About snm1523

snm1523 · ‎06-07-2024

UPDATE: There were configs done incorrectly in topology files due to which I was unable to access Service UIs. Fixing the topology config file helped.

snm1523 · ‎06-05-2024

Thank you for the detailed explanation, @ShankerSharma. However, we ultimately had the engineering team along with developers who did this job. But I will keep this in my notes for reference.

snm1523 · ‎06-05-2024

Hello @Dennisleonn, Thank you for the detailed explanation and response. Certainly helped to understand the way Knox and Ranger work together. With respect to the issue Knox being not able to write the audit logs, I was able to get it through by changing the authorization type to "XASecurePDPKnox", which pushed Knox to use Ranger for authorizations and ultimately started writing audits to HDFS. However, I am now stuck on next issue where, I am unable to access the service URLs from Knox as regardless of the permissions in ranger policies for respective service, access is denied. Same is seen on Ranger Admin UI as well, which confirms ranger is denying access to service UIs via custom topology. All works okay with default (cdp-proxy) topology. I am pretty sure something basic is missed. But unable to get hold of it. Any clue on this? Thanks snm1523

snm1523 · ‎05-23-2024

Hello, Has anyone encountered an issue were Knox is not writing audit logs of specific topology. We have below topologies created including few of them migrated from HDP, however, necessary modifications were done and are listed in Knox UI. cdp-proxy cdp-proxy-api cdp-proxy-token health tokenexchange user1 - created for user group topo1 - created for user group and migrated from HDP topo2 - created for user group and migrated from HDP app - Used by app accounts Knox is successfully writing Ranger audit logs in HDFS for only cdp* topologies which were created by Cloudera during setup of Knox service and not for other. Written logs are visible in access tab of Audit section in Ranger Admin UI. We have total of 3 clusters and this is the case 2 clusters, for 1 cluster everything works fine. I have compared the configuration and also topology xmls and all seems correct (except for instance details which is obvious). Would it be anything related to Ranger or Solr configuration for Knox? However, if that is case it should be applicable to all topologies of Knox, why only non-default ones? Please help with suggestions / things to check / troubleshoot. Thanks snm1523

snm1523 · ‎05-20-2024

Hello @Scharan, I did found this sometimes back. 🙂 However, thank you for reconfirming my understanding. Thanks snm1523

snm1523 · ‎05-20-2024

Hello, We have recently migrated from HDP to CDP 7.1.9 and new Knox topologies created as per Cloudera recommendations (cdp-proxy, cdp-proxy-api and cdp-proxy-token) are in place and configured. However, for some reason the topologies from HDP environment are also inherited and are visible on Knox UI, though are not active / used. Kindly advise on below points: 1. Is this a normal behaviour that Knox topologies get inherited OR we missed something? 2. How do we delete these unwanted topologies so they don't appear in Knox UI. 3. There are some topologies that we would still need, however, few services like Ambari and Zeppelin are not needed. How do I remove these from an existing topology? Thanks snm1523

snm1523 · ‎05-16-2024

Thank you for the explanation @Rajat_710. This helps. So once the logs from spool are processed they are moved to archive and hence, safe to be deleted, correct? Secondly, for SMM, logs are not going to HDFS at all. Is there a way to configure audit logs of SMM to go to HDFS like we are sending for other services? I did not see the configuration anywhere in SMM to enable this. Thanks snm1523

snm1523 · ‎05-15-2024

Hello, Any clue on how we configure Streams Messaging Manager server to send audit logs to HDFS and / or Solr (just like other services) and then they would get archived to /archive directory from where we can manually delete them? I am referring to logs that get stored under below location locally (not HDFS) /var/log/streams-messaging-manager/audit/<hdfs or solr>/spool Thanks snm1523

snm1523 · ‎05-13-2024

Thank you for the response @RAGHUY. Would these be the only steps we need to perform or based on your experience, you have identified anything additional which is not mentioned in the documentation you shared. Thanks snm1523

snm1523 · ‎05-10-2024

Hi All, I am aware once we upgrade CDP PB from x to y, we need to finalise HDFS upgrade if it is required. However, recently in the team got to know from someone who has done the upgrade that we also need to finalize Kafka upgrade along with HDFS. What needs to be done with finalising Kafka upgrade? Is it a newer thing in latest CDP version or something I have always missed on previous Kafka clusters? Haven't had a need of doing this. Thanks snm1523

Online	Offline
Last Visited	‎11-21-2024 08:13 AM

Member Since	‎10-29-2015 07:36 PM
Last Visited	‎11-21-2024 08:13 AM
Posts	123
Kudos received	31

Cloudera Community

Re: YARN and HDFS monitoring via Grafana

Re: Enable Admin account for Cloudera Manager

Re: Datanode not starting: SIGTERM error

Re: MKDirs failed to create file

Re: Knox not writing custom topology audit logs - ...

Re: Migrating Oozie jobs from HDP to CDP PB

Re: Knox not writing custom topology audit logs - ...

Knox not writing custom topology audit logs - CDP ...

Re: Delete unwanted knox topologies - CDP Private ...

Delete unwanted knox topologies - CDP Private Clou...

Re: Ranger audit log for Stream Messaging Manager ...

Streams Messaging Server audit logs - CDP Private ...

Re: Finalise Kafka upgrade - CDP Private Cloud

Finalise Kafka upgrade - CDP Private Cloud