After Kerberos is enabled in the cluster, some codes in the existing environment will be modified. Some people find it inconvenient to use and want to cancel Kerberos. This article mainly introduces how to disable Kerberos of the CDH cluster and test the services of each component after disabling it.
Some defects in relevant online documents have been corrected and have been actually used in production environments.
- Stop all services of the cluster through CM
Service stopped successfully
Modify Zookeeper's enableSecurity to false (uncheck)
Uncheck this configuration
Modify HDFS configuration
Modify Hadoop’s secure authentication
Select simple for the first one and uncheck the second one.
Modify the data directory permissions of DataNode to 755
Change the port numbers of the DataNode service to 50010 and 50075 respectively.
Enter the HBase service to modify the configuration
Modify HBase authentication
The first one is changed to simple, the second one is unchecked, and the third one is changed to none4
Hue service modification
Delete the "Kerberos Ticket Renewer" service in the Hue instance
If sentry is added at the same time, remember to cancel the sentry related ones simultaneously.
Before restarting the cluster, delete some folders under zk
(1) Zookeeper adds parameters (skip zk directory permission check):
Server advanced configuration code snippet of zoo.cfg
skipACL=yes
Delete zk old data directory
zookeeper-client ;
deleteall /hbase
deleteall /rmstore/ZKRMStateRoot
deleteall /hadoop-ha/nameservice1 (这根据你自己ha集群的名字而定)
Then start zk. After zk is completed, start the cluster and update the client configuration. Check the CM to show that Kerberos is disabled.