Member since
10-29-2015
121
Posts
29
Kudos Received
4
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
448 | 06-27-2024 02:42 AM | |
2021 | 06-24-2022 09:06 AM | |
3330 | 01-19-2021 06:56 AM | |
54218 | 01-18-2016 06:59 PM |
06-05-2024
02:26 AM
1 Kudo
Hello @Dennisleonn, Thank you for the detailed explanation and response. Certainly helped to understand the way Knox and Ranger work together. With respect to the issue Knox being not able to write the audit logs, I was able to get it through by changing the authorization type to "XASecurePDPKnox", which pushed Knox to use Ranger for authorizations and ultimately started writing audits to HDFS. However, I am now stuck on next issue where, I am unable to access the service URLs from Knox as regardless of the permissions in ranger policies for respective service, access is denied. Same is seen on Ranger Admin UI as well, which confirms ranger is denying access to service UIs via custom topology. All works okay with default (cdp-proxy) topology. I am pretty sure something basic is missed. But unable to get hold of it. Any clue on this? Thanks snm1523
... View more
05-23-2024
04:09 AM
Hello, Has anyone encountered an issue were Knox is not writing audit logs of specific topology. We have below topologies created including few of them migrated from HDP, however, necessary modifications were done and are listed in Knox UI. cdp-proxy cdp-proxy-api cdp-proxy-token health tokenexchange user1 - created for user group topo1 - created for user group and migrated from HDP topo2 - created for user group and migrated from HDP app - Used by app accounts Knox is successfully writing Ranger audit logs in HDFS for only cdp* topologies which were created by Cloudera during setup of Knox service and not for other. Written logs are visible in access tab of Audit section in Ranger Admin UI. We have total of 3 clusters and this is the case 2 clusters, for 1 cluster everything works fine. I have compared the configuration and also topology xmls and all seems correct (except for instance details which is obvious). Would it be anything related to Ranger or Solr configuration for Knox? However, if that is case it should be applicable to all topologies of Knox, why only non-default ones? Please help with suggestions / things to check / troubleshoot. Thanks snm1523
... View more
Labels:
05-20-2024
03:53 AM
1 Kudo
Hello @Scharan, I did found this sometimes back. 🙂 However, thank you for reconfirming my understanding. Thanks snm1523
... View more
05-20-2024
01:34 AM
1 Kudo
Hello, We have recently migrated from HDP to CDP 7.1.9 and new Knox topologies created as per Cloudera recommendations (cdp-proxy, cdp-proxy-api and cdp-proxy-token) are in place and configured. However, for some reason the topologies from HDP environment are also inherited and are visible on Knox UI, though are not active / used. Kindly advise on below points: 1. Is this a normal behaviour that Knox topologies get inherited OR we missed something? 2. How do we delete these unwanted topologies so they don't appear in Knox UI. 3. There are some topologies that we would still need, however, few services like Ambari and Zeppelin are not needed. How do I remove these from an existing topology? Thanks snm1523
... View more
Labels:
05-16-2024
02:35 AM
1 Kudo
Thank you for the explanation @Rajat_710. This helps. So once the logs from spool are processed they are moved to archive and hence, safe to be deleted, correct? Secondly, for SMM, logs are not going to HDFS at all. Is there a way to configure audit logs of SMM to go to HDFS like we are sending for other services? I did not see the configuration anywhere in SMM to enable this. Thanks snm1523
... View more
05-15-2024
01:12 AM
1 Kudo
Hello, Any clue on how we configure Streams Messaging Manager server to send audit logs to HDFS and / or Solr (just like other services) and then they would get archived to /archive directory from where we can manually delete them? I am referring to logs that get stored under below location locally (not HDFS) /var/log/streams-messaging-manager/audit/<hdfs or solr>/spool Thanks snm1523
... View more
05-13-2024
01:34 AM
1 Kudo
Thank you for the response @RAGHUY. Would these be the only steps we need to perform or based on your experience, you have identified anything additional which is not mentioned in the documentation you shared. Thanks snm1523
... View more
05-10-2024
02:17 AM
1 Kudo
Hi All, I am aware once we upgrade CDP PB from x to y, we need to finalise HDFS upgrade if it is required. However, recently in the team got to know from someone who has done the upgrade that we also need to finalize Kafka upgrade along with HDFS. What needs to be done with finalising Kafka upgrade? Is it a newer thing in latest CDP version or something I have always missed on previous Kafka clusters? Haven't had a need of doing this. Thanks snm1523
... View more
Labels:
05-01-2024
03:58 AM
1 Kudo
Hello @Rajat_710 , This is a last follow up query on this thread. Any clue how we configure Streams Messaging Manager server to send audit logs to HDFS and / or Solr (just like other services) and then they would get archived to /archive directory from where we will manually delete them? I am referring to logs that get stored under below location locally (not HDFS) /var/log/<service name>/audit/<HDFS or Solr>/spool/ Thanks snm1523
... View more
04-22-2024
02:49 AM
1 Kudo
Thank you for the reference, @Rajat_710 . That link is referencing to a community post where someone has discussed about logs in HDFS. However, here I am more keen towards logs that are stored in local location and not getting deleted even after they are moved to HDFS. Since, you mentioned that this has to be manually deleted and Cloudera is currently working on implementing automatic purge of these logs from local, would it be possible to kindly share a reference article or a Cloudera blog post or a known issue reference where this has been mentioned / recorded. Thanks snm1523
... View more