Versions Compared

Old Version 17

changes.mady.by.user Kalpana Malladi

Saved on

compared with

New Version Current

changes.mady.by.user Gouri Bhagchandani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article

Table of Contents
maxLevel2
absoluteUrltrue

Overview

Use this account type to connect Hadoop Snaps with data sources that use Kerberos accounts.

Prerequisites

None.

Limitations

...

The security model configured for the Groundplex (SIMPLE or KERBEROS authentication) must match the security model of the remote server. Due to limitations of the Hadoop library, we are only able to create the necessary internal credentials for the configuration of the Groundplex.

Known Issues

None.

Account Settings

Image Removed

Use the Create Account popup to create AWS S3 accounts:

Note

All fields are required.

...

Field Name

Field Type

Description

Label


Default Value

Example Label

: N/A
Example: Kerberos Account

String

Multiexcerpt include macro
nameAccount_Label
pageAWS S3 Account for Hadoop

N/AKerberos Account

Client Principal

String

The client principal associated with the account.

Default Value: N/A
Example: snaplogic/EXAMPLE.COM@ATHENA.MIT.EDU

Keytab File

String

Path to the Keytab file.

Specify the client principal associated with the account.

Keytab File

Default Value: N/A
Example: /keytabs/snaplogic.keytab

Service Principal

String

The service principal associated with the account.

Protocols supported: HDFS

Specify the path to the Keytab file.

Hadoop config directory

Default Value: N/A

krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU
Note

Even though you pass both client and server principals here, the Snap only validates the client information and not the server information. This is because server validation requires information that is available only in the Snap's settings and not the Account settings.

...

Example: /etc/hadoop/config

String/Expression

Specify the path of the Hadoop configuration files to read the Hadoop configuration for a specific instance of a Hadoop cluster. The account uses the config files from this path to initialize the Hadoop object and establishes a connection with the Hadoop cluster.

  • When you specify a path in this field, the account overrides the value set on the Snaplex system property. This enables you to create multiple Kerberos accounts, each configured to read Hadoop configurations for more than one cluster.  A pipeline can then include multiple instances of the Read or Write Snap, each using a unique account from the account list.

  • If you leave this field blank, the account uses the path in the Snaplex configuration. If the specified Hadoop config locations (either in the account settings or the Snaplex configuration) are invalid, then the Snap generates default security configurations to use.

Troubleshooting

Error Message

Reason

Resolution

Failed to validate account: Kerberos keytab file does not exist or cannot be read.

Specify the location of the keytab file.

This typically means that the Keytab File or Client Principal details provided are incorrect.

Please verify

Verify if the provided credentials are correct.

Cannot locate default realm

No reason provided by the snap

This error appears when the value in the Client Principal field is not in the format expected.

Failure in URL connection or file access denial, detail: SIMPLE authentication is not enabled.  Available:[TOKEN, KERBEROS]

Either the value in the Hadoop config directory field or the Node properties is empty or the configuration directory is invalid.

Specify a valid path for the Hadoop configuration files.


Snap Pack History

...

Related Content