Continuing on series of posts on getting Kerberized Ambari HDP and Isilon up and added the following two post to EMC’s ECN site and Isilon infohub. The infamous ‘401 Authorization Required’ error when starting Kerberized services Hortonworks – Isilon Kerberization First Time Services StartRead more "The infamous ‘401 Authorization Required’ error when starting Kerberized services"
An issue has been seen when a KDC kerberized Hortonworks cluster attempts to start Yarn services or any other services that leverage WebHDFS to start with OneFS 8.0.1. The incorrect generation of the the krb5.conf can leave the file without a READ permission for the services handling WebHDFS calls and authentication cannot occur leading to […]Read more "KDC Kerberized Yarn Services Fail to Start on Isilon OneFS 8.0.1 with Ambari via WebHDFS curl calls"
This may help clarify the use of Isilon proxy users on a kerberized Isilon. You need to create a proxy user for the service and then add users or groups that need to run jobs to that proxy user. Lets take a hive job as an example. A Kerberos user: hdpuser3 tries to run […]Read more "Isilon hdfs proxy users"
If you are kerberizing a hadoop cluster against an Isilon, you’ll need to look at adding the following to the hdfs services to enable Isilon compatibility. All Distro’s 1. Add custom property hadoop.security.token.service.use_ip=false to core-site.xml When you kerberize with AD, Isilon’s cluster SPN is used and not the SCZ SPN. (this is our odd behavior) […]Read more "Tweaks to HDFS services to make them play nice with Kerberized Isilon access"
if you are seeing issues with kerberos based hdfs client access against an Isilon cluster, increasing the kerberos logging level on the client can show you a lot more information(a lot) Change the logging level with the following: export HADOOP_ROOT_LOGGER=”TRACE,console” export HADOOP_OPTS=”-Dsun.security.krb5.debug=true” quick example of a successful kerberized hadoop call from a kerberized […]Read more "Increase the kerberos logging level on a client to see what is actually going on"
Wanted to clear up the implementation of racks with Isilon hdfs and providing rack awareness, using Isilon racks we can provide node location awareness to clients and within-switch datanode connections collocation. This gives you the capability to provide switch aware or top of rack functionality that emulates hdfs local storage implementations, where compute nodes attempt […]Read more "Isilon HDFS and Rack Awareness for DataNode Connections"