Support Questions

You should probably be using port 21050 (there are some cases where you'd use 21000, see the documentation for details: http://www.cloudera.com/content/www/en-us/documentation/archive/impala/2-x/2-1-x/topics/impala_odbc.... - the version of the ODBC driver currently being used in Cloudera Live / Tableau clusters is 2.5.28.1008). You should be connected to any of the Worker Nodes listed on your Guidance Page, because those are the nodes running Impalad. No username should be given, because no authentication is currently configured for that service.

 

When you see these Tables in Hue, are you using the Impala Query Editor app? or the Hive Query Editor?

Hi Sean,

 

Thanks for your reply.  I could connect to one of the worker nodes using 10.0.0.70:21050.  But, in Tableau, I am not seeing any of the tables that I could access in both Hive and Impala.  I am not very familiar with Tableau but very proficient with Business Objects & Microstrategy.  Is there anything I need to do more than just connecting to the server?  I would appreciate your response back.

 

Mark

Have you follow the instructions in step 9 of the tutorial, to select the default schema? http://www.tableau.com/cloudera-tableau-9

Hi Sean,

 

Thanks very much.  The documentation is helpful and I am making progress. 

 

I have one more request.  I have Microstrategy on my local machine and I want to connect to Impala on Cloudera Live.  I tried using the ip address that I am using with Tableau but I am not able to connect from my machine.  Is there a public dns I could use when I am not going through remote desktop. I would appreciate your reply.

 

Mark

There's a network ACL that blocks access from outside the cluster to any
ports that are not configured with secure credentials. You can find the
network ACL in your AWS account (look up the specific ID under Resources in
CloudFormation if you need to) and edit the rules to meet your needs, but
you should be aware of that insecurity.

Hi Sean,

 

Thanks for the information.  I will work on AWS and see if I can access from outside. 

 

Can you tell me how much time I have with this free trial?  I want to do some more work to understand the environment better.

 

Mark

The Cloudera software is running under the standard 60-day free trial.
After 60 days, some Enterprise features in Cloudera Manager will stop
working (such as Cloudera Navigator), but all of CDH and any feature of
Cloudera Manager that is available in the free version will continue to
work.

I believe Tableau Desktop is running under a 14-day free trial.

Hi Sean,

 

I tried to add an entry (with rule number 130) using custom TCP with port number 21050 to connect to Impala from my local machine using Microstrategy.  It looks like this port is at the instance level.  The network acl id is acl-6348e107 and subnet is subnet-f1987987.  Can you tell me the entries I need to use for opening up access?  I could connect from Putty on my machine to the manager node.

 

But with Microstrategy, I am trying to connect to one of the worker nodes (as I did with Tableau) using public IP address 54.210.54.84:21050.  This doesn't work.  I would appreciate if you could provide the entries I need to add to get access to Impala from my machine.

 

Thanks,

 

Mark

The Network ACL rules apply to the network as a whole (meaning the 5
machines in your cluster), and it should only apply to traffic going to or
from your cluster, not between the machines themselves. Do also keep in
mind that Network ACLs are a form of stateless firewall - meaning it
doesn't filter based on the context of TCP connections. So you need to
permit inbound traffic on port 21050, but also outbound traffic on 21050
(or whatever port your client is using for responses in the TCP connection
- or "ephemeral ports"). The network ACL should already allow traffic on
the standard ephemeral ports for both Linux and Windows operating systems.

To assist in debugging this, I would use something like Wireshark to see
exactly what's happening on the network - but that does require a pretty
detailed understanding of how TCP and related protocols work. If you don't
really care about the security of your cluster, you can also try just
opening up the network ACL entirely to see if everything else is working
before trying to lock it down again.