Member since
09-18-2015
216
Posts
208
Kudos Received
49
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1067 | 09-13-2017 06:04 AM | |
2144 | 06-27-2017 06:31 PM | |
2068 | 06-27-2017 06:27 PM | |
9009 | 11-04-2016 08:02 PM | |
9227 | 05-25-2016 03:42 PM |
11-07-2015
02:10 AM
3 Kudos
@hrongali@hortonworks.com I recently did the same. Below are quick notes and pointers to do that. To use existing the Centrify Active Directory to configure security on an HDP cluster, please refer the the following document reference below covering the Centrify configuration to work with a Hortonwork environment. Centrify for Hortonworks (Ambari 2.x) Centrify for Hortonworks (Ambari 1.x) Note: To enable Centrify to work correctly with Hortonworks, please make the following changes. (A few notes captured from earlier engagements including some gotchas) 1. Add ksh link (other wise AD profiles with ksh will fail login) ln -s /bin/ksh93 /usr/bin/ksh 2. Edit /etc/krb5.conf file with these settings: Forwarding=true Renew=7d 3. Remove HTTP principle from SPN attribute of compute object in Active Directory:
1. On each node: a. Edit /etc/centrifydc/centrifydc.conf and on line 1092, delete the "# " from the front of line and remove "http" from the list so that it looks like this:
adclient.krb5.service.principals: ftp cifs nfs Changed by (remove nfs also) @Ancil McBarnett
adclient.krb5.service.principals: ftp cifs
b. Save the file and restart the Centrify Agent.
adreload
service centrifydc restart
2. In Active Directory Users and Computers,do a ADSI Edit (Active Directory® Service Interfaces Editor (ADSI Edit) ) then navigate to the container where the computer objects for the cluster's nodes have been created. 3. In each computer object, remove the HTTP principal from SPN attribute. 4. Make sure you have AD account existing for Ambari server if you want to use non-root user existing in AD for Ambari Server. To configure Ambari
for a non-root based user, please refer to the following link. http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_configuring_ambari_for_non-root.html Note: Add ulimit
command to the list of sudo commands besides those mentioned in Hortonworks
documents as Ambari tries to modify ulimits during the HDP services installation
using an Ambari user, otherwise it just keeps complaining about the same. 5. For customizing or using services users from AD, make sure all accounts are already created in AD. Make sure all machines are added to AD. And as @Neeraj mentioned in above answer, Use the Skip Group Modifications option to not modify the Linux users/groups in the cluster. Choosing this option is typically required if your environment manages groups using LDAP and not on the local Linux machines or already existing ones. 6. Make sure to change all the user's (Users for Ambari and HDP services) password policy in Active Directory from "User must change password at next logon" to "Password never expires" 7. Then refer to the following site to setup Kerberos in an HDP
Cluster. http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/ch_configuring_amb_hdp_for_kerberos.html Note: Ensure Unlimited JCE policy is installed if using Oracle JDK else Test KD connection will fail on Enable Kerberos Wizard. Reach out to me for any further detail.
... View more
11-04-2015
05:36 PM
@Artem Ervits So you mean, you want output of query i.e. "Select * from emp where dept_id=10"?
... View more
10-29-2015
09:35 PM
It looks like from - https://issues.apache.org/jira/browse/MAPREDUCE-5649, that this BUG is fixed in Hadoop2.6.1 but HDP2.2.6 has Hadoop2.6.0. So need confirmation before I respond to the customer.
... View more
Labels:
- Labels:
-
Apache Hadoop
-
Apache YARN
10-21-2015
09:13 PM
@afernandez@hortonworks.com Its HDP stack: HDP2.3.2, Ambari2.1.2 fresh install. Ambari is running with non-root user. /var/lib/ambari-agent/tmp has ownership 777 root:root Operation I am performing to setup HDP cluster and it fails with issues during services install - Ambari cluster install wizard Step9.
... View more
10-04-2015
11:35 AM
1 Kudo
Removed customer name.
... View more
10-04-2015
11:34 AM
1 Kudo
@vwunnava@hortonworks.com Please avoid putting customer names here as this is public facing forum. editing your question for the same.
... View more
10-04-2015
11:00 AM
1 Kudo
@rxu@hortonworks.com these values are stored in /etc/hbase/conf/hbase-env.sh, I would strongly recommend changing these values from Ambari. Below is reference doc for the same. http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Sys_Admin_Guides/content/ref-db219cd6-c586-49c1-bc56-c9c1c5475276.1.html
... View more
10-04-2015
10:30 AM
1 Kudo
I would strongly recommend customers to involve Oracle DBA for this.
... View more