Thanks Ravi. This has brought my local hadoop cluster to life!
The two things I was missing:
1) Have to use privileged ports
dfs.datanode.address
0.0.0.0:1004
dfs.datanode.http.address
0.0.0.0:1006
2) implied by 1) sudo required to launch datanode
Clearly, this is geared towards the production system. For development, having
the ability to run with Kerberos but w/o the need for privileged resources
would be desirable.
On Aug 30, 2011, at 9:00 PM, Ravi Prakash wrote:
> In short you MUST use priviledged resourced.
>
> In long:
>
> Here's what I did to setup a secure single node cluster. I'm sure there's
> other ways, but here's how I did it.
>
>1.Install krb5-server
>2.Setup the kerberos configuration (files attached).
> /var/kerberos/krb5kdc/kdc.conf and /etc/krb5.conf
> http://yahoo.github.com/hadoop-common/installing.html
>3.To clean up everything :
> http://mailman.mit.edu/pipermail/kerberos/2003-June/003312.html
>4.Create Kerberos database $ sudo kdb5_util create -s
>5.Start Kerberos $ sudo /etc/rc.d/init.d/kadmin start $ sudo
> /etc/rc.d/init.d/krb5kdc start
>6.Create principal raviprak/localhost.localdomain@localdomain
> http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/Adding-or-Modifying-Principals.html
>7.Create keytab fiie using “xst -k /home/raviprak/raviprak.keytab
> raviprak/localhost.localdomain@localdomain”
>8.Setup hdfs-site.xml and core-site.xml (files attached)
>9.sudo hostname localhost.localdomain
>10.hadoop-daemon.sh start namenode
>11.sudo bash. Then export HADOOP_SECURE_DN_USER=raviprak . Then
> hadoop-daemon.sh start datanode
>
>
>
> CORE-SITE.XML
>
>
>
>
>
>
>
>
>fs.default.name
>hdfs://localhost:9001
>
>
>hadoop.security.authorization
>true
>
>
>hadoop.security.authentication
>kerberos
>
>
>dfs.namenode.kerberos.principal
>raviprak/localhost.localdomain
>
>
>dfs.datanode.kerberos.principal
>raviprak/localhost.localdomain
>
>
>dfs.secondary.namenode.kerberos.principal
>raviprak/localhost.localdomain
>
>
>
> =
>
>
>
> HDFS-SITE.XML
> =
>
>
>
>
>
>
>
>dfs.replication
>1
>
>
>
>dfs.name.dir.restore
>false
>
>
>
>dfs.namenode.checkpoint.period
>10
>
>
>
>dfs.namenode.keytab.file
>/home/raviprak/raviprak.keytab
>
>
>
>dfs.secondary.namenode.keytab.file
>/home/raviprak/raviprak.keytab
>
>
>
>dfs.datanode.keytab.file
>/home/raviprak/raviprak.keytab
>
>
>
>dfs.datanode.address
>0.0.0.0:1004
>
>
>
>dfs.datanode.http.address
>0.0.0.0:1006
>
>
>
>dfs.namenode.kerberos.principal
>raviprak/localhost.localdomain@localdomain
>
>
>
>dfs.secondary.namenode.kerberos.principal
>raviprak/localhost.localdomain@localdomain
>
>
>
>dfs.datanode.kerberos.principal
>raviprak/localhost.localdomain@localdomain
>
>
>
>dfs.namenode.kerberos.https.principal
>raviprak/localhost.localdomain@localdomain
>
>
>
>dfs.secondary.namenode.kerberos.https.principal
>raviprak/localhost.localdomain@localdomain
>
>
>
>dfs.datanode.kerberos.https.principal
>raviprak/localhost.localdomain@localdomain
>
>
>
> =
>
>
> On Tue, Aug 30, 2011 at 8:08 PM, Thomas Weise wrote:
>
>> I'm configuring a local hadoop cluster in secure mode for
>> development/experimental purposes on Ubuntu 11.04 with the hadoop-0.20.203.0
>> distribution from apache mirror.
>>
>> I have the basic Kerberos setup working, can start namenode in secure mode
>> and connect to it with hadoop fs -ls
>>
>> I'm not able to get the datanode start in secure mode - what do I have to
>> do to make that happen?
>>
>> The error I get:
>>
>> 11/08/30 18:01:57 INFO security.UserGroupInformation: Login successful for
>> user hduser/hdev-vm@HADOOP.LOCALDOMAIN using ke