Problem with enabling ozone security #4956
Replies: 3 comments 1 reply
-
I believe second approach should not work, as with that you are creating 3 separate clusters with 3 single SCM, and if DNs have all 3 SCMs in the config then they get confused and don't know which cluster they should join... probably select the first SCM that responds as their cluster's SCM. The first approach seems to be good, the problem in that case I believe lies in the configuration, if you use host based kerberos principals, then in the configuration, you need to use the "_HOST" substitute that will be replaced with the hostname in question when the principal is being checked. |
Beta Was this translation helpful? Give feedback.
-
thank you @fapifta , I will try to install with your advice. |
Beta Was this translation helpful? Give feedback.
-
@fapifta , I got success. Thank you! |
Beta Was this translation helpful? Give feedback.
-
Hi,
I have installed ozone cluster with SCM and OM HA without Kerberos authentication successfully. It worked fine without kerberos security.
But, when I configured ozone with kerberos security, I encountered problems.
SCM and OM HA have been configured in my ozone cluster.
I have 3 nodes on which 3 scm, 3 om and 3 datanode will be run.
After adding several ozone security properties to
ozone-site.xml
, I have tried to run ozone with kerberos authentication in the following two approaches without success.First Approach
My first approach is, I have tried to bootstrap and run SCMs on the other scm nodes after initializing and running scm on first scm node(With this running sequence, my ozone cluster without kerberos authentication worked fine!).
On 1. scm node:
On 2. scm node:
When scm bootstrapped on 2. scm node, I got the following error.
Second Approach
My second approach is, I tried to run ozone SCMs with --init instead of --bootstap on scm nodes like this order.
On 1. scm node:
On 2. scm node:
On 3. scm node:
It seems that all scm have been run successfully.
In next step, I have run om like the scm sequence above.
On 1. om node:
On 2. om node:
On 3. om node:
It seems, All OMs worked fine.
After that, I have run datanodes.
On 1. datanode node:
On 2. datanode node:
On 3 datanode node:
But, I got the exceptions which are different from each datanodes.
On 1. datanode node:
On 2. datanode node:
On 3. datanode node:
To verify principals on each nodes, I have checked principals with
klist -k xxx
on all nodes. All principals on each node are listed correctly.To understand my ozone cluster, the following is
ozone-site.xml
with ozone security.Beta Was this translation helpful? Give feedback.
All reactions