@Ninads  Here is a community article by @kramalingam Connecting to Kerberos secured HBase cluster from Java application it's a walkthrough that should give you ideas  Was your question answered? If so make sure to mark the answer as the accepted solution. If you find a reply useful, Kudos this answer by hitting the thumbs up button. ... View more

@sass You should get worried if you are using CDH express because once the trial period expires, a valid subscription will be required to continue the use of the software. This blanket change of policy will affect all legacy versions for Cloudera Distribution including Apache Hadoop (CDH), Hortonworks Data Platform (HDP), Data Flow (HDF/CDF), and Cloudera Data Science Workbench (CDSW). Here is a good read from Cloudera and the details of want you should know and expect come January 31, 2021 Paywall Expansion Update Happy hadooping Was your question answered? If so make sure to mark the answer as the accepted solution. If you find a reply useful, Kudos this answer by hitting the thumbs up button. ... View more

@MayankJ  Your suspicion is spot on !!   Note: Sentry only allows you to grant roles to groups that have alphanumeric characters and underscores (_) in the group name. When Sentry is enabled, you must use Beeline to execute Hive queries. Hive CLI is not supported with Sentry and must be disabled. See Disabling Hive CLI for information on how to disable the Hive CLI.   The GRANT ROLE statement can be used to grant roles to groups and Only Sentry admin users can grant roles to a group.   Create a role   CREATE ROLE datascientist; GRANT ROLE datascientist TO GROUP gurus;   Grant to the database test   GRANT ALL ON DATABASE test TO ROLE datascientist;   Grant to a table lesson in test database   GRANT ALL ON TABLE test.lesson TO ROLE datascientist;   The reason Sentry grants  ROLES to GROUPS is logic to simplifies management where you bundle privileges and grant it to a group so if that the only moving part is the user, so the below statement will effectively  disable mayankj's grants to do anything privileges the datascientist  roles    # gpasswd -d mayankj gurus   Removing user mayankj from group datascientist Quite simple and effective Roles are created to group together privileges or other roles. They are a means of facilitating the granting of multiple privileges or roles to groups.   Was your question answered? If so make sure to mark the answer as the accepted solution. If you find a reply useful, kudos this answer by hitting the thumbs up button.   ... View more

@saivenkatg55  My Assumptions You already executed the HDP environment preparation. If not see ​prepare the environment https://docs.cloudera.com/HDPDocuments/Ambari-2.7.3.0/bk_ambari-installation/content/prepare_the_environment.html You are running on Linux [RedHat, Centos] and you have root access!   Note: Replace test.ambari.com with the output of your $ hostname -f    Re-adapt to fit your cluster # root password = welcome1 # hostname = test.ambari.com # ranger user and password is the same Steps  Install the MySQL connector if not installed [Optional] # yum install -y mysql-connector-java  Shutdown Ambari # ambari-server stop Re-run the below command it won't hurt # ambari-server setup --jdbc-db=mysql --jdbc-driver=/usr/share/java/mysql-connector-java.jar  Backup the ambari server properties file # cp /etc/ambari-server/conf/ambari.properties /etc/ambari-server/conf/ambari.properties.bak Change the timeout of the ambari server # echo 'server.startup.web.timeout=120' >> /etc/ambari-server/conf/ambari.properties # echo 'server.jdbc.connection-pool.acquisition-size=5' >> /etc/ambari-server/conf/ambari.properties # echo 'server.jdbc.connection-pool.max-age=0' >> /etc/ambari-server/conf/ambari.properties # echo 'server.jdbc.connection-pool.max-idle-time=14400' >> /etc/ambari-server/conf/ambari.properties # echo 'server.jdbc.connection-pool.max-idle-time-excess=0' >> /etc/ambari-server/conf/ambari.properties # echo 'server.jdbc.connection-pool.idle-test-interval=7200' >> /etc/ambari-server/conf/ambari.properties Recreate a new ranger schema & Database # mysql -u root -pwelcome1 CREATE USER 'rangernew'@'%' IDENTIFIED BY 'rangernew'; GRANT ALL PRIVILEGES ON *.* TO 'rangernew'@'localhost'; CREATE USER 'rangernew'@'%' IDENTIFIED BY 'rangernew'; GRANT ALL PRIVILEGES ON rangernew.* TO 'rangernew'@'%'; GRANT ALL PRIVILEGES ON rangernew.* TO 'rangernew'@'localhost' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON rangernew.* to 'rangernew'@'localhost' identified by 'rangernew'; GRANT ALL PRIVILEGES ON rangernew.* to 'rangernew'@'test.ambari.com' identified by 'rangernew'; GRANT ALL PRIVILEGES ON rangernew.* TO 'rangernew'@'test.ambari.com'; GRANT ALL PRIVILEGES ON rangernew.* TO 'rangernew'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES; quit;  Create the new ranger database # mysql -u rangernew -prangernew create database rangernew; show databases; quit; Start the ambari server # ambari-server start ......Desired output......... .................. ................. Ambari Server 'start' completed successfully. For ranger Ambari UI setup Use the hostname in this example test.ambari.com and the corresponding passwords   Test the Ranger DB connectivity The connection test should succeed if it does then you can now start Ranger successfully. Drop the old Ranger DB # mysql -u root -pwelcome1 mysql> Drop database old_Ranger_name; The above steps should resolve your Ranger issue. Was your question answered? If so make sure to mark the answer as the accepted solution. If you find a reply useful, Kudos this answer by hitting the thumbs up button.     ... View more

