About Shelton

Shelton · ‎01-24-2019

@Lokesh Mukku In a Namenode HA there is no notion of IP address but Nameservice ID (geeklab)as illustrated in the screenshot. In the background, geeklab will be doing something like load balancing between (nn01,nn02) whichever is the Active at a particular time, for example, if nn01 is the active NN and all over a sudden it encounters an issue and goes down, the ZKFailoverController will detect that failure through the heartbeat misses and transparently failover to nn02. The Nameservice ID is used to avoid hard-coding the IP's in case you change the host during an upgrade or system failure. I gave you the example of DNS to explain it further..www.teamworks.com is a DNS entry used to resolve hostnames to a specific IP of the teamworks.com web server to machine-readable IP addresses (e.g. 192.168.106.81) behind the scenes www.teamworks.com to guard against any failure could have a couple of web servers (HA setup ) say 3 web servers serving content for www.teamworks.com with a load balancer (see screenshot LB.png) which act like the Nameservice ID in case a namenode/web server goes down the cluster/website will still be available as Nameservice ID will automatically failover point to the active name node controlled by ZKFailoverController . HTH

Shelton · ‎01-23-2019

@Lokesh Mukku The sequence of events you described is correct. The failover should be transparently handled by the ZKFailoverController . HA clusters use the nameservice ID (dfs.nameservices in hdfs-site.xml) to identify a single HDFS instance that may consist of multiple HA NameNodes. The nameservice ID acts like a DNS for further reading see this HW document HTH

Shelton · ‎01-23-2019

@Ruslan Fialkovsky I think the topics created before changing the ACL's don't inherit the permissions. From the znode entry, I see you have one topic called test. To validate can you create a new topic and ensure you change them in your Nifi flow files and retest! Normally if you run rmr in zookeeper CLI the entry deleted should be created but I am not sure for Kafka topics. Please revert

Shelton · ‎01-23-2019

@ Ruslan Fialkovsky Logon to Zk on DEV and PROD Check whether you have child znodes under ls /config/topics Validate that you have Kerberos entries in /etc/nifi/conf/nifi_jaas.conf example NiFiClient { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/security/keytabs/nifi.service.keytab" storeKey=true useTicketCache=false principal="nifi/{kdc_host}@REALM"; }; RegistryClient { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/security/keytabs/nifi.service.keytab" storeKey=true useTicketCache=false principal="nifi/{kdc_host}@REALM"; Please revert

Shelton · ‎01-23-2019

@ Ruslan Fialkovsky Can you compare these files on both cluster, if it doesn't exist on the DEV then create them with correct owner and privileges Kafka /etc/kafka/conf/kafka_client_jaas.conf /etc/kafka/conf/kafka_jaas.conf Zookeeper /etc/zookeeper/conf/zookeeper_jaas.conf /etc/zookeeper/conf/zookeeper_client_jaas.conf After updating these files restart the zk and Kafka and retry HTH

Shelton · ‎01-23-2019

@ Ruslan Fialkovsky Now you see that on DEV world: everyone has cdrwa while for kafka there is no entry so you will need to setAcl for kafka setAcl /config/topics world:anyone:cdrwa,sasl:kafka:cdrwa Did you grasp how to use the using superDigest to become a Zookeeper superuser, that's like the zookeeper root user who can add/change the ACL's ,let me know if you need help on that.

Shelton · ‎01-22-2019

@ Ruslan Fialkovsky Can you log on both cluster as zookeeper run kinit then $ /usr/hdp/current/zookeeper-server/bin/zkCli.sh [zk: localhost:2181(CONNECTED) 0] getAcl /config/topics Compare the outputs there should be a difference between the 2 cluster sample output [zk: localhost:2181(CONNECTED) 1] getAcl /config/topics 'world,'anyone : r 'sasl,'kafka : cdrwa And on the other [zk: localhost:2181(CONNECTED) 1] getAcl /config/topics 'world,'anyone : cdrwa If that's the case have a look at how to set the correct ACL for the /config/topics in this HCC document Please let me know

Shelton · ‎01-22-2019

@ Ruslan Fialkovsky Are you doing some lab, this looks familiar can you share the link, I want to see if I can reproduce it on my cluster?

Shelton · ‎01-22-2019

@ Ruslan Fialkovsky Is your nifi part of the kerberized cluster or is a separate HDF cluster? What are versions of the components NIF,HDP etc ?

Shelton · ‎01-22-2019

@Jeremy Jean-Jean There is no sense in installing zeppelin on all the nodes, Do you have YARN Client installed on the data nodes? Then submit using spark-submit --class <clasname> --master yarn --deploy-mode cluster <jars> <args> HTH

Online	Offline
Last Visited	‎03-29-2026 10:39 AM

Member Since	‎01-19-2017 04:35 AM
Last Visited	‎03-29-2026 10:39 AM
Posts	3,679
Kudos received	621

Cloudera Community

Re: Apache nifi memory consumption in kubernetes

Re: Nifi toolkit command for GitLabFlowRegistry

Re: Not able to delete the NiFi existing flow usin...

Re: Securing Nifi with SSL and using OIDC provider...

Re: External zookeeper and nifi cluster connection...

Re: namenode down?

Re: namenode down?

Re: ConsumeKafka processor's NiFi can't communicat...

Re: ConsumeKafka processor's NiFi can't communicat...

Re: ConsumeKafka processor's NiFi can't communicat...

Re: ConsumeKafka processor's NiFi can't communicat...

Re: ConsumeKafka processor's NiFi can't communicat...

Re: ConsumeKafka processor's NiFi can't communicat...

Re: ConsumeKafka processor's NiFi can't communicat...

Re: Spark in yarn-cluster mode on Zeppelin