Disabling AD or MIT Kerberos Fails-HBase Service will not Start on BDA V4.2 (Doc ID 2052547.1)

Last updated on DECEMBER 04, 2015

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 and later
Linux x86-64

Symptoms

Disabling Kerberos (MIT Kerberos or AD Kerberos) on BDA V4.2 (CDH 5.4) may require clearing the /hbase znodes.  Without this the HBase service may fail to come up after/during Kerberos removal while running 'bdacli disable kerberos' or 'bdacli disable ad_kerberos'.  Note however it may not be possible to clear /hbase znodes if HBase replication is enabled. For MIT Kerberos removal see: Instructions to Disable Kerberos on Oracle Big Data Appliance with Mammoth V3.*/V4.* Releases (Doc ID 1919431.1); for AD Kerberos removal see: Instructions to Enable/Disable AD Kerberos on Oracle Big Data Appliance with Mammoth V4.2 Release (Doc ID 2029378.1).

For earlier BDA versions, see: How to Remove /hbase/acl Znode Left Around After Kerberos is Disabled (Doc ID 1923834.1).  Some of the same steps apply, but some differ in BDA V4.2 (CDH 5.4).

Using 'bdacli disable ad_kerberos' as an example, symptoms look like:

1. The command to remove Kerberos, for example, 'bdacli disable ad_kerberos' fails as below:

ERROR: Puppet agent run on node bdanode01 had errors. List of errors follows
INFO: Also check the log file in /opt/oracle/BDAMammoth/bdaconfig/tmp/pagent-bdanode01-20150826221731.log
...
ERROR: Kerberos removal ran into issues. Exiting.
INFO: Running bdadiagcluster...
Exiting...


2. In Cloudera Manager (CM) the HBase service is down and can not be restarted.

3. Since 'bdacli disable ad_kerberos' did not complete, 'bdacli kerberos status' shows true.

4. However enough of 'bdacli disable ad_kerberos' completes such that CM shows that is Kerberos is removed.

a) From CM: Administration > Kerberos, Kerberos is disabled.

Output is like:

To enable Kerberos for these clusters, click the Enable Kerberos button below.
 Cluster                  Status
<cluster_name>  Kerberos is disabled.   [Enable Kerberos]

b) From CM:  HBase security is disabled.  Navigating: HBase > Configuration > Search: auth
Shows:
HBase Secure Authentication > simple
HBase Secure Authorization > HBase is unchecked
HBase Thrift Authentication > none
HBase REST Authentication > simple

For example:

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms