@Divya Thaore If you generated the ssh-keys hoping you didn't protect it with a password navigate to the /root/.ssh directory and # cat id_rsa And copy all the content between including the begin and end as shown and paste in the designated window in Ambari UI -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA8qP3SQ+81GIpYSd/Sw1uKjt1khxv/zh4aEbRbPK0pcaW1KAh 9mD76BdouBRifv6Mn8ydnanSthRNOmH1LcF8YhkudLseKJFoLO2iIFWtFwSqMPmX cipTpBo+1YQGdrf3ugKsBZ+vWZBisEI6F5pTGHUrAEO3phYXQxfP6GEoVGQj7aIB ........ ..... qUzoqQKBgBjIJakrJfoFGySAOImIxjQDD0sv3ZTc85WtFeFyRvQxewdPQDS8NvZo 6pyhYJRSGSgaL+xzEwg3D1ofQinkYw1jVYUzldBZESMOslmEuOzYbpImnY3yxLOG Yo0j49637Chn8BMVnrlELUWWf6YHOrXmwHT6nu71WmbqFBzbmsv8 -----END RSA PRIVATE KEY----- or using WinSCP download the above file and use the option to load from your windows/mac client HTH ... View more

@huzaira bashir Here they are ... View more

@Kunal Kumar Can you share your /etc/hosts files? To me it seems this is the first host in the cluster, what is your cluster name? ... View more

@harish Create the test user principal Let's try this out as root create user at OS level # useradd test Set password # passwd test evoke the kdc admin CLI, run these commands from /etc/security/keytabs # kadmin.local .. kadmin.local: addprinc test@RXPERF.HDP.XX.COM Quit kadmin Kadmin.local: q Extract/Generate the keytab The extracting the keytab is done in the ktutil shell cmd a continuation from the previous step the keytab name and principal is an explicit input it’s usually good if it matches the user for easy identification. This will extract the keytab in the current directory i.e /etc/security/keytabs/ you can later move it to the user’s home directory or the /tmp directory #sudo ktutil ktutil : addent –password –p test@RXPERF.HDP.XX.COM -k 1 -e RC4-HMAC Password for test@RXPERF.HDP.XX.COM : ktutil : wkt test.keytab ktutil : q Now to validate the above steps run as the user test $ klist -kt /etc/security/keytabs/test.keytab The output should look like Keytab name: FILE:/etc/security/keytabs/test.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 01/07/19 22:25:31 test@RXPERF.HDP.XX.COM (des3-cbc-sha1) 1 01/07/19 22:25:31 test@RXPERF.HDP.XX.COM (aes128-cts-hmac-sha1-96) 1 01/07/19 22:25:31 test@RXPERF.HDP.XX.COM (arcfour-hmac) 1 01/07/19 22:25:31 test@RXPERF.HDP.XX.COM (des-cbc-md5) 1 01/07/19 22:25:31 test@RXPERF.HDP.XX.COM (aes256-cts-hmac-sha1-96) Now grab a ticket using as test user format kinit -kt $keytab $principal $ kinit -kt /etc/security/keytabs/test.keytab test@RXPERF.HDP.XX.COM Check for ticket Klist Let me know if that works ... View more

@harish Can you share with me exactly how you created the new principal and keytab? I would like to see the syntax remember to garble sensitive info. Also remember to add a new entry in the cron kprop to also propagate the newly create principal in the slave KDC database to the Primary so in case you switch back everything is in sync !! ... View more

@harish Was the creation successful without errors? If so can you list the principals in the slave KDC On the slave # kadmin.local kadmin: listprincs Is your slave KDC also in the krb5.conf? In the format. [realms] EXAMPLE.COM = { ... kdc = kdc1.example.com kdc = kdc2.example.com ... } Because multiple KDCs may exist for an installation (failover, high availability, etc, Ambari should allow a user to specify multiple KDC hosts to be set while enabling Kerberos and updating the Kerberos service's configuration. This should be done by allowing kerberos-env/kdc_host to accept a (comma-)delimited list of hosts and then parsing that list properly when building the krb5.conf file where each kdc_host item generates an entry in the relevant realm block kerberos-env And in Ambari your kerberos.env should have an entry the { ... "kdc_hosts" : "kdc1.example.com, kdc2.example.com" ... } Some Ambari KDC documentation To backup a KDC database to a file, use krb5_util_dump. # kdb5_util dump kdcfile To restore the KDC database from the dump file created in the above step, do the following: # kdb5_util load kdcfile Please revert ... View more

@choppadandi vamshi krishna After successfully running the --mpack you will need to go to the bottom left of the Ambari UI and click on Stack and Version, for illustration see the attached screenshot. Nifi and Nifi Registry should be available for installation. You should be able to proceed with the nifi setup and choose whether you want it clustered or a single node. In my example, I added a 6 node cluster to an existing HDP cluster. Follow the screen flow at the end of the installation and restart of the nifi services you should see all the Nifi node in your Ambari UI. I would advise you don't install the Certificate authority which will mean all login will be anonymous. Setting the Certificates needs access to the AD or creating the first Admin user who is the Nif superuser to create and grant privileges in Nifi HTH ... View more

@huzaira bashir Can you share the corresponding to my screenshots photo5 and 6 , I built a VM to test your case and documented all the steps over the weekend and I am surprised it can't work for you. Is Java Cryptography Extension (JCE) installed, check the syntax below please adjust your jdk_home accordingly # zipgrep CryptoAllPermission /usr/jdk64/jdk1.8.0_112/jre/lib/security/local_policy.jar The desired output should be default_local.policy: permission javax.crypto.CryptoAllPermission; ... View more