Hi Kuldeep. I actually did a restore from the backup and was able to preserve the cluster this way. I will keep the information you sent me in case I have a similar problem moving forward. Thanks, ... View more

Hi Olivier, Is this approach considered an in place upgrade of the OS? We need to upgrade to RHEL7 from RHEL6 and our system team doesn't use any configuration management tools to do an in place upgrade. It sounds like the systems/hosts in the cluster will be wiped to do the OS upgrade. Do you have any information on how to do this and preserve the Hadoop data disks? We also need to upgrade from HDP 2.5.3 to 2.6.0 and our cluster is kerberized. What's the best approach for us to take in upgrading the OS and HDP simultaneously? ... View more

I will try this on next week and let you know the results. Thanks, Debra, ... View more

These are the errors in thrift server logs: Caused by: org.apache.thrift.transport.TTransportException: Invalid status 80 at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232) at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:184) at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) ... 5 more ... View more

Hi Edgar, I'm having the same problem you had previously but even after entering HTTP/_HOST@myrealm it's still not working in a kerberos environment. Below are my settings: hbase.thrift.support.proxyuser=true hbase.thrift.security.qop=auth hbase.thrift.keytab.file=/etc/security/keytabs/hbase.service.key hbase.thrift.kerberos.principal=HTTP/_HOST@myrealm hbase.regionserver.thrift.http=true ... View more

I forgot to state that I have the hue user set up to impersonate/proxy in the core-site file as well. ... View more

Hi - We have a kerberized cluster HDP 2.5.3 and I have followed your instructions to the T and while I have no problems with Hive, Job Browser, & File Browser in HUE, I continue to get this error when trying to access HBASE tables in HUE: Api Error: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) ... View more

Hi Geoffrey, Is this the same for creating headless keytabs/principals? We are able to create keytabs with host attributes, the issue is using the same service name to create a headless account. Does the article you pointed to address this? Thanks, ... View more

Hi Umair, Our AD team created a headless keytab without HOST attribute and the keytab with same service account name with HOST attribute broke and the headless keytab doesn't work. What is the appropriate syntax for creating headless keytabs in AD? We created it as follows: C:\Users\adminname>ktpass /princ serviceaccountname@domain.com /pass securepassword /mapuser serviceaccountname /pType KRB5_NT_PRINCIPA L /out serviceaccountname_headless.keytab Targeting domain controller: hostname.domain.com Failed to set property 'servicePrincipalName' to 'serviceaccountname' on Dn 'CN=serviceaccountname,OU=Hadoop,OU=Secure,OU=Secure,OU=Secure,DC=domain,DC=com': 0x13. WARNING: Unable to set SPN mapping data. If serviceaccountname already has an SPN mapping installed for serviceaccountname, this is no cause for concern. Password successfully set! Key created. Output keytab to serviceaccountname_headless.keytab: Keytab version: 0x502 keysize 57 serviceaccountname@domain.com ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x17 (RC4-HMAC) keylength 16 (A000000000000000000) This is the error received when kiniting the headless keytab: Keytab contains no suitable keys for serviceaccountname@domain.com while getting initial credentials. ... View more