Support Questions

johndoe84 · ‎08-01-2014

Hello

I have a Clouder Manager 4.8 cluster with Kerberos enabled

When I configured HDFS/Hbase/Zookeeper to use Kerberos, Cloudera Manager generated all the principals and keytabs for all the services on each node

However, I have two unmanaged namenodes that I want to use as part of my cluster - Cloudera Manager does not know about these nodes, so it did not generate the principals and keytabs for the services on these nodes

I followed the steps for generating the keytabs/principals as part of the manual CDH setup, but the guide told me to move my keys tabs to /etc/hadoop/conf, but there are no other keytabs in that folder

So I need to know where does Cloudera Manager store its generated keytabs

Or am I supposed to merge the manually created keytabs with the generated keytabs somehow?

Thanks for any help in advance

Kartik_Agarwal · ‎09-23-2021

They will be in the process directory for the component. For example:

hive.keytab is in: 

/var/run/cloudera-scm-agent/process/*-hive_on_tez-HIVESERVER2

View solution in original post

Grizzly · ‎08-01-2014

The keytabs are pushed from a database to a runtime location at startup of services, what you are describing as a configuration is not really viable from what I understand.

You will see /var/run/cloudera-scm-agent/process/ but this is ephemeral, next restart will have another locaiton.

You could experiment with trying to provide the manual keytabs through safety valve to the necessary services.

Todd

shailesh001 · ‎10-12-2014

I too am having problems with keytabs when I enable Kerberos in CDH 5.1.3, I have the following in /var/run :

./cloudera-scm-agent/process/92-cloudera-mgmt-SERVICEMONITOR/hue.keytab

./cloudera-scm-agent/process/89-cloudera-mgmt-REPORTSMANAGER/hdfs.keytab

./cloudera-scm-agent/process/88-cloudera-mgmt-ACTIVITYMONITOR/hue.keytab

./cloudera-scm-agent/process/87-cloudera-mgmt-HOSTMONITOR/hue.keytab

These keytabs don't look correct. Where does it get them from?

Thanks

Shailesh

Grizzly · ‎10-12-2014

Cloudera Manager passes configuration and those keytabs through the agent at startup of the CDH processes configured to run on that cluster server.

Those are correct keytabs to be distributed to those services.

The monitoring services re-use the hue keytab for their activity with cluster nodes.

For the HDFS keytab present that is for functionality within reports manager that requires access to hdfs information.

The principal names are described within the SCM management DB, as well as the merged keytabs for the roles as gathered from the credentials table.

Todd

shailesh001 · ‎10-12-2014

I am getting the following error when I run the process of Enable Kerberos:

Command failed to run because this role has invalid configuration. Review and correct its configuration. First error: Role is missing Kerberos keytab.

The Keytabs in the /var/run directory but the 4 services fail to start due to this error. Where is ths configuration located and what part of the Enable Kerberos process have I done incorrectly?

Thanks

Shailesh

obar101 · ‎12-25-2019

export dirname=/var/run/cloudera-scm-agent/process/
sudo find $dirname -not -empty `-ls -l` | grep keytab

Kartik_Agarwal · ‎09-23-2021

They will be in the process directory for the component. For example:

hive.keytab is in: 

/var/run/cloudera-scm-agent/process/*-hive_on_tez-HIVESERVER2

Cloudera Community

Support Questions

Where does Cloudera Manager store generated keytabs and principals for Kerberos?