khjomaa
New Contributor
My Accepted Solutions
Show All

Re: Cloudera 5.16.1 Kerberos Import Credentials Sc...

by New Contributor in Support Questions
‎03-11-2020 10:09 AM
‎03-11-2020 10:09 AM
Hi, Thanks for your reply. After investigating the issue I found that command (ldapsearch) failed because user cloudera-scm does not have the proper permissions. So as a work around I added sudo before ldap commands in the following scripts:   /usr/share/cmf/bin/import_credentials.sh /usr/share/cmf/bin/gen_credentials_ad.sh   and then everything worked fine.    ... View more

Cloudera 5.16.1 Kerberos Import Credentials Script...

by New Contributor in Support Questions
‎03-05-2020 02:25 AM
‎03-05-2020 02:25 AM
Hi,   I'm running Cloudera 5.16.1 on CentOS 7 and OpenJDK8 I enabled TLS/SSL on the Cloudera Manager (level 1 - level3) with Self-Signed certificate and then moved to enable Kerberos with AD. I followed the docs but enabling Kerberos is failing when trying to import credentials.   /usr/share/cmf/bin/import_credentials.sh failed with exit code 1 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf1018223695564634823.keytab + USER=cdhadmin@<XXXXX>.COM + PASSWD=REDACTED + KVNO=1 + SLEEP=0 + RHEL_FILE=/etc/redhat-release + '[' -f /etc/redhat-release ']' + set +e + grep Tikanga /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'CentOS release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 0 -eq 0 ']' + grep 'Scientific Linux release 5' /etc/redhat-release + '[' 1 -eq 0 ']' + set -e + '[' -z /var/run/cloudera-scm-server/krb51430682016564011407.conf ']' + echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb51430682016564011407.conf'\'', contents below:' + cat /var/run/cloudera-scm-server/krb51430682016564011407.conf + IFS=' ' + read -a ENC_ARR + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p cdhadmin@<XXXXX>.COM -k 1 -e rc4-hmac' + ktutil + '[' 0 -eq 1 ']' + echo REDACTED + echo 'wkt /var/run/cloudera-scm-server/cmf1018223695564634823.keytab' + chmod 600 /var/run/cloudera-scm-server/cmf1018223695564634823.keytab + kinit -k -t /var/run/cloudera-scm-server/cmf1018223695564634823.keytab cdhadmin@<XXXXX>.COM + '[' true '!=' true ']' ++ mktemp /tmp/cm_ldap.XXXXXXXX + LDAP_CONF=/tmp/cm_ldap.lZPuleq0 + echo 'TLS_REQCERT never' + echo 'sasl_secprops minssf=0,maxssf=0' + export LDAPCONF=/tmp/cm_ldap.lZPuleq0 + LDAPCONF=/tmp/cm_ldap.lZPuleq0 + set +e + ldapsearch -LLL -H ldaps://<xxxxx>.<xxxxx>.com:636 -b OU=cdh-kerberos,OU=CDH,DC=<xxxxx>,DC=com userPrincipalName=cdhadmin@<XXXXX>.COM ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) + '[' 255 -ne 0 ']' + echo 'ldapsearch did not work with SASL authentication. Trying with simple authentication' + ldapsearch -LLL -H ldaps://<xxxxx>.<xxxxx>.com:636 -b OU=cdh-kerberos,OU=CDH,DC=<xxxxx>,DC=com -x -D cdhadmin@<XXXXX>.COM -w REDACTED userPrincipalName=cdhadmin@<XXXXX>.COM ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) + '[' 255 -ne 0 ']' + echo 'Failed to do ldapsearch.' + echo 'Please make sure Active Directory configuration is correctly specified and LDAP over SSL is enabled.' + exit 1     I verified that  LDAPS is enabled for Active Directory and verified all settings again but could not solve the issue.   I ran the below command manually on the cloudera server and it worked fine (got output):   ldapsearch -LLL -H ldaps://<xxxxx>.<xxxxx>.com:636 -b OU=cdh-kerberos,OU=CDH,DC=<xxxxx>,DC=com -x -D cdhadmin@<XXXXX>.COM -w <PASSWORD>     One thing I should mention is that I did not edit the krb5.conf file and checked the box Manage krb5.conf through Cloudera Manager in the settings.   Please assist / advise. ... View more
Labels:

Re: Upgrading HDFS namenode servers to CentOS 7 wh...

by New Contributor in Support Questions
‎03-05-2020 01:59 AM
‎03-05-2020 01:59 AM
Hi,   Thanks for your response and sorry for the delayed answer. Your solution did not solve the issue because of the infrastructure our cloudera is installed on it. But we managed to solve it by backing up the needed folders, recreating the servers with same hostname & IP address but with newer OS and then we restored the folders and everything worked fine.   ... View more

Upgrading HDFS namenode servers to CentOS 7 while ...

by New Contributor in Support Questions
‎11-04-2019 02:19 AM
‎11-04-2019 02:19 AM
Hi,   I have Cloudera 5.16.1 with HA enabled for HDFS. I want to upgrade OS on both NameNode servers (Active & Standby) to CentOS 7 and keep all settings. What's the correct way to do it ? I tried the following: 1. Backed up jn & nn folders in both NameNode servers along with other few folders 2. Stopped all services in the cluster 3. Deleted standby NameNode server from cluster and from cloudera manager 4. Reinstalled the server 5. Added server back to cluster 6. Restored files 7. Started services back But, it failed to re-enable the HA again.   Please assist / advise  ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎03-16-2020 11:27 AM
Public Statistics
Date Registered ‎11-04-2019 02:21 AM
Last Visited ‎03-16-2020 11:27 AM
Total Messages Posted 4