Enable MultiKDC
This document explains the process of enabling multi KDC in a Pulse environment which is already deployed.
One Cluster has already been configured with a KDC.
All the clusters that have to be added to the Pulse Instance have different KDCs
All the cluster nodes and KDCs are reachable from Pulse Servers.
Manual Modifications
Enable Multi-KDC Flag
Modify the
accelo.ymlfile by executing the following sub-steps.- Open the
$AcceloHome/config/accelo.ymlfile. - Change the
IsMultiKDCclusterEnabledflag to true, if not yet set.
- Open the
The updated file looks as follows.
ContainerRegistry: 191579300362.dkr.ecr.us-east-1.amazonaws.com/acceldataImageTag: 3.2.1ContainerRegistryID: ""ContainerRegistryKey: ""ContainerUserID: 1000:1000ContainerLogType: json-fileContainerLogOpts: max-buffer-size: 4m max-file: "3" max-size: 10m mode: non-blockingIsMultiKDCclusterEnabled: trueKerberosAddons:- ad-connectors- ad-kafka-connector- ad-kafka-0-10-2-connector- ad-impala-connector- ad-fsanalyticsv2-connector- ad-sparkstats- Push the changes to the database by executing the following command.
accelo admin database push-config -aCopy Kerberos File
The following steps demonstrate the process to copy the Kerberos files of the first cluster.
- Execute the
config kerberoscommand.
accelo config kerberos -n <Active Name node URL>- Provide the principal of the first cluster, (The following code block shows an example of this).
Enter the principal: : hdfs@ACCELDATA.COM- Provide the Keytab file path of the first cluster. (The following code block shows an example of this).
Enter full path to the Keytab file (eg: /root/hdfs.keytab): : /data01/acceldata/kerberos.keytab- Provide the
krb5.conffile path of the first cluster:
Enter the krb5Conf file path: : /data01/acceldata/krb5.confThe output is as follows.
[root@pulse01:acceldata (ad-default)]$ accelo config kerberos -n http://hdp3101.dev.axl.iti:8042Setting up kerberos..Setting up kerberos..Enter the principal: : hdfs@ACCELDATA.COMEnter full path to the Keytab file (eg: /root/hdfs.keytab): : /data01/acceldata/kerberos.keytabEnter the krb5Conf file path: : /data01/acceldata/krb5.confWARN: /data01/acceldata/work/ad_hdp3_dev/krb/security/krb5JAASLogin.conf already being generatedWARN: /data01/acceldata/work/ad_hdp3_dev/krb/security/kafkaKrb5JAASLogin.conf already being generated✓ Done, Kerberos setup completed.INFO: /data01/acceldata/work/ad_hdp3_dev/fsanalytics/kinit_fsimage.sh - ✓ DoneINFO: /data01/acceldata/work/ad_hdp3_dev/fsanalytics/update_fsimage.sh - ✓ DoneAdding Second Cluster
You can follow the steps in the Enable MultiKDC section to add the second cluster.
Was this page helpful?