Set up kerberos error for Hadoop

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Set up kerberos error for Hadoop

ZongtianHou
Hi,everyone:
I am setting up kerberos for Hadoop cluster, but when starting the datanode, the following error happened:
java.lang.RuntimeException: Cannot start secure DataNode without configuring either privileged resources or SASL RPC data transfer protection and SSL for HTTP.  Using privileged resources in combination with SASL RPC data transfer protection is not supported.
I have searched the internet for a while but still can’t solve the issue, does anyone have a clue?
Reply | Threaded
Open this post in threaded view
|

Re: Set up kerberos error for Hadoop

ZongtianHou
Here is part of hfs-site.xml

<property>
  <name>dfs.secondary.namenode.keytab.file</name>
  <value>/etc/hadoop/conf/hdfs.keytab</value> <!-- path to the HDFS keytab -->
</property>
<property>
  <name>dfs.secondary.namenode.kerberos.principal</name>
  <value>[hidden email]</value>
</property>
<property>
  <name>dfs.secondary.namenode.kerberos.internal.spnego.principal</name>
  <value>[hidden email]</value>
</property>

<!-- DataNode security config and SASL -->
<property>
  <name>dfs.datanode.data.dir.perm</name>
  <value>700</value>
</property>
<property>
  <name>dfs.datanode.address</name>
  <value>0.0.0.0:1004</value>
</property>
<property>
  <name>dfs.datanode.http.address</name>
  <value>0.0.0.0:1006</value>
</property>
<property>
  <name>dfs.datanode.keytab.file</name>
  <value>/etc/hadoop/conf/hdfs.keytab</value> <!-- path to the HDFS keytab -->
</property>
<property>
  <name>dfs.datanode.kerberos.principal</name>
  <value>[hidden email]</value>
</property>
<property>
  <name>dfs.data.transfer.protection</name>
  <value>integrity</value>
</property>
<property>
  <name>dfs.http.policy</name>
  <value>HTTP_ONLY</value>
</property>

<!-- Web Authentication config -->
<property>
  <name>dfs.web.authentication.kerberos.principal</name>
  <value>[hidden email]</value>
 </property>
On 21 Jun 2018, at 4:52 PM, ZongtianHou <[hidden email]> wrote:

Hi,everyone:
I am setting up kerberos for Hadoop cluster, but when starting the datanode, the following error happened:
java.lang.RuntimeException: Cannot start secure DataNode without configuring either privileged resources or SASL RPC data transfer protection and SSL for HTTP.  Using privileged resources in combination with SASL RPC data transfer protection is not supported.
I have searched the internet for a while but still can’t solve the issue, does anyone have a clue?