@Olgaraa Is this port (60000) open? Can you disable firewall and see again?  ... View more

@Mondi That should not be an issue. You can add some number of nodes. Check the CM server logs top see the issue.  ... View more

@GangWar  thank you so much for your help I assigned myself as "Power User" and it worked like charm. However I'm bit surprised as my user is admin user still I had to assign a power user role. ... View more

@HoldYourBreath  To add to @GangWar  answer  Azure is your best bet as you want to install Oracle VirtualBox and import your  Cloudera Quickstart VM image. Don't forget to set up a Windows 10 with at most 16GB  with enough CPU's and remember to set up auto-shutdown to avoid extra costs when your VM  isn't running Create-windows-virtual-machine-in-azure   How to install windows 10 in Azure Hope this information is useful Happy hadooping ... View more

@PauloNeves  Yes, the command show databases will list all databases in a Hive instance whether you are authorized to access it or not. I am sure this is cluster devoid of Ranger or Sentry which are the 2 authorization tools in Cloudera!!!   Once the ranger plugin is enabled then authorization is delegated to Ranger to provide fine-grained data access control in Hive, including row-level filtering and column-level masking. This is the recommended setting to make your database administration easier as it provides a centralized security administration, access control, and detailed auditing for user access within the Hadoop, Hive, HBase, and other components in the ecosystem.   Unfortunately, I had already enabled the Ranger plugin for hive on my cluster but all the same, it confirms what I wrote above. Once the ranger plugin is enabled for a component ie. hive,HBase or Kafka then the authorization is managed exclusively through Ranger Database listing before Ranger Below is what happens if my user sheltong has not explicitly been given authorization through Ranger, see [screenshots] I see no database though I have over 8 databases  See the output of the hive user who has explicit access to all the tables due to the default policy he could see the databases. Database listing after Ranger After creating a policy explicitly giving the user sheltong access to the 3 databases  Policy granting explicit access to 3 databases Now when I re-run the show databases bingo! Back to your question show tables from forbidden_db, it returns an empty list, this can be true especially if the database is empty! has not table like the screenshot below though I have access to the database it's empty Now I create a table and re-run the select now I am able to see the table I hope this demonstrates the power of Ranger and explains maybe what you are encountering, I am also thinking if your cluster has Ranger hive plugin enabled you could have select on the databases but you will need explicit minimum select or the following permission on the underlying database  tables to be able to see them. Happy Hadooping   ... View more

