Support Questions
Find answers, ask questions, and share your expertise

Which script does the "Update Configurations" use in kerberize cluster ?

New Contributor

Hi all,


I'm a new guy here. I was using ambari to setup a hadoop cluster, and I wanna kerberize my cluster, so I use "Enable Kerberize Wizard" via ambari.


Here is my issue:

1. I setup configurations in hdfs/yarn... ,

2. When I kerberize the cluster, it seemed that some configurations in hdfs/yarn/.. related to kerberos may change in step "Update Configurations".

107154-1.jpg

3. I do want to keep some configurations in hdfs/yarn unchanged, so How could I do that ? which script does step "Update Configurations" use? Should I modify this script ?




3 REPLIES 3

New Contributor

Any suggestions? Thanks.

While enabling Kerberos, there are a series of actions that occur based on information found in the services' Kerberos Descriptor and service advisor code. Sometimes it may be unclear to Ambari what should be done during this process if the user had changed configuration values that disagree with what the Kerberos Descriptor and service advisor are designed to set.

You may be running in the issue presented in https://issues.apache.org/jira/browse/AMBARI-22801.

My only suggestion is to reset the values to what you want after Kerberos has been enabled. Keep in mind that the service engineers originally specified what the appropriate values are for the configurations when Kerberos is enabled. Changing them may result in unexpected errors.

New Contributor

Thanks @Robert Levas for your advice.


After looking deep into the resolution, I found an interesting article here: https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberizaton


As we can see in the article, configurations changed based on different services' Kerberos Descriptor, which is a JSON-formatted text file containing information needed by Ambari to enable or disable Kerberos for a stack and its services. Therefore, if we wanna keep some configurations unchange while we "Enabling Kerberos/Adding Components/Regenerating Keytabs", we can just modify different services' Kerberos Descriptor.


The services' Kerberos Descriptor must be named kerberos.json and should be in the root directory of the relevant stack or service. Usually this file is under path "/var/lib/ambari-server/resources/stacks/HDP/3.0/services/:service_name/*".


However, as @Robert Levas mentioned above, "the service engineers originally specified what the appropriate values are for the configurations when Kerberos is enabled. Changing them may result in unexpected errors." If you really wanna change some configs and don't want it be overwritten by kerberos, just modify the kerberos.json file, but be careful.


Hope this can help others.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.