Enabling Replication Between Clusters in Different Kerberos Realms
If you want to enable replication between clusters that reside in different Kerberos Realms, there are some additional setup steps you need to perform to ensure that the source and target clusters can communicate.
Note: If either the source or target cluster is running Cloudera Manager
4.6 or later, then both clusters (source and target) must be running 4.6 or later.
Cross-realm authentication does not work if one cluster is running Cloudera Manager 4.5.x and
one is running Cloudera Manager 4.6 or later.
For HDFS replication:
- On the hosts in the target cluster, ensure that the krb5.conf file
on each host has the following information:
- The kdc information for the source cluster's Kerberos realm.
- Domain/host to realm mapping for the source cluster NameNode hosts.
- On the target cluster, through Cloudera Manager, add the realm
of the source cluster to the Trusted Kerberos Realms configuration property.
- Go the the HDFS service page and click the Configuration tab.
- In the search field type "Trusted Kerberos" to find the Trusted Kerberos Realms property.
- Enter the source cluster realm and save your changes.
- It is recommended that you restart all the affected services. However, you MUST restart the JobTracker to enable it to pick up the new Trusted Kerberos Realm settings. Failure to restart the JobTracker prior to the first replication attempt may cause the JobTracker to fail.
For Hive replication:
- Perform the steps described above on the target cluster, including restarting the JobTracker.
- On the hosts in the source cluster, ensure that the krb5.conf file
on each host has the following information:
- The kdc information for the target cluster's Kerberos realm.
- Domain/host to realm mapping for the target cluster NameNode hosts.
- On the source cluster, through Cloudera Manager, add the realm
of the target cluster to the Trusted Kerberos Realms configuration property.
- Go the the HDFS service page and click the Configuration tab.
- In the search field type "Trusted Kerberos" to find the Trusted Kerberos Realms property.
- Enter the target cluster realm and save your changes.
- It is not necessary to restart any services on the source cluster.
<< Impala Metadata Replication | Snapshots >> | |