3.2. Adjusting for Kerberos

[Important]Important

You only need to perform these Kerberos steps if you are running Ambari 1.7 or earlier and your cluster is Kerberos enabled. You do not need need to perform these steps if you are running Ambari 2.0 or later.

If you are upgrading to Ambari 2.1 from an Ambari-managed cluster that is already Kerberos-enabled, because of new Kerberos features introduced in Ambari, you need perform the following steps:

  1. Review the procedure for Configuring Ambari and Hadoop for Kerberos in the Ambari Security Guide.

  2. Have your Kerberos environment information readily available, including your KDC Admin account credentials.

  3. Take note of current Kerberos security settings for your cluster.

    1. Browse to Services > HDFS > Configs.

    2. Record the core-site auth-to-local property value.

  4. Disable Kerberos before performing the Ambari upgrade. In Ambari Web, browse to Admin > Kerberos, and click Disable Kerberos. You can re-enable Kerberos after performing the Ambari upgrade.

  5. Upgrade Ambari according to the steps in Upgrading to Ambari 2.1.

  6. Ensure your cluster and the Services are healthy.

  7. Browse to Admin > Kerberos and you’ll notice Ambari thinks that Kerberos is not enabled. Run the Enable Kerberos Wizard, following the instructions in the Ambari Security Guide. Be sure to pay close attention to the principal names in the Configure Identities step in the wizard to confirm principals names match what you expect for your environment.

  8. Ensure your cluster and the Services are healthy.

  9. Verify the Kerberos security settings for your cluster are correct.

    • Browse to Services > HDFS > Configs.

    • Check the core-site auth-to-local property value.

    • Adjust as necessary, based on the pre-upgrade value recorded in Step 3.


loading table of contents...