- Notes, cautions, and warnings
- S3
- Amazon S3 API support in ECS
- S3 API supported and unsupported features
- Bucket policy support
- Object Tagging
- S3 Object Lock
- Object lifecycle management
- S3 Extensions
- Metadata Search
- S3 and Swift Interoperability
- Create and manage secret keys
- Authenticating with the S3 service
- Using s3curl with ECS
- Use SDKs to access the S3 service
- ECS S3 error codes
- Hadoop S3A for ECS
- Enabling data2 IP in ECS S3
- Cloud DVR
- ECS IAM for S3
- OpenStack Swift
- EMC Atmos
- CAS
- Setting up CAS support in ECS
- Cold Storage
- Compliance
- CAS retention in ECS
- Advanced retention for CAS applications: event-based retention, litigation hold, and the min/max governor
- Set up namespace retention policies
- Create and set up a bucket for a CAS user
- Set up a CAS object user
- Set up bucket ACLs for CAS
- ECS Management APIs that support CAS users
- Content Addressable Storage (CAS) SDK API support
- ECS CAS error codes
- Enabling data2 IP in CAS
- ECS Management REST API
- ECS HDFS
- ECS HDFS Introduction
- Configuring Hadoop to use ECS HDFS
- Hadoop authentication modes
- Migration from a simple to a Kerberos Hadoop cluster
- File system interaction
- Supported Hadoop applications
- Integrate a simple Hadoop cluster with ECS HDFS
- Install Hortonworks HDP using Ambari
- Create a bucket for HDFS using the ECS Portal
- Plan the ECS HDFS and Hadoop integration
- Obtain the ECS HDFS installation and support package
- Deploy the ECS HDFS Client Library
- Configure ECS client properties
- Set up Hive
- Verify Hadoop access to ECS
- Secure the bucket
- Relocate the default file system from HDFS to an ECS bucket
- Integrate a secure Hadoop cluster with ECS HDFS
- Verify that AD/LDAP is correctly configured with a secure Hadoop cluster
- Pig test fails: unable to obtain Kerberos principal
- Permission denied for AD user
- Permissions errors
- Failed to process request
- Enable Kerberos client-side logging and debugging
- Debug Kerberos on the KDC
- Eliminate clock skew
- Configure one or more new ECS nodes with the ECS service principal
- Workaround for Yarn directory does not exist error
- Set up the Kerberos KDC
- Configure AD user authentication for Kerberos
- Secure bucket metadata
- Hadoop core-site.xml properties for ECS HDFS
- Hadoop core-site.xml properties for ECS S3
- External key management
- Document feedback
ECS 3.6.2 Data Access Guide
Set up the Kerberos KDC
Set up the Kerberos KDC by following these steps.
-
Install krb5-workstation.
Use the command:
yum install -y krb5-libs krb5-server krb5-workstation
- Modify /etc/krb5.conf and change the realm name and extensions.
- Modify /var/kerberos/krb5kdc/kdc.conf and change the realm name to match your own.
-
If your KDC is a VM, recreate
/dev/random (otherwise your next step of creating the KDC database will take a very long time).
-
Remove using:
# rm -rf /dev/random
-
Recreate using:
# mknod /dev/random c 1 9
-
Remove using:
-
Create the KDC database.
# kdb5_util create -s
NOTE: If you made a mistake with the initial principals. For example, you ran "kdb5_util create -s" incorrectly, you might need to delete these principals explicitly in the /var/kerberos/krb5kdc/ directory. -
Modify
kadm5.acl to specify users that have admin permission.
*/admin@DET.EMC.COM *
- Modify /var/kerberos/krb5kdc/kdc.conf and take out any encryption type except des-cbc-crc:normal. Also modify the realm name.
- Ensure that iptables and selinux are off on all nodes (KDC server as well as Hadoop nodes).
-
Start KDC services and create a local admin principal.
kadmin.local # service krb5kdc start # service kadmin start # /usr/kerberos/sbin/kadmin.local-q "addprinc root/admin" # kinit root/admin
-
Copy the
krb5.conf file to all Hadoop nodes.
Any time you make a modification to any of the configuration files restart the below services and copy the krb5.conf file over to relevant Hadoop host and ECS nodes.
-
Restart the services.
service krb5kdc restart service kadmin restart
- Alternatively, use vendor documentation to set up a Kerberos KDC.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\