Support Questions

Find answers, ask questions, and share your expertise

NameNode URL not accesible on Kerberos Cluster

avatar

 Hi Community,

 

I have a few of CDH clusters with Kerberos enabled but I've been facing issue to not able to access the NN URL. Here is error message:

=================

HTTP ERROR 401

Problem accessing /index.html. Reason:

    Authentication required

 

Powered by Jetty://

=================

 

 

However, Yarn NM, Job history and Spark URLs are just working fine. I've checked with my team who are using both Windows and Mac laptops and they are facing same issue. THis issue still happens with latest CDH5.10

 

Is there a workaround to address this issue for Mac OS?

 

Thanks,

Silaphet 

 

 

6 REPLIES 6

avatar
Champion
You have HTTP Authentication turned on for HDFS.

CM > HDFS > Configuration > Enable Kerberos Authentication for HTTP Web-Consoles.

You can turn it off if you don't require it.

Or you can follow the below link to configure your browser to auth for the site.

https://www.cloudera.com/documentation/enterprise/5-6-x/topics/cdh_sg_browser_access_kerberos_protec...

avatar

Hi,

 

I have been looking to configure the "Google Chrome" on my Mac laptop by the command does not work. Could you please validate the command and I can give it another try?

 

I don't want to turn off the HTTP web-consoles if possible.

 

Thanks,

SIlaphet 

avatar
Champion
Download Firefox and configure. See if it works before we dig into Chrome. That way we will know that we just need to get Chrome to negotiate with the site.

avatar

Hi,

 

Quick update, it works with Firefox. However, with HDFS HA, it does not work well when we rollover active NN to another node.

 

Is there away to configure this with HDFS HA enabled?

 

Thanks,

Silaphet

avatar
Champion
What do you mean "it does not work well"? Does the second NN UI not work? Is there an error?

avatar
Rising Star
Hi,
 
After clearing all the caches and Force quitting the Chrome, executing the following command works fine with Mac Chrome:
 
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --auth-server-whitelist="*.example.com"
 
The difference in this command and the one in the documentation is that, here the command has "*.example.com" and in the documentation it is "hostname/domain"
 
Hope that helps.
 
Regards,
Thina