Verifying the Node Hostname and Time Settings

For Kerberos the hostname is used for the Service Principal name, therefore the hostname must resolve to the correct IP address. (See Principal names and DNS.) Kerberos authentication is sensitive to system time, therefore system clocks that are manually set may cause issues. Ensure that node time is set to a well-known Network Time Protocol (NTP).

Procedure

  1. Verify the hostname:

    nslookup $(<hostname> --fqdn) && <hostname> --fqdn && <hostname> -i

    Example results:

    Server:		10.200.1.10
Address:	10.200.1.10#53

Name:	node.example.com
Address: 10.200.182.183

node.example.com
10.200.182.183

  2. On each node, confirm that NTP is configured and running:

    ntpq -p

    Example results:

    remote           refid            st t when poll reach   delay   offset  jitter
==============================================================================
*li506-17.member 209.51.161.238   2  u 331 1024  377   80.289    1.384   1.842
-tock.eoni.com   216.228.192.69   2  u 410 1024  377   53.812    1.706  34.692
+time01.muskegon 64.113.32.5      2  u 402 1024  377   59.378   -1.635   1.840
-time-a.nist.gov .ACTS.           1  u 746 1024  151  132.832   26.931  55.018
+golem.canonical 131.188.3.220    2  u 994 1024  377  144.080   -1.732  20.072

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com