Cert details.     [root@azure-r01wn01 ~]# openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout depth=0 C = US, ST = California, L = Los Angeles, O = MDS, OU = MDS, CN = srv-c01.mws.mds.xyz verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = California, L = Los Angeles, O = MDS, OU = MDS, CN = srv-c01.mws.mds.xyz verify return:1 140441195849616:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1493:SSL alert number 42 140441195849616:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: Certificate: Data: Version: 3 (0x2) Serial Number: 1594172762 (0x5f05255a) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=California, L=Los Angeles, O=MDS, OU=MDS, CN=srv-c01.mws.mds.xyz Validity Not Before: Jul 19 02:46:18 2019 GMT Not After : Jul 16 02:46:18 2029 GMT Subject: C=US, ST=California, L=Los Angeles, O=MDS, OU=MDS, CN=srv-c01.mws.mds.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c5:a9:00:83:12:9e:02:86:32:4e:2b:a7:c6:1a: 6b:9d:e3:56:00:53:22:01:d8:db:83:cd:14:79:6a: 85:27:20:f6:5d:86:0e:0b:af:df:46:dd:c3:23:72: f0:bf:38:3e:cd:9f:92:e6:65:81:7b:26:32:50:fc: 81:0e:7b:dd:b4:61:6f:a7:56:ec:c8:fe:89:72:ec: e5:e0:63:61:92:77:0b:36:41:98:93:14:6d:53:a0: 24:fb:fb:77:40:98:5b:2f:d2:3c:65:4f:8b:65:33: e5:db:14:ce:01:d2:4f:9f:e4:c6:c8:35:50:09:a2: f3:48:0a:ac:06:fd:66:42:30:10:a4:e7:fa:a8:2b: 0b:2b:ef:ce:83:82:4e:0d:86:34:ce:0c:8d:0c:a2: f5:88:4d:38:9f:3b:dd:2e:6e:e3:8c:60:69:da:8d: a4:d4:db:d5:cd:26:91:95:ca:a2:47:de:3c:f3:8f: 52:b8:e5:b0:09:26:af:77:fb:a3:5b:40:f6:e8:1b: 66:d7:b7:1b:da:2c:6c:34:99:76:de:c4:9b:80:69: 25:d5:12:2f:cb:9b:c5:d2:7e:15:a7:50:5f:54:5c: 9d:6b:8c:c0:9c:03:3f:96:f3:8a:2c:a6:05:ec:a4: d3:83:84:61:13:da:57:6d:e8:8c:93:d9:40:38:24: 96:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, OCSP Signing X509v3 Subject Alternative Name: DNS:srv-c01.mws.mds.xyz, DNS:cm-r01nn01.mws.mds.xyz, DNS:cm-r01nn02.mws.mds.xyz X509v3 Subject Key Identifier: F6:EA:97:6F:82:20:84:75:E9:63:71:2F:16:D6:41:8B:64:05:07:0D Signature Algorithm: sha256WithRSAEncryption 4f:35:6d:18:dc:5c:4a:65:db:8c:62:75:0b:f8:da:2b:14:72: 22:f7:3a:ba:15:17:58:41:46:3b:6b:6e:40:db:6b:be:e5:07: 82:d1:37:0a:d6:4e:96:14:f6:87:ca:ff:d3:5f:a9:94:de:81: e7:a1:28:94:0a:19:0b:f4:dc:ed:0a:a5:77:78:20:53:3f:3f: 03:54:67:a0:c4:a1:de:49:7d:e8:fc:2d:76:bd:7b:a5:98:cd: 45:7e:ba:21:79:e2:91:7d:f3:e9:d6:5d:b7:91:34:30:3a:e4: 3a:38:e9:33:9b:26:2e:3e:6c:c9:3d:5d:48:81:cb:35:2f:ff: 7a:ff:22:c2:f8:b5:a2:01:d0:54:7f:f2:08:33:89:78:80:af: 72:2d:d7:df:61:f0:4a:7f:d2:19:0d:c6:0c:51:ee:4e:c1:ed: 8d:8b:4f:82:17:47:6b:03:1a:f2:8b:00:cc:17:8a:75:ca:72: c0:a4:a7:12:87:32:16:89:15:2c:80:d1:07:fd:37:e8:bf:f5: 87:6b:a2:dd:9d:a4:c4:2c:68:f8:d9:15:dd:3c:40:6d:8b:e0: 6d:c4:87:6d:39:a9:6b:91:f6:0a:bc:7c:63:e7:f0:37:cb:7a: 5f:35:6c:5c:f9:bb:cb:58:1a:b9:9c:49:ab:24:ac:2a:c9:2d: 3f:b2:2f:68 [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# openssl s_client -connect $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//):7182 -CAfile $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "verify_cert_file=" |sed s/verify_cert_file=//) -verify_hostname $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//)</dev/null CONNECTED(00000003) depth=0 C = US, ST = California, L = Los Angeles, O = MDS, OU = MDS, CN = srv-c01.mws.mds.xyz verify return:1 140276232329104:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1493:SSL