Member since
09-10-2015
95
Posts
166
Kudos Received
34
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1374 | 11-04-2016 04:56 PM | |
1131 | 10-21-2016 07:13 PM | |
2285 | 03-09-2016 07:00 PM | |
2641 | 01-28-2016 12:27 AM | |
1428 | 12-10-2015 03:09 PM |
10-29-2015
03:08 AM
1 Kudo
@rgarcia@hortonworks.com - that error code and 52e indicate that the bind credentials that you have given Ambari are no longer valid. We're trying to authenticate ourselves to AD to do a search, and we use the Manager DN and password for that authentication. I would re-check those credentials and if necessary update the Ambari Server with the credentials by editing the configuration, or re-running ambari-server setup-ldap with the updated credentials.
... View more
10-26-2015
04:57 PM
2 Kudos
Hey @sraghavan@hortonworks.com there is no plans to date to productize this practice, but it does seem like something that customers could do for their masters in situations where they want to easily be able to replace or move physical hosts and may be best dealt with as a run book addition or practice that can be documented with pro's/con's.
... View more
10-26-2015
03:19 PM
2 Kudos
Hey Guys - just trying to summarize so we can wrap this thread up: Passwordless SSH access is only required if you want to automatically install and bootstrap the Ambari Agent using the Ambari UI. It is not needed if Ambari Agents are manually installed. The manual installation of the Ambari Agent is documented here as @mahadev@hortonworks.com pointed out: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_ambari_reference_guide/content/ch_amb_ref_installing_ambari_agents_manually.html During the manual installation you will place the ambari.repo as part of the Ambari Agent installation and all other repo's will be deployed as necessary during the installation wizard automatically.
... View more
10-22-2015
01:56 PM
2 Kudos
I would suggest installing SmartSense, as we have specific recommendations on optimal memory configurations for YARN, MR2, and others.
... View more
10-21-2015
03:46 PM
1 Kudo
I'll work on getting this and the password creation methods into the docs ASAP.
... View more
10-21-2015
02:35 PM
1 Kudo
Each can be altered independently in the Attribute Template: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_customizing_the_attribute_template.html When you run through the wizard you'll see the template and the CN, and sAMAccountName and where you have the opportunity to prepend, append, alter their values.
... View more
10-21-2015
02:32 PM
1 Kudo
@terry@hortonworks.com this principal is created during the kerberos client test in the AD wizard. You can tell by the naming structure: {{cluster name}}-{{month}}{{day}}{{year}}. This is create by Ambari to test that a.) we can create principals, and b.) we can use them to successfully authenticate from a client. I would remove this entity from the OU, double-check that the time is correct on the AmbariServer and re-try running through the wizard.
... View more
10-21-2015
02:19 PM
5 Kudos
Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation. Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD. Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.
... View more
10-21-2015
02:01 PM
1 Kudo
@hkropp - if you're talking about automatically prefixing all AD kerberos principal names that are created, it is possible. http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_launching_the_kerberos_wizard_automated_setup.html See 4.2.5.1g for some description on how specific LDAP attributes can be modified on creation for each of the principals (if necessary), and 4.2.1.8 on our default prefix which is the name of the cluster.
... View more
10-20-2015
05:39 PM
1 Kudo
We'll be adding this information to the documentation for the Kerberos Wizard very soon: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_launching_the_kerberos_wizard_automated_setup.html It's important to note that these principal password are note permanently persisted within Ambari. They are only used to populate the AD password fields, and generate the appropriate key tabs.
... View more