Hi,
When i try to 'Generate Missing Credentials' in Cloudera Manager:
CM >Administration>Secuity>Kerberos Credentials , I get the following error
2020-11-20 00:13:31,793 INFO GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: Generating kerberos credentials using custom script /etc/hadoop/conf/keytabgen.sh 2020-11-20 00:13:31,794 INFO GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: Creating credentials for roleId 132 2020-11-20 00:13:31,794 INFO GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: Generating new keytab for spark/clouderadp02.ibm.cloud@IBM.CLOUD 2020-11-20 00:13:31,805 ERROR GenerateCredentials-0:com.cloudera.cmf.security.GenerateCredentialsCommand: unable to create credential for role 132 due to:/etc/hadoop/conf/keytabgen.sh failed with exit code 1 and output of << cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>> 2020-11-20 00:13:36,926 ERROR CommandPusher:com.cloudera.cmf.command.CommandHelpers: GenerateCredentials - Execution error: java.io.IOException: /etc/hadoop/conf/keytabgen.sh failed with exit code 1 and output of << cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>> at com.cloudera.cmf.security.GenerateCredentialsCommand.generateKeytab(GenerateCredentialsCommand.java:404) at com.cloudera.cmf.security.GenerateCredentialsCommand.createKeytab(GenerateCredentialsCommand.java:501) at com.cloudera.cmf.security.GenerateCredentialsCommand.generateMissingKeytabs(GenerateCredentialsCommand.java:250) at com.cloudera.cmf.security.GenerateCredentialsCommand.access$300(GenerateCredentialsCommand.java:62) at com.cloudera.cmf.security.GenerateCredentialsCommand$2$1.run(GenerateCredentialsCommand.java:593) at com.cloudera.cmf.security.GenerateCredentialsCommand$2$1.run(GenerateCredentialsCommand.java:581) at com.cloudera.cmf.security.components.SecurityUtils.runWithGenerateKrb5Conf(SecurityUtils.java:375) at com.cloudera.cmf.security.GenerateCredentialsCommand$2.call(GenerateCredentialsCommand.java:581) at com.cloudera.cmf.security.GenerateCredentialsCommand$2.call(GenerateCredentialsCommand.java:577) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2020-11-20 00:13:36,927 INFO CommandPusher:com.cloudera.cmf.model.DbCommand: Command 2831(GenerateCredentials) has completed. finalstate:FINISHED, success:false, msg:/etc/hadoop/conf/keytabgen.sh failed with exit code 1 and output of << cp: cannot stat ‘/etc/hadoop/conf/keytabs/spark_clouderadp02.ibm.cloud@IBM.CLOUD.keytab’: No such file or directory>>
Not sure what is causing this issue. The '/etc/hadoop/conf/keytabgen.sh' is a very simple script :
#!/bin/bash
# Cloudera Manager will input a destination path
DEST="$1"
# Cloudera Manager will input the principal name in the format: <service>/<fqdn>@REALM
PRINC="$2"
# Assuming the '<service>_<fqdn>@REALM.keytab' naming convention for keytab files
IN=$(echo $PRINC | sed -e 's/\//_/')
src="/etc/hadoop/conf/keytabs/${IN}.keytab"
# Copy the keytab to the destination input by Cloudera Manager
cp -v $SRC $DEST
When i check in /etc/hadoop/conf/keytab path. I find that to be empty.
When i check the principals in the KDC server(listprincs), I see the principals for each every service and user required.
Not sure what is going wrong.
regards,
Haree Krushnan
... View more