@ibrahima  This community helps in 2 of the most used Hadoop flavors Cloudera and Hortonworks and these 2 software vendors handled and configured differently their Kerberos.   In cloudera the keytabs are found in /run/cloudera-scm-agent/process/* while in hortonworks it's in /etc/security/keytabs/* so it would be good if you clearly stated. Please include the description of your cluster too like HA or not I see from the log failover to rm16 which suggest you have RM HA?  Has the user kinited  before attempting the operation. Is user impersonating cabhbwg  Happy hadooping   ... View more

@HoldYourBreath  To add to @GangWar  answer  Azure is your best bet as you want to install Oracle VirtualBox and import your  Cloudera Quickstart VM image. Don't forget to set up a Windows 10 with at most 16GB  with enough CPU's and remember to set up auto-shutdown to avoid extra costs when your VM  isn't running Create-windows-virtual-machine-in-azure   How to install windows 10 in Azure Hope this information is useful Happy hadooping ... View more

@bvishal  Sorry was away for a while  1) Yes, I have entered the 'admin principal' in the same format example/admin@EXAMPLE.AI. in the pop-up window. Somehow I feel your values are not correct   in the ambari wizard you should enter either root/admin@EXAMPLE.AI admin/admin@EXAMPLE.AI depending on the  teh value you gave when adding the admin principal when you rûn initially the kadmin.local 2) Also, I checked the krb5.conf and found a section for my realm (EXAMPLE.COM) inside the [realms] part of the file. The above part in the krb5.conf is wrong it should be EXAMPLE.AI Sample of /etc/krb5.conf' [libdefaults] default_realm = EXAMPLE.AI dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = true udp_preference_limit = 1000000 default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 [realms] EXAMPLE.AI = { kdc = kdc.EXAMPLE.AI admin_server = kdc.EXAMPLE.AI default_domain = EXAMPLE.AI } [domain_realm] .example.ai = EXAMPLE.AI example.ai = EXAMPLE.AI [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log Replace all occurences of EXAMPLE.COM with EXAMPLE.AI  in the kdc.conf and kadm5.acl Please let me know if you still need help ... View more

@HoldYourBreath  I now see what's happening you need the start the CM and all the roles on the  Quickstart VM before you can connect successfully through HUE I also think you are really short on memory as you can see the Cloudera Express needs 8GB of memory and 2 CPU while the  Cloudera Enterprise needs at least 10GB and 2 CPU's you can see the highlighted parts. I would advise you to spin up a Windows 10 VM in Azure and use that for your learning beware Cloudera no longer provides access to Quickstart you have CDP trial!! Was your question answered? If so make sure to mark the answer as the accepted solution. If you find a reply useful, kudo this answer by hitting the thumbs up button. ... View more

@rohit_r_sharma  Can you share the syntax for the topic creation? Is you cluster kerberized?  Is your Ranger Kafka plugin enabled?  Please response and tag me! ... View more