Member since
07-22-2019
3
Posts
0
Kudos Received
0
Solutions
07-22-2019
09:00 PM
I am following this document https://kylo.readthedocs.io/en/v0.9.1/security/KerberosNiFiConfiguration.html kadmin.local Authenticating as principal root/admin@EC2.INTERNAL with password. kadmin.local: addprinc -randkey nifi@TESTAD.LOCAL klist -kte /etc/security/keytabs/nifi.headless.keytab Keytab name: FILE:/etc/security/keytabs/nifi.headless.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 07/22/2019 17:50:14 nifi@TESTAD.LOCAL (aes256-cts-hmac-sha1-96) 1 07/22/2019 17:50:14 nifi@TESTAD.LOCAL (aes128-cts-hmac-sha1-96) 1 07/22/2019 17:50:14 nifi@TESTAD.LOCAL (des3-cbc-sha1) Error: # su - nifi $ kinit -kt /etc/security/keytabs/nifi.headless.keytab nifi kinit: Keytab contains no suitable keys for nifi@EC2.INTERNAL while getting initial credentials
... View more
07-22-2019
08:59 PM
Hello, I need some help with configuring nifi and Kylo with kerberos on Cross trust ream. i am able to run hdfs and beelive from my AD testadmin account (after i do the kinit testadmin@TESTAD.LOCAL) on the edge node. I created new keytab file /etc/kylo.keytab and /etc/nifi.keytab with these principals in them. When i try to import a feed i am getting this: java.lang.RuntimeException: java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://10.1.2.130:10000/;principal=hive/ip-10-1-2-130.ec2.internal@EC2.INTERNAL: GSS initiate failed Edge node: ( ip-10-1-2-61) > with Nifi, Activemq, Kylo installed Windows 2012 AD (ip-10-1-2-56.ec2.internal) EMR Cluster: (ip-10-1-2-130) krb5.conf on EMR cluster (ip-10-1-2-130) and same configuration copied to edge nodes & core nodes. [libdefaults]
default_realm = EC2.INTERNAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 1000000
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1
[realms]
EC2.INTERNAL = {
kdc = ip-10-1-2-130.ec2.internal:88
admin_server = ip-10-1-2-130.ec2.internal:749
default_domain = ec2.internal
}
TESTAD.LOCAL = {
kdc = ip-10-1-2-56.ec2.internal
admin_server = ip-10-1-2-56.ec2.internal
default_domain = testad.local
}
[domain_realm]
.ec2.internal = EC2.INTERNAL
ec2.internal = EC2.INTERNAL
.testad.local = TESTAD.LOCAL
testad.local = TESTAD.LOCAL
[logging]
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmin.log
default = FILE:/var/log/kerberos/krb5lib.log kylo keytab:
# klist -ket /etc/kylo.keytab
Keytab name: FILE:/etc/kylo.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 07/22/2019 14:42:59 kylo/ip-10-1-2-130.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:42:59 kylo/ip-10-1-2-130.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:42:59 kylo/ip-10-1-2-130.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:43:12 kylo/ip-10-1-2-192.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:43:12 kylo/ip-10-1-2-192.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:43:12 kylo/ip-10-1-2-192.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:43:24 kylo/ip-10-1-2-54.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:43:24 kylo/ip-10-1-2-54.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:43:24 kylo/ip-10-1-2-54.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:43:34 kylo/ip-10-1-2-61.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:43:34 kylo/ip-10-1-2-61.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:43:34 kylo/ip-10-1-2-61.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:43:43 kylo@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:43:43 kylo@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:43:43 kylo@EC2.INTERNAL (des3-cbc-sha1) keytab file for /etc/nifi.keytab
# klist -ket /etc/nifi.keytab
Keytab name: FILE:/etc/nifi.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 07/22/2019 14:10:05 nifi/ip-10-1-2-130.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:10:05 nifi/ip-10-1-2-130.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:10:05 nifi/ip-10-1-2-130.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:10:15 nifi/ip-10-1-2-192.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:10:15 nifi/ip-10-1-2-192.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:10:15 nifi/ip-10-1-2-192.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:10:42 nifi/ip-10-1-2-54.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:10:42 nifi/ip-10-1-2-54.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:10:42 nifi/ip-10-1-2-54.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:10:52 nifi/ip-10-1-2-61.ec2.internal@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:10:52 nifi/ip-10-1-2-61.ec2.internal@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:10:52 nifi/ip-10-1-2-61.ec2.internal@EC2.INTERNAL (des3-cbc-sha1)
2 07/22/2019 14:15:30 nifi@EC2.INTERNAL (aes256-cts-hmac-sha1-96)
2 07/22/2019 14:15:30 nifi@EC2.INTERNAL (aes128-cts-hmac-sha1-96)
2 07/22/2019 14:15:30 nifi@EC2.INTERNAL (des3-cbc-sha1)
... View more
Labels:
- Labels:
-
Apache NiFi
