Member since
09-05-2019
23
Posts
1
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2592 | 07-16-2020 05:29 PM |
07-16-2020
05:44 PM
If you need to switch to AD based kerberos from MIT, then the following things need to happen: Get a OU designated for Cloudera Service principals to be created Then get a admin user account such as svc-cloudera@REALM that can create/delete/modify the service accounts in the OU designated for Cloudera, it needs to have full permission on that OU Now go to CM >>Administration >> Security >> Kerberos Credentials >> Configuration and edit the config to make the switch What needs to be changed/added : KDC TYPE Edit the Active Directory Suffix to specify the OU you created for the service accounts Enable this 'Active Directory Delete Accounts on Credential Regeneration' Enable this 'Active Directory Set Encryption Types' Make sure that the setting 'Active Directory Password Properties' satisfies your AD password restriction Kerberos Security Realm needs to be same as your domain but in UPPER CASE KDC Server Host needs to have the AD host. Don't use the load balanced domain controller Then save the changes. Go back to Kerberos Credentials page and click on 'Generate Missing Credentials Make sure that the principals now match the AD REALM and also have the AD team check if the principals appear in the OU allotted for this cluster
... View more
07-16-2020
05:29 PM
When you add the node, there is a script called allkeys.sh will generate a key bundle, it contains the GPG key info and key bundle is called allkeys.asc DEFAULT_CLOUDERA_KEY_BUNDLE_NAME = " allkeys.asc " The key bundle will get the key for each of the flavor, so in your case it is archive.key which is located here : https://archive.cloudera.com/cdh5/ubuntu/lucid/amd64/cdh/archive.key If it is RHEL, then it uses this: https://archive.cloudera.com/cdh5/redhat/7/x86_64/cdh/RPM-GPG-KEY-cloudera Once all these keys are downloaded, it will be signed by the master key. Finally gpg command is used to export the keys to bundle called allkeys gpg --export -a > allkeys So I would check what is the repo that is being used
... View more
07-16-2020
05:03 PM
1 Kudo
@Petch I see that you are getting this error: [09/Jul/2020 23:45:02 +0000] 10401 MainThread agent ERROR Heartbeating to util.localdomain:7182 failed. ConnectionClosedException: Reader read 0 bytes. Usually this error is reported if the CM is looking for the agent to communicate via TLS protocol but the config.ini has this setting 'use_tls' set to 0 Check and change it to use_tls=1 Then restart the agent using the following command : service cloudera-scm-agent restart
... View more