0

I have a question, why are my cloudera nodes replacing the file /etc/krb5.conf ata every reboot ?? Im trying to make modifications, and when someone issues a reboot the file is again replaced by the old config file

Flechoide
  • 75
  • 3
  • 10
  • Your organiaztion probably uses something like Puppet to maintain consistent control over server settings and key OS files. If you hand-edit such a file, changes are over-written at the next scheduled Puppet run. – T-Heron Nov 22 '19 at 17:39
  • Yes my organization uses puppet but we dont have any module related to cloudera or kerberos (I know for sure because Im the responsible for puppet Code) also it seems to be overwriten at every boot, probably by some cloudera configuration, I found at cloudera cm proces, the tmpfs from cloudera a file idéntical to the old krb5.conf file – Flechoide Nov 22 '19 at 23:41
  • That's fascinating. Open this case at https://serverfault.com for someone to look at. This is a server question, rather than a coding issue. – T-Heron Nov 23 '19 at 13:54
  • 2
    https://docs.cloudera.com/documentation/enterprise/5-14-x/topics/cm_sg_s4_kerb_wizard.html#concept_irl_x5y_l4 _"checkbox allows you to choose whether Cloudera Manager should deploy the `krb5.conf` on your cluster or not ... this page will let you configure the properties that will be emitted in it... safety valves ..."_ – Samson Scharfrichter Nov 24 '19 at 17:22
  • Ithink this will be the root of the problem, Im trying to give you the solution but I just can upvote – Flechoide Nov 26 '19 at 10:41
  • @SamsonScharfrichter - make your comment an "Answer" and Flechoide you can give the solution to Samson at that point. :-) – T-Heron Nov 27 '19 at 15:06

1 Answers1

2

Both CDH and HDP distros have an option to let their Hadoop cluster manager (Cloudera Manager vs. Ambari) also manage the Kerberos client config on all nodes.
Or rather, they have an option not to let it manage it for you...

From CDH 6.3 documentation

Choose whether Cloudera Manager should deploy and manage the krb5.conf on your cluster or not ...
this page will let you configure the properties that will be emitted in it. In particular, the safety valves on this page can be used to configure cross-realm authentication.

From HDP 3.1 documentation

(Optional) To manage your Kerberos client krb5.conf manually (and not have Ambari manage the krb5.conf), expand the Advanced krb5-conf section and uncheck the "Manage" option.
(Optional) To not have Ambari install the Kerberos client libraries on all hosts, expand the Advanced kerberos-env section and uncheck the “Install OS-specific Kerberos client package(s)” option

Samson Scharfrichter
  • 8,884
  • 1
  • 17
  • 36