Member since
03-10-2014
8
Posts
3
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
7135 | 09-09-2014 03:15 PM |
01-07-2015
03:29 PM
petibonvm, I also had this issue in CDH 5.1.x. My advice would be to upgrade to CM/CDH 5.3 and use Spark on YARN. If that is not currently possible, the following work around is posted in the CM 5.1.x Release Notes: The Spark History Server does not start when Kerberos authentication is enabled. The Spark History Server does not start when managed by a Cloudera Manager 5.1 instance when Kerberos authentication is enabled. Workaround: Go to the Spark service. Expand the History Server Default Group > Advanced category. Add the following configuration to the History Server Environment Advanced Configuration Snippet property: SPARK_HISTORY_OPTS=-Dspark.history.kerberos.enabled=true \
-Dspark.history.kerberos.principal=principal \
-Dspark.history.kerberos.keytab=keytab where principal is the name of the Kerberos principal to use for the History Server, and keytab is the path to the principal's keytab file on the local filesystem of the host running the History Server. Regards, Chad
... View more
11-04-2014
01:39 PM
Please refer to the following page as part of the Kerberos setup: http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_sg_s7_prepare_cluster.html By default, the mapred, hdfs, and bin user accounts are kept from submitting and executing jobs.
... View more
09-09-2014
03:15 PM
3 Kudos
Ignore my previous reply. Hue will no longer be able to authenticate with the Oozie server after making the above changes in a secured cluster. Since I am accessing Cloudera Manager using a browser on a Windows laptop, what I ultimately had to do is configure Kerberos authentication for Windows, as described in Appendix A of the following guide: http://www.cloudera.com/content/cloudera-content/cloudera-docs/Connectors/PDF/Cloudera-ODBC-Driver-for-Impala-Install-Guide.pdf Once I was able to obtain a ticket from the Hadoop cluster's KDC on my Windows laptop, I configured Firefox according to the following: CDH 5 Security Guide - Using a Web Browser to Access a URL Protected by Kerberos HTTP SPNEGO In addition to these instructions, I also had to set network.auth.use-sspi to 'false' for Firefox.
... View more
09-04-2014
10:12 AM
I also ran into this issue on a Kerberos secured CDH5.1 cluster. After making the following changes to the Oozie configuration via Cloudera Manager, I am able to bring the browser up (may not be suitable for production): Property: Oozie Server Advanced Configuration Snippet (Safety Valve) for oozie-site.xml <property> <name>oozie.authentication.type</name> <value>simple</value> </property> <property> <name>oozie.authentication.token.validity</name> <value>36000</value> </property> <property> <name>oozie.authentication.cookie.domain</name> <value>example.com</value> </property>
... View more