You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ambari.apache.org by Chanel Loïc <lo...@worldline.com> on 2015/05/11 16:29:01 UTC
Kadmin installation
Hi All,
As I was tryiing to Kerberize my cluster, I noticed something that seems weird.
Once Ambari has installed a Kerberos Client on the cluster's hosts, it tries to explore the database, but ... The Kerberos client is not deployed on the Ambari cluster. So if a Kerberos client has not been manually installed, the configuration of Kerberos crashes, with a message saying there has been an error while calling Kadmin which does not exist.
Is it normal ? Did I miss something ?
Thanks,
Loïc
--------------------------------------------------------
Loïc CHANEL
Ingénieur stagiaire (TO - XaaS)
+33 (04) 78 17 80 71
desk 220
Bât Le Mirage
53 Avenue Paul Krüger
69624 Villeurbanne Cedex
worldline.com<http://atosworldline.com/>
[cid:image001.gif@01D08C07.0CD88300]
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Worldline liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.
RE: Kadmin installation
Posted by Chanel Loïc <lo...@worldline.com>.
Hi Rob,
Thanks a lot for your answer.
As I encountered other errors while deploying Kerberos that may be linked to the principals, I will try to set the Ambari server as a host handling a component and see how easier it is.
Regards,
Loïc
De : Robert Levas [mailto:rlevas@hortonworks.com]
Envoyé : mercredi 13 mai 2015 19:47
À : user@ambari.apache.org
Objet : Re: Kadmin installation
Hi Loïc,
I am sorry it took so long to get back to you. I didn't see your question until just now.
For now, Ambari needs to be on a host in the cluster. We hope to fix this requirement soon, but at least through Ambari 2.1, this requirement will stand.
So if you have a cluster such that the host that Ambari runs on is not port of the it, there will be several error conditions. For one, the Kerberos client package will not be automatically installed. If you happened to manually install it, then there is an issue scheduling tasks on the Ambari server. Such tasks include generating principals using kadmin (if using the MIT KDC option).
If you add the host that run Ambari to your cluster (before enabling Kerberos), this issues should go away. You might, however, need to set the host to have at least one client component on it for the Kerberos client to be installed on it.
Rob
From: Chanel Loïc <lo...@worldline.com>>
Reply-To: "user@ambari.apache.org<ma...@ambari.apache.org>" <us...@ambari.apache.org>>
Date: Monday, May 11, 2015 at 10:29 AM
To: "user@ambari.apache.org<ma...@ambari.apache.org>" <us...@ambari.apache.org>>
Subject: Kadmin installation
Hi All,
As I was tryiing to Kerberize my cluster, I noticed something that seems weird.
Once Ambari has installed a Kerberos Client on the cluster's hosts, it tries to explore the database, but ... The Kerberos client is not deployed on the Ambari cluster. So if a Kerberos client has not been manually installed, the configuration of Kerberos crashes, with a message saying there has been an error while calling Kadmin which does not exist.
Is it normal ? Did I miss something ?
Thanks,
Loïc
--------------------------------------------------------
Loïc CHANEL
Ingénieur stagiaire (TO - XaaS)
+33 (04) 78 17 80 71
desk 220
Bât Le Mirage
53 Avenue Paul Krüger
69624 Villeurbanne Cedex
worldline.com<http://atosworldline.com/>
[cid:image001.gif@01D08EEF.8820E710]
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Worldline liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Worldline liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.
Re: Kadmin installation
Posted by Robert Levas <rl...@hortonworks.com>.
Hi Loïc,
I am sorry it took so long to get back to you. I didn't see your question until just now.
For now, Ambari needs to be on a host in the cluster. We hope to fix this requirement soon, but at least through Ambari 2.1, this requirement will stand.
So if you have a cluster such that the host that Ambari runs on is not port of the it, there will be several error conditions. For one, the Kerberos client package will not be automatically installed. If you happened to manually install it, then there is an issue scheduling tasks on the Ambari server. Such tasks include generating principals using kadmin (if using the MIT KDC option).
If you add the host that run Ambari to your cluster (before enabling Kerberos), this issues should go away. You might, however, need to set the host to have at least one client component on it for the Kerberos client to be installed on it.
Rob
From: Chanel Loïc <lo...@worldline.com>>
Reply-To: "user@ambari.apache.org<ma...@ambari.apache.org>" <us...@ambari.apache.org>>
Date: Monday, May 11, 2015 at 10:29 AM
To: "user@ambari.apache.org<ma...@ambari.apache.org>" <us...@ambari.apache.org>>
Subject: Kadmin installation
Hi All,
As I was tryiing to Kerberize my cluster, I noticed something that seems weird.
Once Ambari has installed a Kerberos Client on the cluster's hosts, it tries to explore the database, but ... The Kerberos client is not deployed on the Ambari cluster. So if a Kerberos client has not been manually installed, the configuration of Kerberos crashes, with a message saying there has been an error while calling Kadmin which does not exist.
Is it normal ? Did I miss something ?
Thanks,
Loïc
--------------------------------------------------------
Loïc CHANEL
Ingénieur stagiaire (TO - XaaS)
+33 (04) 78 17 80 71
desk 220
Bât Le Mirage
53 Avenue Paul Krüger
69624 Villeurbanne Cedex
worldline.com<http://atosworldline.com/>
[cid:image002.gif@01CFA664.1EAA9570]
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Worldline liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.