Hello @parinthorn ,   thank you for reaching out with your enquiry regarding to how to restrict access to different CDP environments.   Have you seen our documentation about "Enabling admin and user access to environments", please?   Should you only start to onboard your user, please follow the instructions under "Getting started as an admin".   Please let us know if this is what you were looking for.   Thank you: Ferenc     ... View more

Hello @wert_1311 ,   thank you for reaching out about how to configure high-availability for CM. Can you please specify the version you are using, so I can send you the most relevant information?   In the meantime, please find below the documentation covering your enquiry for CM6.3.   Please let me know if it covers your enquiry. Please do not miss to read the Database High Availability Configuration section.   Best regards: Ferenc ... View more

Hello @Saagar ,   thank you for expressing your interest on downloading the Quickstart VM for CDH5.14. Unfortunately  The Cloudera Quick start VM has been discontinued.   You can try the docker image of Cloudera available publicly on https://hub.docker.com/r/cloudera/quickstart or simply run below command to download this on docker enabled system.  docker pull cloudera/quickstart   Please note, Cloudera don't support QuickStart VM Officially.    The up-to-date product is  Cloudera Data Platform , and you can download a trial version to install on-premises  here .    Best regards: Ferenc     ... View more

Hello @Fawze ,   thank you for raising your question regarding on our Common Vulnerabilities and Exposures (CVE) processes. Please see [1] and [2] articles on how we handle vulnerabilities and [3] for the Security Bulletins.   Q1) Is the patching  process part of the CDH versions, if i need to apply a patch do i have other ways without upgrading the CDH version?   A1) for Cloudera Customers there is a patching process available, however the process is equivalent to deploying to a new minor version. Therefore we encourage applying the latest minor versions instead of patching when fix is available. There are situations when patching is not possible because of the amount of code change / redesign required. If you are a subscription customer, please file a Support ticket on our Support Portal listing all your requirements and we will guide you through the process. When you are in the process of redesigning your cluster, please involve your Account Team (Sales Team) as early as possible, as they might able to assist you to build a more robust system.     Q2)  Is there a dedicated board for cloudera/hadoop vulnerability issues that can be used as source of truth?   A2) Yes, it is called Security Bulletins. Please see [3]     Q3) Where i can get the patches? is it requesting subscription?    A3) Yes, it is required to have a subscription to access Support. We understand that patching is an expensive exercise, therefore we do our best to identify options on how to resolve your issue, which might not require a patch. Please always apply the latest minor version release for your Cloudera software, as it contains the latest bug fixes. By this you can reduce the likelihood of downtime.     Q4)  For example, i want to follow this one  https://nvd.nist.gov/vuln/detail/CVE-2019-14449  , is it mean to get this done i need to upgrade to 5.16.2 or there is a patch that i can download and run it?   A4) Based on [3] there is no workaround identified, which means you have to upgrade to a version that contains the fix: Cloudera Manager 5.16.2, 6.0.2, 6.1.1, 6.2.0, 6.3.0 Since the issue affects CM only, you do not need to upgrade your CDH, only CM.   Please let us know if we answered all of your enquiries and if so, please mark the answer as the solution, so it will be easier for other community members to find it.   Best regards: Ferenc   [1] http://blog.cloudera.com/blog/2016/05/clouderas-process-for-handling-security-vulnerabilities/ [2] http://www.apache.org/security/committers.html#vulnerability-handling [3] https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html ... View more

Hello @BSST  ,   thank you for sending the agent logs. Based on this because of some reason the agent cannot connect to the CM server.:   [07/Jun/2020 09:30:46 +0000] 1182 MainThread agent ERROR Heartbeating to 192.168.1.8:7182 failed. error: [Errno 111] Connection refused   You will need to troubleshoot the connectivity between the agent node and the CM Server node and if the port is listening on the CM node. What does the CM Server log shows at this period of time, please? (/var/log/cloudera-scm-server/cloudera-scm-server.log [1]). Do you see any exception there? Did you follow all the steps one-by-one in our documentation? This issue can be caused by multiple reasons e.g. even if the agent is configured for TLS, but the CM Server is not: Network problem, the CM Server is now on another node (check the IP address), certificate issues. Check if the CM Server has enough heap dedicated. Too low heap will result JVM to turn into heavy GC activity, rendering it unresponsive causing timeouts.   Please let us know if you managed to overcome this issue.   Kind regards: Ferenc   [1] https://docs.cloudera.com/cloudera-manager/7.1.0/monitoring-and-diagnostics/topics/cm-logs.html ... View more

Hello @BSST ,   thank you for letting us know that you need clarification on how to set the ports used by CM and related products.   Please see our "Ports Used by Cloudera Runtime Components" documentation [1] that hopefully covers your enquiry.   Kind regards: Ferenc   [1] https://docs.cloudera.com/cdpdc/7.0/installation/topics/cdpdc-ports-used-by-runtime.html ... View more

Hello @MikeZ ,   thank you for getting back with your analysis. We do not recommend to customise the CDH releases, as it might lead to unforeseen instabilities that might be very difficult to debug.   Please consider to evaluate our CDP Trial release [1], in which the functionality you need is included and supported.   Best regards: Ferenc   [1] https://docs.cloudera.com/cdpdc/7.0/installation/topics/cdpdc-trial-download-information.html ... View more

Hello @BSST ,   thinking it through my impression is that the agents are not able to reach the server and vice versa.   The screenshot shows that CM is waiting for the CM agent to heartbeat in, which doesn’t happen.   Did you completed this step in [1], please? "Firewalls (such as iptables and firewalld) must be disabled or configured to allow access to ports used by Cloudera Manager, CDH, and related services."   Another possibility is that SELinux is enabled. [1] points out that "Security-Enhanced Linux (SELinux) must not block Cloudera Manager or CDH operations"   Please check the CM agent logs that would assist to find the root cause.    Thank you: Ferenc   [1] https://docs.cloudera.com/documentation/enterprise/6/release-notes/topics/rg_network_and_security_requirements.html   ... View more

Hello @BSST ,   thank you for the more detailed report. Checking internally if we can re-produce.   Kind regards: Ferenc ... View more

Hello @MikeZ ,   thank you for raising your question about Livy on CDH6. As you mentioned Livy is supported only in CDP [1] (Cloudera Data Platform 7), however it is not supported yet in CDH6. Usually a product is not supported until Cloudera finds it stable and production ready. Therefore we encourage you to evaluate CDP [2].   The "KerberosName$NoMatchingRule: No rules applied to mzeoli@COMPANY.PRI" exception usually occurs when the  hadoop.security.auth_to_local rules does not provide a mapping to the local linux user (the user has to exist on the node that is extracted from the kerberos principal). Also make sure that the krb5.conf is readable by the user.   Please let us know if this information was helpful!   Kind regards: Ferenc   [1] https://docs.cloudera.com/runtime/7.1.0/running-spark-applications/topics/spark-submitting-applications-using-livy.html [2] https://docs.cloudera.com/cdpdc/7.0/installation/topics/cdpdc-trial-download-information.html ... View more