Member since
02-22-2024
23
Posts
11
Kudos Received
0
Solutions
09-16-2024
07:11 PM
Hi Everyone, How do you run NIFI - Ambari as root user ?
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache NiFi
07-22-2024
06:03 PM
Thanks for the reply @shubham_sharma, I'm not using AD account just kerberos
... View more
07-21-2024
05:39 PM
Thanks @shubham_sharma for the reply, I checked keytabs please see below root@master:~# kinit rm/master.hadoop.com
Password for rm/master.hadoop.com@EXAMPLE.COM:
root@master:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: rm/master.hadoop.com@EXAMPLE.COM
Valid starting Expires Service principal
07/22/2024 00:32:44 07/22/2024 10:32:44 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 07/23/2024 00:32:40, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 still the error, please advices
... View more
07-18-2024
09:11 PM
1 Kudo
Hai, everyone My principal KVNO is different from each other principals like this root@master:~# kvno hdfs-hadoop@EXAMPLE.COM kvno nn/master.hadoop.com@EXAMPLE.COM
hdfs-hadoop@EXAMPLE.COM: kvno = 3
kvno: Server kvno@EXAMPLE.COM not found in Kerberos database while getting credentials for kvno@EXAMPLE.COM
nn/master.hadoop.com@EXAMPLE.COM: kvno = 2 Can the kvno be different from each other's principals?
... View more
Labels:
- Labels:
-
Kerberos
07-17-2024
09:17 PM
1 Kudo
Hey everyone, after enabling Kerberos resource manager can't run, this log after try run resource manager. please Advice File "/usr/lib/ambari-agent/lib/resource_management/libraries/providers/hdfs_resource.py", line 295, in _run_command
raise WebHDFSCallException(err_msg, result_dict)
resource_management.libraries.providers.hdfs_resource.WebHDFSCallException: Execution of 'curl -sS -L -w '%{http_code}' -X GET -d '' -H 'Content-Length: 0' --negotiate -u : 'http://master.hadoop.com:50070/webhdfs/v1/services/sync/yarn-ats?op=GETFILESTATUS'' returned status_code=403.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96)</title>
</head>
<body><h2>HTTP ERROR 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96)</h2>
<table>
<tr><th>URI:</th><td>/webhdfs/v1/services/sync/yarn-ats</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96)</td></tr>
<tr><th>SERVLET:</th><td>com.sun.jersey.spi.container.servlet.ServletContainer-6f19ac19</td></tr>
</table>
</body>
</html> for additional informations /etc/krb5.conf [libdefaults]
# renew_lifetime = 7d
forwardable = true
default_realm = EXAMPLE.COM
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
# default_tgs_enctypes = aes256-cts
# default_tkt_enctypes = aes256-cts
#permitted_enctypes = aes256-cts
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
[domain_realm]
example.com = EXAMPLE.COM
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
EXAMPLE.COM = {
master_kdc = master1.hadoop.com
admin_server = master1.hadoop.com
kdc = master1.hadoop.com
}
... View more
Labels:
- Labels:
-
Kerberos
06-11-2024
08:38 PM
1 Kudo
Hi Everyone can help me please, I started NodeManager via ambari but showing an error like below Skipping unlimited key JCE policy check and setup since the Java VM is not managed by Ambari
... View more
Labels:
- Labels:
-
Apache Ambari
06-11-2024
06:53 PM
Everyone, can help me How to create keytab krb5.keytab in kerberos ? when I list keytab use " klist -k" show error like below root@master1:~# klist -k Keytab name: FILE:/etc/krb5.keytab klist: Key table file '/etc/krb5.keytab' not found while starting keytab scan
... View more
Labels:
- Labels:
-
Kerberos
06-11-2024
12:56 AM
I tried command kinit to make sure the password is correct, but message kinit is " password incorrect while getting initial credential" like below root@master1:~# kinit nm/slave1.hadoop.com@HADOOP.COM
Password for nm/slave1.hadoop.com@HADOOP.COM:
kinit: Password incorrect while getting initial credentials What should recreate principal/change the password ? Please give me suggestion, I'm sure the password is correct
... View more
06-10-2024
09:19 PM
Thks @Scharan the repply Yes, I can like below root@slave1:~# klist -kt /etc/security/keytabs/nm.service.keytab
Keytab name: FILE:/etc/security/keytabs/nm.service.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 06/11/2024 11:05:54 nm/slave1.hadoop.com@HADOOP.COM
2 06/11/2024 11:05:54 nm/slave1.hadoop.com@HADOOP.COM
root@slave1:~#
... View more
06-10-2024
07:47 PM
1 Kudo
Hi Everyone can help me, I'm strat NodeManger in ambari but show error "failure to login: for principal: nm/slave1.hadoop.com@HADOOP.COM from keytab /etc/security/keytabs/nm.service.keytab" for detail like below 2024-06-11 09:30:28,202 INFO impl.MetricsSystemImpl (MetricsSystemImpl.java:shutdown(611)) - NodeManager metrics system shutdown complete.
2024-06-11 09:30:28,202 ERROR nodemanager.NodeManager (NodeManager.java:initAndStartNodeManager(965)) - Error starting NodeManager
org.apache.hadoop.yarn.exceptions.YarnRuntimeException: Failed NodeManager login
at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:488)
at org.apache.hadoop.service.AbstractService.init(AbstractService.java:164)
at org.apache.hadoop.yarn.server.nodemanager.NodeManager.initAndStartNodeManager(NodeManager.java:962)
at org.apache.hadoop.yarn.server.nodemanager.NodeManager.main(NodeManager.java:1042)
Caused by: org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: nm/slave1.hadoop.com@HADOOP.COM from keytab /etc/security/keytabs/nm.service.keytab javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:2012)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1365)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1125)
at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:324)
at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:288)
at org.apache.hadoop.yarn.server.nodemanager.NodeManager.doSecureLogin(NodeManager.java:295)
at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:486)
... 3 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:903)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:2091)
at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:2001)
... 9 more
2024-06-11 09:30:28,204 INFO nodemanager.NodeManager (LogAdapter.java:info(51)) - SHUTDOWN_MSG: any suggestions?
... View more
Labels:
- Labels:
-
Apache YARN
-
Kerberos