alert number 42 140276232329104:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: --- Certificate chain 0 s:/C=US/ST=California/L=Los Angeles/O=MDS/OU=MDS/CN=srv-c01.mws.mds.xyz i:/C=US/ST=California/L=Los Angeles/O=MDS/OU=MDS/CN=srv-c01.mws.mds.xyz --- Server certificate -----BEGIN CERTIFICATE----- MIIEHDCCAwSgAwIBAgIEXwUlWjANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxDDAK BgNVBAoTA01EUzEMMAoGA1UECxMDTURTMRwwGgYDVQQDExNzcnYtYzAxLm13cy5t ZHMueHl6MB4XDTE5MDcxOTAyNDYxOFoXDTI5MDcxNjAyNDYxOFowcjELMAkGA1UE BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVz MQwwCgYDVQQKEwNNRFMxDDAKBgNVBAsTA01EUzEcMBoGA1UEAxMTc3J2LWMwMS5t d3MubWRzLnh5ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWpAIMS ngKGMk4rp8Yaa53jVgBTIgHY24PNFHlqhScg9l2GDguv30bdwyNy8L84Ps2fkuZl gXsmMlD8gQ573bRhb6dW7Mj+iXLs5eBjYZJ3CzZBmJMUbVOgJPv7d0CYWy/SPGVP i2Uz5dsUzgHST5/kxsg1UAmi80gKrAb9ZkIwEKTn+qgrCyvvzoOCTg2GNM4MjQyi 9YhNOJ873S5u44xgadqNpNTb1c0mkZXKokfePPOPUrjlsAkmr3f7o1tA9ugbZte3 G9osbDSZdt7Em4BpJdUSL8ubxdJ+FadQX1RcnWuMwJwDP5bziiymBeyk04OEYRPa V23ojJPZQDgklskCAwEAAaOBuTCBtjBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYB BQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJME4G A1UdEQRHMEWCE3Nydi1jMDEubXdzLm1kcy54eXqCFmNtLXIwMW5uMDEubXdzLm1k cy54eXqCFmNtLXIwMW5uMDIubXdzLm1kcy54eXowHQYDVR0OBBYEFPbql2+CIIR1 6WNxLxbWQYtkBQcNMA0GCSqGSIb3DQEBCwUAA4IBAQBPNW0Y3FxKZduMYnUL+Nor FHIi9zq6FRdYQUY7a25A22u+5QeC0TcK1k6WFPaHyv/TX6mU3oHnoSiUChkL9Nzt CqV3eCBTPz8DVGegxKHeSX3o/C12vXulmM1FfroheeKRffPp1l23kTQwOuQ6OOkz myYuPmzJPV1Igcs1L/96/yLC+LWiAdBUf/IIM4l4gK9yLdffYfBKf9IZDcYMUe5O we2Ni0+CF0drAxryiwDMF4p1ynLApKcShzIWiRUsgNEH/Tfov/WHa6LdnaTELGj4 2RXdPEBti+BtxIdtOalrkfYKvHxj5/A3y3pfNWxc+bvLWBq5nEmrJKwqyS0/si9o -----END CERTIFICATE----- . . . . . . . --- SSL handshake has read 18243 bytes and written 138 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5FEFEAC965EF94EEEA66EA13E233E18323258810C92903D96B3A57571739DEB4 Session-ID-ctx: Master-Key: 6F693441CEDC0AF262F25FC41236CBE03B59BF78CF3FBD13A574C5BCD3095680985C7F5D2BFBDFA67AC932359C519E37 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1609558729 Timeout : 300 (sec) Verify return code: 0 (ok) --- [root@azure-r01wn01 ~]#     # grep -Ei srv /etc/cloudera-scm-agent/config.ini server_host=srv-c01.mws.mds.xyz ... View more

@Narahari Looking at the logs seems the connection issue.    As the container failed with below error:  [2020-12-06 15:49:09.305]Container exited with a non-zero exit code 10. Error file: prelaunch.err. Last 4096 bytes of prelaunch.err : Last 4096 bytes of stderr : And then tracing it further:    [ERROR]: org.apache.spark.SparkContext - Error initializing SparkContext. org.apache.spark.SparkException: Yarn application has already ended! It might have been killed or unable to launch application master.  Leads us this channel bind exception.   [ERROR]: org.apache.spark.network.client.TransportClient - Failed to send RPC 6049494344693001682 to /10.4.37.168:42590: java.nio.channels.ClosedChannelException java.nio.channels.ClosedChannelException So perhaps you have to check if things are connecting to 10.4.37.168:42590 and then see from there.  ... View more

@geralt There is no easy way like that but the way you suggested could work the CM and the other services needs the databases up and connected without interference.      ... View more