Member since
09-29-2015
362
Posts
242
Kudos Received
63
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1262 | 03-14-2019 01:00 PM | |
1503 | 01-23-2019 04:19 PM | |
6981 | 01-15-2019 01:59 PM | |
4293 | 01-15-2019 01:57 PM | |
10037 | 12-06-2018 02:01 PM |
11-05-2017
08:52 AM
@Kuldeep Kulkarni, Hi, I have tried the same. Even after installing the kerberos client Manuallly, I get the same error. not sure, why the Test Kerberos client fails, I need to skip that and go to second page. * All the hosts got the Kerberos client installed. Kerberos Clients 3 Kerberos Clients Installed 1.jpg
... View more
04-08-2016
05:38 PM
Many thanks, I've changed the port and the connection test is passing.
... View more
08-08-2019
08:14 AM
Hello Satish, this error is not related to the procedure you followed, you need to kinit as kafka's user.
... View more
02-24-2016
11:39 PM
2 Kudos
I was able to work around my issue by explicitly setting my hostname in /etc/hosts in addition to hostnamectl. I think when Ambari constructs the Kerberos principals it is using the hostname that would resolve for the IP address that's assigned to my box. Using the output from hostname -A lead me to a solution in addition to this snippet in Ambari Agent's log file: java.io.IOException: Login failure for dn/host-192-168-114-49.td.local@<REDACTED KERBEROS REALM> from keytab /etc/security/keytabs/dn.service.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user Notice the hostname is thought to be host-192-168-114-49.td.local however in hostnamectl it's set to dev09-ost-hivetest-h-hb02.td.local. These being out of sync was ultimately my issue. I created this Jira in the Ambari project about this as well: https://issues.apache.org/jira/browse/AMBARI-15165
... View more
01-12-2016
10:09 PM
2 Kudos
Note that the requests don't work if the service is in maintenance mode. So to be safe, I usually disable it before interacting with the service via API. This worked for me. Change the exported variables accordingly for your setup export SERVICE=HDFS
export PASSWORD=admin
export AMBARI_HOST=localhost
export CLUSTER=Sandbox
#get status
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X GET http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
#disable maintenance mode
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Remove HDFS from maintenance mode"}, "Body": {"ServiceInfo": {"maintenance_state": "OFF"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/HDFS
#stop service
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Stop $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "INSTALLED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
#start service
curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Start $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "STARTED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE
... View more
12-11-2015
07:46 PM
Was Kerberos enabled using Ambari's automation, or was this done manually?
... View more
09-05-2017
03:39 PM
thanks for suggesting. Created a new thread https://community.hortonworks.com/questions/135805/accessing-hdp-web-ui-from-windows-pc-causes-gsshea-1.html
... View more
11-01-2015
02:41 PM
This is an authentication error that occurs when an HTTP request lacks a Kerberos ticket while the server requires it. So some service is not properly configured or a kinit is failing prior to executing this webhdfs call. The service that is failing needs to be identified. Then you need to take a look at how it is configured and make sure a kinit can be successfully executed (manually) using the relevant Kerberos principal and keytab file. The kinit may fail because the keytab file is out of sync with the KDC or the service is misconfigured to use an incorrect principal name or keytab file.
... View more
10-29-2015
08:38 PM
3 Kudos
Hi Terry, in a secured cluster you have two types of keytabs or principals. Headless and Service principals. Headless principals are not bound to a specific host or node, they have the syntax: <service_name>-<clustername>@EXAMPLE.COM Service princiapsl are bound to a specific service and host or node, they have the syntax: <service-name>/<hostname>@EXAMPLE.COM For Example: Headless: hdfs-mycluster@EXAMPLE.COM
Service: nn/c6601.ambari.apache.org@EXAMPLE.COM Here is some more info https://docs.oracle.com/cd/E21455_01/common/tutorials/kerberos_principal.html Make sure you use the right principal when you use kinit, you can see the principals of a keytab with klist -k <keytab file>
... View more
- « Previous
- Next »