Securing cluster using Kerberos

Pre requisite

Kerberos Wizard

  • On ambari console navigate to Admin → Kerberos

  • Select exiting MIT KDC and tick on all the prerequisites

  • Provide the KDC server containers details as follows make sure remove tick box in Manage Kerberos client krb5.conf

  • Click next to proceed

  • By now we have got kerberos client configure and tested on all the nodes. Confirm the configuraion and click next to proceed.

  • Onece all the services stopped click next to proceed

  • Click next to kerbrise the cluster

  • Wait for all the services started

  • Once all the services stared click complete

  • Once the completion the Kerberos configuration will look as follow

Creating User

  • Connect to the kdcserver using following command.
  $ kubectl exec -it kdcserver-0 bash

Generating Keytabs

Post kerberisation we need create users and create keytabs in in KDC and use them to access the Hadoop cluster.

  • Login to KDC server
    $ kubectl exec -it kdcserver-0 bash
    
  • Use addUser.sh
  • Update array to generate user
  • This will create users in KDC and HDFS.

Accessing Secure Cluster

  • Once users are created share their .keytab file with them
  • To generate the ke using keytab use following command.
$ kinit -kt username.keytab
  • To list the keys use following command.
$ klist
  • Once you have valid key entry use access hadoop cluster.