Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Multiple CDH clusters sharing the same Domain, DNS and KDC.

Multiple CDH clusters sharing the same Domain, DNS and KDC.

Explorer

Hello,

 

I'm trying to understand any trouble I may run into if I use a shared KDC with multiple instances of Cloudera.

 

Let's say I build two distinct clusters and try to share a KDC and DNS between them.  Won't the principals conflict between the two clusters for things like the HDFS principal for example?  Will I run into any other issues?

 

What is a recommended approach to installing multiple clusters on the same Domain / KDC vs separate KDC's and separate Domains?

 

Regards,

TC

1 REPLY 1

Re: Multiple CDH clusters sharing the same Domain, DNS and KDC.

Master Guru
You can build out multiple clusters sharing the same KDC and Realm, as long as their machine hostnames are distinct. A service principal takes the form of USER/HOST@REALM, so this will avoid conflicts. This is also practiced in many environments.

In this approach however, users on one cluster will immediately have authentication access to the other cluster, because the KDC Realm is common between the two. If that is not desirable, you'll need to run separate KDCs with distinct Realm names.

In the former case (same Realm, multiple clusters), DNS discovery of the Realm would not be a problem as only a single one exists. In the latter case (one Realm per cluster), you'll likely need to make use of explicit [domain_realm] section specifiers in krb5.conf to direct clients to the right KDC for each cluster's service hostnames.