Hi, after further investigation in the cloudbreak logs and ambari it seems that the issue doesn't relate to the recipe (not sure why the UI says recipe failed). I have pinpointed the issue to setup-ldap which suggests it has something to do with the ad authentication configuration. Again this configuration works on 2.6 but fails with 3.0. I don't have access to the logs at the moment as this cluster has been terminated, but will try to run another test over the next couple of days. ... View more

I have manually connected the hosts to the domain and apart from a strange Atlas issue (not recognizing that a user is part of an ad group) all is working well. My issue now is how can I accomplish this with cloudbreak so that I can maintain scale up and down capability? ... View more

Hi Chiran, thanks for your response. I figured this may be the issue. What would be the best way for me to accomplish this with cloudbreak. As far as I can tell SSSD isnt working as no domain joining has happened. ... View more

Just figured it out. I had previously filled in the basic section and it seems to conflict if you dont clear it when moving to the advanced configuration. I have cleared basic and the configuration has started. Thank you for your help and very prompt responses 🙂 ... View more

Just added those and getting "Kerberos configuration contains inconsistent parameters" ... View more

I have tried the following in a few different ways. Removing the kerberos-env and just using properties. I have also tried getting the kerberos-descriptor from the api and using that. I get the message "The descriptor must be a valid JSON with the required fields Kerberos configuration contains inconsistent parameters" with the below code. { "kerberos-env":{ "properties" : { "password_min_uppercase_letters" : "1", "password_min_whitespace" : "0", "password_min_punctuation" : "1", "manage_auth_to_local" : "true", "password_min_digits" : "1", "set_password_expiry" : "false", "encryption_types" : "aes des3-cbc-sha1 rc4 des-cbc-md5", "kdc_create_attributes" : "", "create_ambari_principal" : "true", "password_min_lowercase_letters" : "1", "password_length" : "20", "case_insensitive_username_rules" : "true", "manage_identities" : "true", "password_chat_timeout" : "5", "ad_create_attributes_template" : "\n{\n \"objectClass\": [\"top\", \"person\", \"organizationalPerson\", \"user\"],\n \"cn\": \"$principal_digest_256\",\n #if( $is_service )\n \"servicePrincipalName\": \"$principal_name\",\n #end\n \"userPrincipalName\": \"$normalized_principal\",\n \"unicodePwd\": \"$password\",\n \"accountExpires\": \"0\",\n \"userAccountControl\": \"66048\"\n}", "preconfigure_services" : "DEFAULT", "install_packages" : "true", "ldap_url" : "ldaps://system.example.com:636", "executable_search_paths" : "/usr/bin, /usr/kerberos/bin, /usr/sbin, /usr/lib/mit/bin, /usr/lib/mit/sbin", "group" : "ambari-managed-principals", "kdc_type": "active-directory" } } } ... View more

I am having the same issue with a kerberized cluster created through cloudbreak 2.7. Did you manage to find a workaround the fqdn length? ... View more

I'm having this same problem. I recently move our cluster to Ubuntu. When using the previous Centos it was working fine. I have tried the case conversion options with no luck. I can however access everything if I add the user to ranger and not the group. ... View more

Oh ok, I must have misread the documentation. So when setting up tag security I have to manually create each tag? ... View more