Support Questions

akhilsnaik · ‎08-08-2017

I have a Kerberos enabled cluster with HDFS service installed on host1.

when i try to perform some operations on HDFS server, its failing with below error.

17/08/08 11:19:34 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
report: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "host1.example.com/172.26.110.122"; destination host is: "host1.example.com":8020;

I tried to execute klist

it shoes some certificates but seems expired.

Please help me on this error.

jsensharma · ‎08-08-2017

@Akhil S Naik

Please do a kinit with the hDFS keytab and see if it works:

Get Principal Name

# klist -kte /etc/security/keytabs/hdfs.headless.keytab 
Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab
KVNO Timestamp  Principal
---- ------------------- ------------------------------------------------------
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (des-cbc-md5) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (des3-cbc-sha1) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (arcfour-hmac) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (aes256-cts-hmac-sha1-96) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (aes128-cts-hmac-sha1-96)

.

- Do a kinit

# kinit -kt /etc/security/keytabs/hdfs.headless.keytab  hdfs-kerberos_ambari@EXAMPLE.COM

.

Check the ticket.

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hdfs-kerberos_ambari@EXAMPLE.COM

Valid starting  Expires  Service principal
08/08/2017 11:43:48  08/09/2017 11:43:48  krbtgt/EXAMPLE.COM@EXAMPLE.COM

Then try again.

.

View solution in original post

jsensharma · ‎08-08-2017