Pivotal Knowledge Base

Follow

How to enable kerberos trace logging with Pivotal HDB ?

Environment

  • PHD 1.1.1
  • KRB5_TRACE only works on Kerberos 1.9.0+.
  • Pivotal HDB 1.1.4 and above

Question:

How to enable kerberos trace logging with HDB  to identify any kerberos issue?

Solution:

Step 1: Edit /usr/local/hawq/greenplum_path.sh file to include the below entry:

export KRB5_TRACE=<File Name>

Note: Donot use /dev/out instead of filename above, it will slow down the initialization process and also, messages would not be available for future references

Enabling KRB5_TRACE will send tracing information for kinit to the specified file.

Step 2: Source greenplum_path.sh file

source /usr/local/hawq/greenplum_path.sh

Step 3: Continue initializing / restarting  HDB

Now you can refer to the file created and review any kerberos errors encountered.

Verification:

On the master node, once HDB is restarted, run the following command:

grep -a --color -e KRB5 /proc/$(pgrep -f -- "-M master")/environ

This will output the environment variables for HDB master. The variable KRB5 will be highlighted.

Comments

Powered by Zendesk