Welcome to the Cloudera Community

Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Who agreed with this topic

Issues with kerberizing a CDH 5.4 cluster (Enterprise edition but without Cloudera Navigator)

avatar

We have a CHD 5.4 cluster with namenode and resource manager HA with TLS configured.

 

I followed steps 1-8 and enabled Kerberos via SCM wizard (http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_sg_intro_kerb.html )

( have cloudera's jdk and also installed JCE policy files)

 

After all the steps, even after kinit-ing with the HDFS super user principal, we are not able to perform any hdfs operations (map-red / hive etc. also do not work)

 

We noticed that the nodes do not have per-service keytab files which we would have expected SCM to generate.

(also journal node principals are not created)

 

The error we see is :

 

[root@cdh54-guru1 ~]# su - hdfs

 

[hdfs@cdh54-guru1 ~]$ kinit hdfs@ZALONILABS.COM

Password for hdfs@ZALONILABS.COM:

 

[hdfs@cdh54-guru1 ~]$ klist

Ticket cache: FILE:/tmp/krb5cc_493

Default principal: hdfs@ZALONILABS.COM

 

Valid starting     Expires            Service principal

08/05/15 15:39:26  08/06/15 15:39:26  krbtgt/ZALONILABS.COM@ZALONILABS.COM

renew until 08/12/15 15:39:26

 

 

[hdfs@cdh54-guru1 ~]$ hdfs dfs -ls /

 

15/08/05 15:39:37 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs@ZALONILABS.COM (auth:KERBEROS) cause:org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed

15/08/05 15:39:38 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs@ZALONILABS.COM (auth:KERBEROS) cause:org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed

15/08/05 15:39:38 WARN security.UserGroupInformation: Not attempting to re-login since the last re-login was attempted less than 600 seconds before.

15/08/05 15:39:40 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs@ZALONILABS.COM (auth:KERBEROS) cause:org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed

15/08/05 15:39:44 WARN ipc.Client: Couldn't setup connection for hdfs@ZALONILABS.COM to cdh54-guru2.zalonilabs.com/10.11.12.202:8020

org.apache.hadoop.ipc.RemoteException(javax.security.sasl.SaslException): GSS initiate failed

 

 

 

Is there a detailed config guide or any suggestion which may help ?

 

 

 

 

Who agreed with this topic