In this tutorial I will guide you regarding how to setup your own SVN server on amazon EC2 instance with Centos6.X
What is SVN ?
SVN is the abbreviated name of Apache’s subversion. svn is used to version control and revision your code. its open source and available for download under apache license.
Amazon gives t1.micro instance free for 1 year once you sign up on their site.
Lets get started
1. Launch free tier t1.micro EC2 instance from aws.
Note – If you are not sure how to launch EC2 instance on aws then please click here
2. Install SVN package and dav module using below command
yum install mod_dav_svn subversion
Note – Above command will install apache if its not already there
3. Configure SVN – Please replace your /etc/httpd/conf.d/subversion.conf file with below contents
This is quick and short tutorial to install and configure Kerberos authentication in hortonworks Hadoop cluster hdp2.2.
Here is my setup environment:
Kerberos Server: kerberos.crazyadmins.com
Kerberos Client: myclient.crazyadmins.com
Test Hadoop Hortonworks 2.2 Cluster: myclient.crazyadmins.com
Prerequisites:
Please ensure that Kerberos server and Client/Hadoop cluster should have each other’s entry in /etc/hosts file and they should be ping-able to each other.
Let’s get started!
Step 1: Install krb server packages on Kerberos Server
On kerberos.crazyadmins.com execute below command:
Run below command to create db on kerberos.crazyadmins.com
/usr/sbin/kdb5_util create -s
Step 4: Start the Core Kerberos services
Execute below commands on kerberos.crazyadmins.com
/etc/rc.d/init.d/krb5kdc start
/etc/rc.d/init.d/kadmin start
Step 5: Install and configure Kerberos Client
Use below command to install kerberos client on myclient.crazyadmins.com (Client machine)
yum install krb5-workstation
Note: Please copy modified krb5.conf obtained from step 2 to myclient.crazyadmins.com (Kerberos client and Hadoop cluster)
Step 6: Create the principals by following automated method
6.1 Go to Ambari server admin UI –> Admin –> Security –> Enable Security –> Enter your realm instead of EXAMPLE.COM (here we have used crazyadmins.com)
6.2 Then Click Next –> Download CSV files containing list of nodes, principals & keytabs.
6.3 Then Go to Ambari server and execute below commands:
6.5 Copy the generated keytabs-generate.sh to your Kerberos server. (Copy keytabs-generate.sh from myclient.crazyadmins.com to kerberos.crazyadmins.com)
cp keytabs-generate.sh kerberos.crazyadmins.com:~
6.6 Run keytabs-generate.sh with sudo. This creates a tar file for each node/host in your Hadoop cluster. Each tar contains the keytabs needed to be on that host.
6.7 Copy each tar file to the right host and unzip it to the root directory (it already contains the correct directory structure).
Note – Please ensure that your keytab files are there at correct location on Kerberos i.e. /etc/security/keytabs
Step 7: Please set permissions of your keytab files by running below script.
Note – If you are using multi-node cluster then you need to run this script on each host. Please ignore errors if you get file not found.
Create permissions.sh (or give any favorite name to your script) on your home directory, copy all the below contents in it and run it on all the kerberos client machines.
Step 8: Verify that the correct keytab files and principals are associated with the correct service using the klist command. For example, on the NameNode:
Step 10: Once your services are started, try running some Hadoop command by root user
[kuldeepk@myclient ~]# hadoop fs -ls /
ls: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "myclient.crazyadmins.com/10.200.100.212"; destination host is: "myclient.crazyadmins.com":8020;
You got an error and Yes! It’s expected because root user does not have any valid TGT!
Step 11: Add principal for root user and get a ticket granting ticket
Run below commands on Kerberos server and remember password.
[root@kerberos ~]# kadmin.local
kadmin.local: addprinc kuldeepk@crazyadmins.com
WARNING: no policy specified for kuldeepk@crazyadmins.com; defaulting to no policy
Enter password for principal "kuldeepk@crazyadmins.com":
Re-enter password for principal "kuldeepk@crazyadmins.com":
Principal "kuldeepk@crazyadmins.com" created.
kadmin.local:
Step12: Initiate a TGT and enjoy hadooping
On Kerberos client run below command & enter password to get a TGT