Hi, I am trying to enable Kerberos on my cluster (Ambari 2.4.2, HDP 2.5.3, Centos 7.3). I have started following this guide: https://community.hortonworks.com/articles/82536/configuring-ambari-and-hadoop-for-kerberos-using-a.html It also has a video inside. After "Install Kerberos Client" step, it failed during "Test Kerberos Client" step. It failed with following shell exception: resource_management.core.exceptions.ExecutionFailed: Execution of '/usr/bin/kinit -c /var/lib/ambari-agent/tmp/kerberos_service_check_cc_bd98b56f3fb825bccff406ea5b89a680 -kt /etc/security/keytabs/kerberos.service_check.031517.keytab mybigdev-031517@hadoopad.local' returned 1. kinit: Preauthentication failed while getting initial credentials Then I applied another guide: https://www.ibm.com/support/knowledgecenter/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.admin.doc/doc/admin_kerb_activedir.html I got certificate of Active Directory in to following file: /etc/pki/ca-trust/source/anchors/activedirectory.pem run the following commands as root user to trust CA certificate: update-ca-trust enable update-ca-trust extract update-ca-trust check then added trust in Java certificate file: mycert=/etc/pki/ca-trust/source/anchors/activedirectory.pem sudo keytool -importcert -noprompt -storepass changeit -file ${mycert} -alias ad -keystore /etc/pki/java/cacerts It didn't work. Error was the same. I exit Kerberos wizard for any change and restart ambari-server. I tried following command: keytool -importcert -file activedirectory.pem -noprompt -storepass changeit -alias ad -keystore /usr/java/jdk1.8.0_73/jre/lib/security/cacerts after this I listed certificates in my cert files in both location (/etc/pki/java and /usr/java/jdk...) My alias was there: ******* ******* Alias name: ad Creation date: Mar 15, 2017 Entry type: trustedCertEntry Owner: CN=hadoopad-HADOOPDC-CA, DC=hadoopad, DC=local Issuer: CN=hadoopad-HADOOPDC-CA, DC=hadoopad, DC=local ... ***** ***** I also tried addent -password -p ${user} -k 1 -e rc4-hmac but it didn't change anything then I uncommented following encryption types entries but it didn't change anything either: #default_tgs_enctypes = {{encryption_types}} #default_tkt_enctypes = {{encryption_types}} Now I need you guys' comments. Thanks in advance... ... View more

Hi, When trying to test functionality of Ambari Pig view with a simple job, I got the following exception: org.apache.ambari.view.utils.ambari.AmbariApiException: {"error":"Unauthorized connection for super-user: hcat from IP 10.0.102.62"} It was Pig view and I was trying that with admin user. Since Ambari runs by root user I added the entries hadoop.proxyuser.root.hosts=* hadoop.proxyuser.root.groups=* in core-site.xml file. After getting above exception, I updated value of hadoop.proxyuser.hcat.hosts with * from hostname of one server. It worked that way. Now the question is, what is the relation of pig view with hcat user? ... View more

Hi, Today I added high availability to my 4 vm servers cluster. After adding high availability for name node Grafana failed to start. Same repeated when for adding HA to resource manager. I started failed services one by one after both occurrences. After this I wanted to test cluster's health with HA feature and stopped all services, started all services. In addition to failing Grafana, all of the services have alerts now. My cluster information: Ambari 2.4.2 HDP 2.5.3 CentOS 7.3.1611 Grafana start errors: stderr: Traceback (most recent call last): File "/var/lib/ambari-agent/cache/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana.py", line 69, in <module> AmsGrafana().execute() File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 280, in execute method(env) File "/var/lib/ambari-agent/cache/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana.py", line 50, in start create_ams_datasource() File "/var/lib/ambari-agent/cache/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py", line 261, in create_ams_datasource (response.status, response.reason, data)) resource_management.core.exceptions.Fail: Ambari Metrics Grafana data source creation failed. POST request status: 401 Unauthorized {"message":"Invalid username or password"} stdout: 2017-03-07 18:38:36,664 - Execute['/usr/sbin/ambari-metrics-grafana start'] {'not_if': "ambari-sudo.sh su ams -l -s /bin/bash -c 'test -f /var/run/ambari-metrics-grafana/grafana-server.pid && ps -p `cat /var/run/ambari-metrics-grafana/grafana-server.pid`'", 'user': 'ams'} 2017-03-07 18:38:37,924 - Checking if AMS Grafana datasource already exists 2017-03-07 18:38:37,925 - Connecting (GET) to bigdev1:3000/api/datasources 2017-03-07 18:38:38,006 - Http response: 401 Unauthorized 2017-03-07 18:38:38,006 - Error checking for Ambari Metrics Grafana datasource. Will attempt to create. 2017-03-07 18:38:38,006 - Generating datasource: { "name": "AMBARI_METRICS", "type": "ambarimetrics", "access": "proxy", "url": "http://bigdev3:6188", "password": "", "user": "", "database": "", "basicAuth": false, "basicAuthUser": "", "basicAuthPassword": "", "withCredentials": false, "isDefault": true, "jsonData": {} } 2017-03-07 18:38:38,007 - Connecting (POST) to bigdev1:3000/api/datasources 2017-03-07 18:38:38,101 - Http response: 401 Unauthorized 2017-03-07 18:38:48,111 - Connection to Grafana failed. Next retry in 10 seconds. 2017-03-07 18:38:48,112 - Connecting (POST) to bigdev1:3000/api/datasources 2017-03-07 18:38:48,176 - Http response: 401 Unauthorized Does anybody know the underlying reason of it? Any comments appreciated... ... View more