Adjusting for Kerberos
Important | |
---|---|
You only need to perform these Kerberos steps if you are running Ambari 1.7 or earlier and your cluster is Kerberos enabled. You do not need need to perform these steps if you are running Ambari 2.0 or later. |
If you are upgrading to Ambari 2.2 from an Ambari-managed cluster that is already Kerberos-enabled, because of new Kerberos features introduced in Ambari, you need perform the following steps:
Review the procedure for Configuring Ambari and Hadoop for Kerberos in the Ambari Security Guide.
Have your Kerberos environment information readily available, including your KDC Admin account credentials.
Take note of current Kerberos security settings for your cluster.
Browse to
Services > HDFS > Configs
.Record the core-site auth-to-local property value.
Disable Kerberos before performing the Ambari upgrade. In Ambari Web, browse to
Admin > Kerberos
, and click Disable Kerberos. You can re-enable Kerberos after performing the Ambari upgrade.Upgrade Ambari according to the steps in Upgrading to Ambari 2.2.
Ensure your cluster and the Services are healthy.
Browse to
Admin > Kerberos
and you’ll notice Ambari thinks that Kerberos is not enabled. Run theEnable Kerberos Wizard,
following the instructions in the Ambari Security Guide. Be sure to pay close attention to the principal names in the Configure Identities step in the wizard to confirm principals names match what you expect for your environment.Ensure your cluster and the Services are healthy.
Verify the Kerberos security settings for your cluster are correct.
Browse to
Services > HDFS > Configs
.Check the core-site auth-to-local property value.
Adjust as necessary, based on the pre-upgrade value recorded in Step 3.