On 10/29/12 6:29 PM, Prajakta Kalmegh wrote:
Hi
I am trying to configure Hadoop with Kerberos for running Giraph as
gives in
<https://cwiki.apache.org/confluence/display/GIRAPH/Quick+Start+-+Running+Giraph+with+Secure+Hadoop>
I am using Ubuntu 12.04 and installed krb5-kdc and krb5-admin-server.
Had to change principals.sh to use "kinit $NORMAL_USER@$REALM" for the
ticket granting to work. I also added the passwords for all services
in the addprinc commands. When I try to start my Hadoop 1.0.3
namenode, it gives me the following connection refused error.
Hi Prajakta,
At some point, I need to go through that page and ensure make sure
everything works as expected.
You might also look at:
https://github.com/ekoontz/hadoop-conf/blob/master/README
From your output below, it looks like the keytab does not have
credentials for the principal 'hdfs/sap-optiplex-755@HADOOP.LOCALDOMAIN'.
Can you try:
ktutil -k /home/saplabs/kerb-setup/services.keytab l
(last character is a lowercase 'L')
-Eugene
---------------
12/10/29 15:23:31 INFO namenode.NameNode: STARTUP_MSG:
/************************************************************
STARTUP_MSG: Starting NameNode
STARTUP_MSG: host = sap-OptiPlex-755/127.0.1.1 <http://127.0.1.1>
STARTUP_MSG: args = []
STARTUP_MSG: version = 1.0.3
STARTUP_MSG: build =
https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.0 -r
1335192; compiled by 'hortonfo' on Tue May 8 20:31:25 UTC 2012
************************************************************/
12/10/29 15:23:31 INFO impl.MetricsConfig: loaded properties from
hadoop-metrics2.properties
12/10/29 15:23:31 INFO impl.MetricsSourceAdapter: MBean for source
MetricsSystem,sub=Stats registered.
12/10/29 15:23:31 INFO impl.MetricsSystemImpl: Scheduled snapshot
period at 10 second(s).
12/10/29 15:23:31 INFO impl.MetricsSystemImpl: NameNode metrics system
started
12/10/29 15:23:31 INFO impl.MetricsSourceAdapter: MBean for source ugi
registered.
12/10/29 15:23:32 ERROR namenode.NameNode: java.io.IOException: Login
failure for hdfs/sap-optiplex-755@HADOOP.LOCALDOMAIN from keytab
/home/saplabs/kerb-setup/services.keytab
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:630)
at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:298)
at
org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:264)
at
org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:496)
at
org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1279)
at
org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1288)
Caused by: javax.security.auth.login.LoginException: Connection refused
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:700)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:621)
... 5 more
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at sun.security.krb5.internal.TCPClient.<init>(TCPClient.java:46)
at sun.security.krb5.KrbKdcReq$KdcCommunication.run(KrbKdcReq.java:343)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:296)
at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:202)
at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:175)
at sun.security.krb5.KrbAsReq.send(KrbAsReq.java:431)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:400)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:350)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
------------------------------------------------
Any idea what could be going wrong here?
Regards,
Prajakta
