Many thanks, I've changed the port and the connection test is passing. ... View more

Hello Satish, this error is not related to the procedure you followed, you need to kinit as kafka's user. ... View more

@Anant Aneja You probably should have posed this as a question in the form, rather than a comment to this article. It may have gotten answered quicker. The rule you are using will not perform the translation you want. The regular expression syntax to match using case-insensitivity is not supported as you have specified it and the translation will not generate local names with all lower-case characters. The rule you want is more like RULE:[1:$1@$0](.*@FOO.COM)s////L With this rule, the Hadoop UGI class will translate user@FOO.COM to user@foo.com [root@c7401 ~]# hadoop org.apache.hadoop.security.HadoopKerberosName joe_user@FOO.COM 18/08/27 15:57:07 INFO util.KerberosName: Non-simple name joe_user@FOO.COM after auth_to_local rule RULE:[1:$1@$0](.*@FOO.COM)s////L Name: joe_user@FOO.COM to joe_user@foo.com As for the other principal names, they will technically be invalid since the realm name needs to always be in all upper-case characters. user1@FOO.COM - legal user2@foo.com - illegal user3@Foo.com - illegal ... View more

Many thanks. The button is back ! ... View more

Note that the requests don't work if the service is in maintenance mode. So to be safe, I usually disable it before interacting with the service via API. This worked for me. Change the exported variables accordingly for your setup export SERVICE=HDFS export PASSWORD=admin export AMBARI_HOST=localhost export CLUSTER=Sandbox #get status curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X GET http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE #disable maintenance mode curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Remove HDFS from maintenance mode"}, "Body": {"ServiceInfo": {"maintenance_state": "OFF"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/HDFS #stop service curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Stop $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "INSTALLED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE #start service curl -u admin:$PASSWORD -i -H 'X-Requested-By: ambari' -X PUT -d '{"RequestInfo": {"context" :"Start $SERVICE via REST"}, "Body": {"ServiceInfo": {"state": "STARTED"}}}' http://$AMBARI_HOST:8080/api/v1/clusters/$CLUSTER/services/$SERVICE ... View more

Was Kerberos enabled using Ambari's automation, or was this done manually? ... View more

thanks for suggesting. Created a new thread https://community.hortonworks.com/questions/135805/accessing-hdp-web-ui-from-windows-pc-causes-gsshea-1.html ... View more

Hi Terry, in a secured cluster you have two types of keytabs or principals. Headless and Service principals. Headless principals are not bound to a specific host or node, they have the syntax: <service_name>-<clustername>@EXAMPLE.COM Service princiapsl are bound to a specific service and host or node, they have the syntax: <service-name>/<hostname>@EXAMPLE.COM For Example: Headless: hdfs-mycluster@EXAMPLE.COM Service: nn/c6601.ambari.apache.org@EXAMPLE.COM Here is some more info https://docs.oracle.com/cd/E21455_01/common/tutorials/kerberos_principal.html Make sure you use the right principal when you use kinit, you can see the principals of a keytab with klist -k <keytab file> ... View more