Thursday, April 5, 2018

Kerberos Server Setup Steps


Here are the steps provided for setting up of Kerberos server for securing Hadoop clusters by  providing this Kerberos server info.

Steps:
Step 1: Install a new version of the KDC server:
#yum install krb5-server krb5-libs krb5-workstation

Step 2: Change the [realms] section
[root@bkumar3 hdp]# cat /etc/krb5.conf




Note :
#Here "admin_server" and "kdc" are the host FQDN's of the machine where we installed Kerberos.

Step 3: Use the utility kdb5_util to create the Kerberos database.
[root@bkumar3 ~]# kdb5_util  create -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'EXAMPLE.COM',
master key name 'K/M@EXAMPLE.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: <hadoop>
Re-enter KDC database master key to verify: <hadoop>

Step 4:Start the KDC server and the KDC admin server.
[root@bkumar3 ~]# systemctl start krb5kdc
[root@bkumar3 ~]#
[root@bkumar3 ~]# systemctl start kadmin

Step 5: Create a KDC admin by creating an admin principal.
[root@bkumar3 ~]# kadmin.local  -q "addprinc root/admin@EXAMPLE.COM"
Authenticating as principal root/admin@EXAMPLE.COM with password.
WARNING: no policy specified for root/admin@EXAMPLE.COM; defaulting to no policy
Enter password for principal "root/admin@EXAMPLE.COM":
Re-enter password for principal "root/admin@EXAMPLE.COM":
Principal "root/admin@EXAMPLE.COM" created.


Reference link:
https://docs.hortonworks.com/HDPDocuments/Ambari-2.5.0.3/bk_ambari-security/content/optional_install_a_new_mit_kdc.html
Posted by at 1 comment:

Thursday, March 1, 2018

Ansible Automation script configuration steup



Environment:
# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)


Step 1 :
 Install Ansible software.
[root@psnode140 home]# yum install ansible -y


# ansible --version
ansible 2.4.2.0

Step 2: 
Add the host info(hostname's) at hosts file.
# vim  hosts
[all]
testNode140
testNode141
testNode142
testNode181
testNode182

Step 2:
Sample command to verify proper installation:
# ansible -i hosts  -m command  -a "hostname -f " all
Error:
The authenticity of host 'testNode140 (testNode140)' can't be established.
ECDSA key fingerprint is 44:3a:e5:e7:07:fb:5d:d0:d4:29:31:33:b8:7e:e3:9a.
Are you sure you want to continue connecting (yes/no)? yes  testNode140 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'testNode140' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
    "unreachable": true
}


Step 3:
Generate the Password-less authentication for nodes using ssh-keygen.
# ssh-keygen -t rsa

#ssh-copy-id root@testNode140
#ssh-copy-id root@testNode141
#ssh-copy-id root@testNode142
#ssh-copy-id root@testNode181
#ssh-copy-id root@testNode182

Step 4:
Check for sample ansible command:

# ansible -i hosts  -m command  -a "hostname -f " all

The following output we'll see at SUCCESS message from  terminal
testNode140.ps.lab
testNode141.ps.lab
testNode142.ps.lab
testNode181.ps.lab
testNode182.ps.lab


Posted by at No comments:

Sunday, February 4, 2018

Collecting jstat data





The jstat utility uses the built-in instrumentation in the Java HotSpot VM to provide information about performance and resource consumption of running applications.

The tool can be used when diagnosing performance issues, and in particular issues related to heap sizing and garbage collection.

Syntax:
```
$ jstat -gc   <PID>
```

Example:


Here Column names are defined as below.

Posted by at No comments:
Subscribe to: Posts (Atom)