Support Questions

Find answers, ask questions, and share your expertise

Unable to have view in kerberized cluster.

avatar

Hi experts

I have 3 nodes hadoop kerberized cluster. But while i am opening view i am getting below error:

SIMPLE authentication is not enabled. Available:[TOKEN]

Below is the solution i came across as per the link.

https://community.hortonworks.com/questions/7896/simple-authentication-is-not-enabled-availabletoke....

As per the above solution i have made 2 changes:

"hadoop.security.authentication" to "simple" in the file /etc/hadoop/conf/core-site.xml in ambari.

'hive.server2.authentication' is set to 'None'

But while i am able to open the views but node managers and datanodes gives error to kerberos..as below:

2017-01-05 16:12:22,661 WARN authorize.ServiceAuthorizationManager (ServiceAuthorizationManager.java:authorize(119)) - Authorization failed for yarn (auth:SIMPLE) for protocol=interface org.apache.hadoop.yarn.server.api.ResourceTrackerPB, expected client Kerberos principal is nm/hdpdn1.hadoop.com@HADOOP.COM 2017-01-05 16:12:22,661 INFO ipc.Server (Server.java:authorizeConnection(2039)) - Connection from 192.168.56.41:34702 for protocol org.apache.hadoop.yarn.server.api.ResourceTrackerPB is unauthorized for user yarn (auth:SIMPLE) 2017-01-05 16:12:22,661 INFO ipc.Server (Server.java:doRead(850)) - Socket Reader #1 for port 8025: readAndProcess from client 192.168.56.41 threw exception [org.apache.hadoop.security.authorize.AuthorizationException: User yarn (auth:SIMPLE) is not authorized for protocol interface org.apache.hadoop.yarn.server.api.ResourceTrackerPB, expected client Kerberos principal is nm/hdpdn1.hadoop.com@HADOOP.COM]

Please help me to have kerberize cluster and views.

1 ACCEPTED SOLUTION

avatar
Master Mentor

@chitrartha sur

As the error you attached as part of "files.txt" shows:

500 SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]

Please refer to last point : https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.0.0/bk_ambari_views_guide/content/_Troubleshoot...

.

If your cluster is configured for Kerberos, you cannot use the Local Cluster Configuration option. You must use the Custom Cluster Configuration option and enter the WebHDFS FileSystem URI.

For example: webhdfs://namenode:50070

As per your screenshot you are using "Local Cluster". Following link talks about configuring "Custom Cluster Configuration"

https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.0.0/bk_ambari_views_guide/content/_Cluster_Conf...

.

View solution in original post

13 REPLIES 13

avatar

avatar
Master Mentor

@chitrartha sur

Please check your "hive-site.xml" property "hive.metastore.sasl.enabled" is set to "true" after enabling Kerberos?

Your ambari version seems to be too old 2.2.0 so it seems to be impacted with:

https://issues.apache.org/jira/browse/AMBARI-12257

.

avatar

@Jay SenSharma

yes sasl is enabled as true in hive-site.xml. But it is still showing error.

avatar

@Jay SenSharma

yes sasl is enabled as true in hive-site.xml.