Configure JobTracker with Kerberos
Modify the mapred-site.xml File
The mapred-site.xml
file needs the
following information for JobTracker:
Property Name | Description | Value |
---|---|---|
mapreduce.jobtracker.kerberos.principal
|
Hostname and realm |
mapr/_HOST@<REALM>
|
mapreduce.jobtracker.keytab.file
|
Path to the MapReduce keytab file |
/opt/mapr/conf/mapr.keytab
|
Add these properties to your mapred-site.xml
file as shown in the
following example. Note that this example uses dev-maprtech
for the
Kerberos realm.
<!-- JobTracker security configuration -->
<property>
<name>mapreduce.jobtracker.kerberos.principal</name>
<value>mapr/_HOST@dev-maprtech</value>
</property>
<property>
<name>mapreduce.jobtracker.keytab.file</name>
<value>/opt/mapr/conf/mapr.keytab</value> <!-- path to the MapReduce keytab -->
</property>
Modify the env.sh File
The env.sh
file contains a setting for MapR login options that
defaults to the value maprsasl
. Change this value
to hybrid
, which applies to Kerberos and other security protocols.
The new line (after the change) should look like this:
MAPR_LOGIN_OPTS="-Dhadoop.login=hybrid ${MAPR_JAAS_CONFIG_OPTS} ${MAPR_ZOOKEEPER_OPTS}"
Restart JobTracker
JobTracker must be restarted in order for the configuration file changes to take effect. Enter the following command:
maprcli node services -jobtracker restart -nodes <jtnode>