Cloudera Community
rlevas
user rank
Guru

Re: I tried to install kerberos in the hadoop clus...

by Contributor in Support Questions
‎11-05-2017 08:52 AM
‎11-05-2017 08:52 AM
@Kuldeep Kulkarni, Hi, I have tried the same. Even after installing the kerberos client Manuallly, I get the same error. not sure, why the Test Kerberos client fails, I need to skip that and go to second page. * All the hosts got the Kerberos client installed. Kerberos Clients 3 Kerberos Clients Installed 1.jpg ... View more

Re: LDAPS connection failure while using Ambari Ke...

by Explorer in Support Questions
‎04-08-2016 05:38 PM
‎04-08-2016 05:38 PM
Many thanks, I've changed the port and the connection test is passing. ... View more

Re: zkCli cannot execute in a Kerberos cluster - z...

by Contributor in Support Questions
‎08-08-2019 08:14 AM
‎08-08-2019 08:14 AM
Hello Satish, this error is not related to the procedure you followed, you need to kinit as kafka's user. ... View more

Re: Server Error when attempting to setup Kerberos

by Rising Star in Support Questions
‎02-24-2016 11:39 PM
2 Kudos
‎02-24-2016 11:39 PM
2 Kudos
I was able to work around my issue by explicitly setting my hostname in /etc/hosts in addition to hostnamectl. I think when Ambari constructs the Kerberos principals it is using the hostname that would resolve for the IP address that's assigned to my box. Using the output from hostname -A lead me to a solution in addition to this snippet in Ambari Agent's log file: java.io.IOException: Login failure for dn/host-192-168-114-49.td.local@<REDACTED KERBEROS REALM> from keytab /etc/security/keytabs/dn.service.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user Notice the hostname is thought to be host-192-168-114-49.td.local however in hostnamectl it's set to dev09-ost-hivetest-h-hb02.td.local. These being out of sync was ultimately my issue. I created this Jira in the Ambari project about this as well: https://issues.apache.org/jira/browse/AMBARI-15165 ... View more

Re: Where is "Regenerate kerberos" button ?

by Explorer in Support Questions
‎02-04-2016 10:48 AM
1 Kudo
‎02-04-2016 10:48 AM
1 Kudo
Many thanks. The button is back ! ... View more

Re: Ambari REST API request not appearing in "Back...

by Guru Guru in Support Questions
‎01-12-2016 10:09 PM
2 Kudos
‎01-12-2016 10:09 PM
2 Kudos
Note that the requests don't work if the service is in maintenance mode. So to be safe, I usually disable it before interacting with the service via API. This worked for me. Change the exported variables accordingly for your setup export SERVICE=HDFS export PASSWORD=admin export AMBARI_HOST=localhost export CLUSTER=Sandbox #get status curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X GET http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE #disable maintenance mode curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Remove HDFS from maintenance mode"}, "Body": {"ServiceInfo": {"maintenance_state": "OFF"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/HDFS #stop service curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Stop $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "INSTALLED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE #start service curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Start $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "STARTED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE ... View more

Re: Services failing to restart after kerberizing ...

by Guru in Support Questions
‎12-11-2015 07:46 PM
‎12-11-2015 07:46 PM
Was Kerberos enabled using Ambari's automation, or was this done manually? ... View more

Re: Accessing HDP web UI from Windows PC causes "G...

by Rising Star in Support Questions
‎09-05-2017 03:39 PM
‎09-05-2017 03:39 PM
thanks for suggesting. Created a new thread https://community.hortonworks.com/questions/135805/accessing-hdp-web-ui-from-windows-pc-causes-gsshea-1.html ... View more

Re: Kerberos local KDC - Error 401 Authentication ...

by Guru in Support Questions
‎11-01-2015 02:41 PM
‎11-01-2015 02:41 PM
This is an authentication error that occurs when an HTTP request lacks a Kerberos ticket while the server requires it. So some service is not properly configured or a kinit is failing prior to executing this webhdfs call. The service that is failing needs to be identified. Then you need to take a look at how it is configured and make sure a kinit can be successfully executed (manually) using the relevant Kerberos principal and keytab file. The kinit may fail because the keytab file is out of sync with the KDC or the service is misconfigured to use an incorrect principal name or keytab file. ... View more

Re: Why is kinit with a headless keytab failing?

by Guru in Support Questions
‎10-29-2015 08:38 PM
3 Kudos
‎10-29-2015 08:38 PM
3 Kudos
Hi Terry, in a secured cluster you have two types of keytabs or principals. Headless and Service principals. Headless principals are not bound to a specific host or node, they have the syntax: <service_name>-<clustername>@EXAMPLE.COM Service princiapsl are bound to a specific service and host or node, they have the syntax: <service-name>/<hostname>@EXAMPLE.COM For Example: Headless: hdfs-mycluster@EXAMPLE.COM Service: nn/c6601.ambari.apache.org@EXAMPLE.COM Here is some more info https://docs.oracle.com/cd/E21455_01/common/tutorials/kerberos_principal.html Make sure you use the right principal when you use kinit, you can see the principals of a keytab with klist -k <keytab file> ... View more
Contact Me
Online
Offline
Last Visited
‎08-09-2019 12:22 AM
Community Statistics
Member Since ‎09-29-2015 12:39 AM
Last Visited ‎08-09-2019 12:22 AM
Posts 362
Kudos received 242