Configure JobTracker with Kerberos
Modify the mapred-site.xml File
The mapred-site.xml file needs the
following information for JobTracker:
| Property Name | Description | Value |
|---|---|---|
mapreduce.jobtracker.kerberos.principal
|
Hostname and realm |
mapr/_HOST@<REALM>
|
mapreduce.jobtracker.keytab.file
|
Path to the MapReduce keytab file |
/opt/mapr/conf/mapr.keytab
|
Add these properties to your mapred-site.xml file as shown in the
following example. Note that this example uses dev-maprtech for the
Kerberos realm.
<!-- JobTracker security configuration -->
<property>
<name>mapreduce.jobtracker.kerberos.principal</name>
<value>mapr/_HOST@dev-maprtech</value>
</property>
<property>
<name>mapreduce.jobtracker.keytab.file</name>
<value>/opt/mapr/conf/mapr.keytab</value> <!-- path to the MapReduce keytab -->
</property>Modify the env.sh File
The env.sh file contains a setting for MapR login options that
defaults to the value maprsasl. Change this value
to hybrid, which applies to Kerberos and other security protocols.
The new line (after the change) should look like this:
MAPR_LOGIN_OPTS="-Dhadoop.login=hybrid ${MAPR_JAAS_CONFIG_OPTS} ${MAPR_ZOOKEEPER_OPTS}"Restart JobTracker
JobTracker must be restarted in order for the configuration file changes to take effect. Enter the following command:
maprcli node services -jobtracker restart -nodes <jtnode>