finally i do see the error . Even though i see the hosts entry at accepted_hosts.
HAs anyone the correct version of this script. I am using HDP 2.4
pdsh@instance-1: no remote hosts specified
Created 03-17-2016 06:13 AM
Please provide the documentation link that you are using. Also why are you managing the kerberos keytabs manually? I would let the wizard create it irrespective of if you do it on AD or MIT KDC. This is a much cleaner process.
Created 03-16-2016 12:47 PM
Some items i noticed are , the scripts kerberos-setup.sh doesnt have the setting for redhat 7 , i added it.
But there are a couple of other issues too . The script removes the sudo permissions too. Instead the old script of generate_keytabs.sh is better. but that script is not part of the latest ambari. Do someone have the rectified version of this script or is the old script available somewhere in the github repos, i would take that and proceed.
Created 03-17-2016 06:13 AM
Please provide the documentation link that you are using. Also why are you managing the kerberos keytabs manually? I would let the wizard create it irrespective of if you do it on AD or MIT KDC. This is a much cleaner process.
Created 03-17-2016 06:57 AM
I dont have an AD integration as of now. Also i have done kerberos setup in the older versions of sandbox, where manual was the only option, i used to download the csv file and generate the keytabs. I just followed a couple of urls from the web. the below one is what i referred, but i dont need the AD integration
http://hortonworks.com/blog/enabling-kerberos-hdp-active-directory-integration/
I havent explored the MIT KDC option. does that option allow us to install a KDC on one of the hosts and does everything cleanly. I will give a try that. Also another question is as of now i have only few components of the HDP stack. Suppose i want to add few more components in the future and kerberize them . How can i do that? IS it possible with Ambari?
Created 03-21-2016 06:52 AM
Thanks for your solution. It worked fine.