Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
trunk, 2.5.0
-
None
Description
Issue:
HSI server start failed with "kinit: Key table file '/etc/security/keytabs/hive.llap.zk.sm.keytab' not found while getting initial credentials".
Reason:
This can happen when HSI is placed on a node where YARN's NodeManager node doesn't exists. Thus, 'hive.llap.zk.sm.keytab' file wont get generated.
Fix:
Following are the principals in both keytab files:
[root@ctr-e133-1493418528701-3077-01-000003 keytabs]# klist -kt hive.service.keytab Keytab name: FILE:hive.service.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM [root@ctr-e133-1493418528701-3077-01-000003 keytabs]# [root@ctr-e133-1493418528701-3077-01-000003 keytabs]# klist -kt hive.llap.zk.sm.keytab Keytab name: FILE:hive.llap.zk.sm.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM 2 05/03/17 20:57:16 hive/ctr-e133-1493418528701-3077-01-000003.hwx.site@EXAMPLE.COM [root@ctr-e133-1493418528701-3077-01-000003 keytabs]#
Given that 'hive.service.keytab' and 'hive.llap.zk.sm.keytab' contains the same principals, we can use 'hive.service.keytab' for copying principals to slider in HDFS.