Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Manual KDC and kerberos option in ambari

Labels:
avatar
author-rank arunpoy
Guru

Created ‎03-16-2016 07:53 AM

I am trying to use the option "Manage Kerberos principals and keytabs manually" in ambari while trying to kerberise the cluster.

I am trying to use the kerberos_Setup.sh provided by ambari. does it work as expected?

I dont see that, it is throwing up lot of errors and trying to replace the krb5.conf (i changed) with the default one. also it is trying to create a kdc database. what is the password for that. Also the script is not installing rngd,pdsh, i did it manually. Finally i do see the error . Even though i see the hosts entry at accepted_hosts.

HAs anyone the correct version of this script. I am using HDP 2.4

pdsh@instance-1: no remote hosts specified

1,990 Views
1 ACCEPTED SOLUTION

avatar
author-rank sdutta
Guru

Created ‎03-17-2016 06:13 AM

@ARUNKUMAR RAMASAMY

Please provide the documentation link that you are using. Also why are you managing the kerberos keytabs manually? I would let the wizard create it irrespective of if you do it on AD or MIT KDC. This is a much cleaner process.

View solution in original post

1,724 Views
4 REPLIES 4

avatar
author-rank arunpoy
Guru

Created ‎03-16-2016 12:47 PM

Some items i noticed are , the scripts kerberos-setup.sh doesnt have the setting for redhat 7 , i added it.

But there are a couple of other issues too . The script removes the sudo permissions too. Instead the old script of generate_keytabs.sh is better. but that script is not part of the latest ambari. Do someone have the rectified version of this script or is the old script available somewhere in the github repos, i would take that and proceed.

1,724 Views

avatar
author-rank sdutta
Guru

Created ‎03-17-2016 06:13 AM

@ARUNKUMAR RAMASAMY

Please provide the documentation link that you are using. Also why are you managing the kerberos keytabs manually? I would let the wizard create it irrespective of if you do it on AD or MIT KDC. This is a much cleaner process.

1,725 Views

avatar
author-rank arunpoy
Guru

Created ‎03-17-2016 06:57 AM

@Shivaji

I dont have an AD integration as of now. Also i have done kerberos setup in the older versions of sandbox, where manual was the only option, i used to download the csv file and generate the keytabs. I just followed a couple of urls from the web. the below one is what i referred, but i dont need the AD integration

http://hortonworks.com/blog/enabling-kerberos-hdp-active-directory-integration/

I havent explored the MIT KDC option. does that option allow us to install a KDC on one of the hosts and does everything cleanly. I will give a try that. Also another question is as of now i have only few components of the HDP stack. Suppose i want to add few more components in the future and kerberize them . How can i do that? IS it possible with Ambari?

1,724 Views

avatar
author-rank arunpoy
Guru

Created ‎03-21-2016 06:52 AM

@Shivaji

Thanks for your solution. It worked fine.

1,724 Views
0 Kudos
Announcements
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
What's New @ Cloudera
Updates to the HDFS clusters on AWS environments to add supp...
What's New @ Cloudera
Enhancements to the create-database command
Community Announcements
September 2024 Community Highlights
View More Announcements