I have a Clouder Manager 4.8 cluster with Kerberos enabled
When I configured HDFS/Hbase/Zookeeper to use Kerberos, Cloudera Manager generated all the principals and keytabs for all the services on each node
However, I have two unmanaged namenodes that I want to use as part of my cluster - Cloudera Manager does not know about these nodes, so it did not generate the principals and keytabs for the services on these nodes
I followed the steps for generating the keytabs/principals as part of the manual CDH setup, but the guide told me to move my keys tabs to /etc/hadoop/conf, but there are no other keytabs in that folder
So I need to know where does Cloudera Manager store its generated keytabs
Or am I supposed to merge the manually created keytabs with the generated keytabs somehow?
Thanks for any help in advance
The keytabs are pushed from a database to a runtime location at startup of services, what you are describing as a configuration is not really viable from what I understand.
You will see /var/run/cloudera-scm-agent/process/ but this is ephemeral, next restart will have another locaiton.
You could experiment with trying to provide the manual keytabs through safety valve to the necessary services.
I too am having problems with keytabs when I enable Kerberos in CDH 5.1.3, I have the following in /var/run :
These keytabs don't look correct. Where does it get them from?
Cloudera Manager passes configuration and those keytabs through the agent at startup of the CDH processes configured to run on that cluster server.
Those are correct keytabs to be distributed to those services.
The monitoring services re-use the hue keytab for their activity with cluster nodes.
For the HDFS keytab present that is for functionality within reports manager that requires access to hdfs information.
The principal names are described within the SCM management DB, as well as the merged keytabs for the roles as gathered from the credentials table.
I am getting the following error when I run the process of Enable Kerberos:
Command failed to run because this role has invalid configuration. Review and correct its configuration. First error: Role is missing Kerberos keytab.
The Keytabs in the /var/run directory but the 4 services fail to start due to this error. Where is ths configuration located and what part of the Enable Kerberos process have I done incorrectly?
export dirname=/var/run/cloudera-scm-agent/process/ sudo find $dirname -not -empty `-ls -l` | grep keytab