![]()
If you want to read the product documentation, it’s available here. You should consider this reference material I’d suggest reading it later to understand more details about what the scripts do. The Java Cryptography Extension (JCE) file from Oracleīefore you start the QuickStart VM, increase the memory allocation to 8GB RAM and increase the number of CPUs to two.The QuickStart VM, along with a corresponding VM runtime environment.You need the following downloads to follow along. Start up the VM and activate Cloudera Manager as shown here: You can get by with a little less RAM, but we will have everything including the Kerberos server running on one node. Give this script some time to run, it has to restart the cluster. The script goKerberos_beforeCM.sh does all the setup work for the Kerberos server and the appropriate configuration parameters. The comments are designed to explain what is going on inline. #GSS INITIATE FAILED DBVISUALIZER CODE## (c) copyright 2014 martin lurie sample code not supported ( Do not copy and paste this script! It contains unprintable characters that are pretending to be spaces. #GSS INITIATE FAILED DBVISUALIZER UPDATE## we will use this for full strength 256 bit encryptionĬp /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/local_policy.jar local_Ĭp /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/US_export_policy.jar US_export_Ĭp /root/jce/UnlimitedJCEPolicy/local_policy.jar /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/local_policy.jarĬp /root/jce/UnlimitedJCEPolicy/US_export_policy.jar /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/US_export_policy.jar # download UnlimitedJCEPolicyJDK7.zip from Oracle into Sed -i.m1 's//quickstart.cloudera/g' /etc/nf # set the hostname for the kerberos server Sed -i.orig 's/EXAMPLE.COM/CLOUDERA/g' /etc/nf # so the equivalent domain name is CLOUDERA # in this case the hostname is quickstart.cloudera # of the file before making edits in place # notice the -i.xxx for sed will create an automatic backup # update the config files for the realm name and hostname # File /etc must not be world or group writable, but is 775 # failed to start File /etc/hadoop must not be world # may not be an issue in later versions of the vm # fix the permissions in the quickstart vm # reminder to activate CM in the quickstartĮcho Activate CM in the quickstart vmware imageĮcho Hit enter when you are ready to proceed GSS INITIATE FAILED DBVISUALIZER CODE #GSS INITIATE FAILED DBVISUALIZER PASSWORD## type in cloudera at the password prompt GSS INITIATE FAILED DBVISUALIZER FULL # if not the Hue service will show bad (red) status # The kerberos authorization tickets need to be renewable Sed -i 's/EXAMPLE.COM/CLOUDERA/' /var/kerberos/krb5kdc/kadm5.acl # the acl file needs to be updated so the */admin Sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf Sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf Sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf # this will add a line to the file with ticket life Sed -i.orig 's/EXAMPLE.COM/CLOUDERA/g' /var/kerberos/krb5kdc/kdc.conf GSS INITIATE FAILED DBVISUALIZER PASSWORD # kt_renewer ERROR Couldn't renew # kerberos ticket in # the error message in the log will look like this: # and the Hue “Kerberos Ticket Renewer” will not start # we need a running server and admin service to make this update # (maxrenewlife) for the 'hue/quickstart.cloudera' # KDC configuration, and the ticket renewal policy #If the 'renew until' date is the same as the 'valid starting' # for 'hue/quickstart.cloudera' is still renewable: #Couldn't renew kerberos ticket in order to work around # this requires an update to the krbtgt principal # There is an addition error message you may encounter Sed -i.m4 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf Sed -i.m3 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf # update the kdc.conf file to allow renewable # Please check that the ticket for 'hue/quickstart.cloudera' # order to work around Kerberos 1.8.1 issue.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |