Continuing on series of posts on getting Kerberized Ambari HDP and Isilon up and added the following two post to EMC’s ECN site and Isilon infohub. The infamous ‘401 Authorization Required’ error when starting Kerberized services Hortonworks – Isilon Kerberization First Time Services StartRead more "The infamous ‘401 Authorization Required’ error when starting Kerberized services"
I just authored this post on EMC’s ECN site, on how to implement Kerberos with HDP with Isilon and AD. https://community.emc.com/community/products/isilon/blog/2016/07/05/kerberizing-ambari-hdp-with-isilon-8001-and-active-directoryRead more "Ambari HDP with Isilon 184.108.40.206 and Active Directory Kerberos Implementation"
If you are kerberizing a hadoop cluster against an Isilon, you’ll need to look at adding the following to the hdfs services to enable Isilon compatibility. All Distro’s 1. Add custom property hadoop.security.token.service.use_ip=false to core-site.xml When you kerberize with AD, Isilon’s cluster SPN is used and not the SCZ SPN. (this is our odd behavior) […]Read more "Tweaks to HDFS services to make them play nice with Kerberized Isilon access"
Hadoop provides a feature that lets administrators specify mapping rules to map a kerberos principal to a local UNIX user name.This required with Kerberized Hadoop clusters to turn full UPN’s into the shortnames required by the HDFS services. In Ambari these rules look similar to this and are added to the core-site.xml: Kerberized Ambari […]Read more "Hadoop’s hadoop.security.auth_to_local rules"
if you are seeing issues with kerberos based hdfs client access against an Isilon cluster, increasing the kerberos logging level on the client can show you a lot more information(a lot) Change the logging level with the following: export HADOOP_ROOT_LOGGER=”TRACE,console” export HADOOP_OPTS=”-Dsun.security.krb5.debug=true” quick example of a successful kerberized hadoop call from a kerberized […]Read more "Increase the kerberos logging level on a client to see what is actually going on"