Re, FYI, I installed an older version of HDP, 2.5 (same ambari version), did the same steps, everything is working as expected. Someone knows if 2.6.X had some related issue ? I took a look on jira's issues but didn't found something relevants.
Thanks, Davy On Thu, Jun 7, 2018 at 12:41 PM, Davy Stoffel < [email protected]> wrote: > Hi all, > > I'm trying to secure our HDP cluster with kerberos but i cannot acces > fileview/hiveview anymore after that. > > Step done : > > I dit a fresh install of ambari and deploy the HDP cluster. > I join all the hosts (including ambari) to our IPA real'm. > Enable expiremental IPA feature > Change the krb5.conf to use file system to store kerberos cache > Started the Kerberos wizard and go to the end. > No error reported during the wizzard and all components has been > successfully restarted. > > Now if use the view, i always the the error : > > Failed to transition to *undefined* (details) > <http://ambari.office.data-essential.com:8080/views/FILES/1.0.0/test/#/messages/1> > : > *Server status:* 500 > > org.apache.hadoop.security.AccessControlException: Authentication required > at > org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:460) > > > After digging, some user are telling to : > Create a new view and change the WebHDFS Authorization to use kerberos and > the principal of the ambari server. (the documentation say this is no > longer needed but i still tried it as it was not working at first) > > auth=KERBEROS;proxyuser=<ambari-server-user-principal>@REALM or without > @REALM > > > They also ask to check the core-site settings and make sure the principal > proxy user is well defined. The kerberization process did as expected, both > options are there : > > > 1. hadoop.proxyuser.<ambari-server-user-principal>.groups=* > > > 1. hadoop.proxyuser.<ambari-server-user-princiapl>.hosts=* > > > Another said also to set both option for the user running the ambari > process, i also tried. > > > I cannot find any other suggestions, any advice on how can i troubleshoot > this issue ? > > Thank you, > Davy > >
