Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

kerberos spnego authentication not working for ambari hadoop server rest api url

avatar
Explorer

I have a hadoop server which namenode, datanode , YARN component etc are spnego kerberized and when we hit their url's on web we get as below -

url - http://host:50070/jmx?qry=Hadoop:*
here 50070 is namenode port output :

HTTP ERROR 403

Problem accessing /index.html. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not 

above response on web indicates that url is kerberized.

 

 

I tried to enable spnego kerberos for ambari with using command "ambari-server setup-security" and completed kerberos configuration.

but when hit the url of ambari services rest api then getting proper output -

 

url - http://host:8080/api/v1/clusters/cluster_name/services/HDFS

 

I could see the proper output for above url on web . why both url's output is not same , it should be same if enabled kerberos .

 

please help and thanks in advance!!!

4 REPLIES 4

avatar
Master Mentor

@Nitin0858 

Can you share the 2 contents so we can help with the analysis?

avatar
Explorer

@Shelton

 

Enabling kerberos we have to set properties as below to HDFS,YARN etc etc .

hadoop.security.authentication    kerberos

hadoop.security.authorization      true

hadoop.http.authentication.simple.anonymous.allowed   false

 

after configuring kerberos properly then when we hit the url of any component of hadoop server on browser then will get  HTTP ERROR 403 .

 

REST api url pattern -

http://host:8080/api/v1/clusters/<cluster_name>/services/<service_name>

 

but when we hit the same service rest api url on browser then we could see the response on browser details are as below -

 

{
"href" : "http://host:8080/api/v1/clusters/cluster_name/services/HDFS",
"ServiceInfo" : {
"cluster_name" : "<cluster_name>",
"maintenance_state" : "OFF",
"service_name" : "HDFS",
"state" : "STARTED"
},
"alerts_summary" : {
"CRITICAL" : 0,
"MAINTENANCE" : 0,
"OK" : 26,
"UNKNOWN" : 1,
"WARNING" : 0
},
"alerts" : [

..........................

 

 

 

but response should not  be display on browser if url is kerberized and we should get http error 403 .

 

 

so here we want to kerberize rest api url .

please help for same.

avatar
Master Mentor

@Nitin0858 
Did you enable your Ambari manually  because those parameters you are referring to are set automatically when enabling through Ambari else if you did it manually as I suspect you need to perform the steps mentioned  Set Up Kerberos for Ambari Server

 

Please revert 

avatar
Explorer

@Shelton

 

I have already executed steps that you have provided in the link but still ambari services rest api url is not kerberized .

 

is there any other configuration required ? or

ambari services rest api url do not support kerberos authentication ?