Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.6.1
-
None
-
HDP 2.1 on RHEL 6 with 2.1.GlusterFS stack.
Description
Ambari security wizard (Admin view->Security->Enable Security) provides misleading requirements. The Get Started page states:
Important: Before configuring Ambari to manage your Kerberos-enabled cluster, you must perform the following manual steps on your cluster. Be sure to record the location of the keytab files for each host and the principals for each Hadoop service. This information is required in order to use the wizard.
1. Install, configure and start your Kerberos KDC
2. Install and configure the Kerberos client on every host in the cluster
3. Create Kerberos principals for Hadoop services and hosts
4. Generate keytabs for each principal and place on the appropriate hosts
5. Application Timeline Server component of YARN service will be deleted as part of enabling security
This is not correct. The problem is that steps #3 and #4 can be done based on csv file generated by this wizard later. The wizard then states:
Download the CSV file and use it to create a script to generate the principals and keytabs on specified hosts. Once the principals and keytabs have been created, click on Apply to continue. If you need to make configuration changes, click Back.