About amcbarnett

amcbarnett · ‎03-09-2016

In a real cluster dfs.namenode.acls.enabled is set to true. The sandbox is configured for a wide audience to run into the least amount of problems doing the tutorials. And no, the acl command does not generate Ranger policies. You set the policies in Ranger and it will manage the ACLs for HDFS as the dfs.namenode.inode.attributes.provider.class is set to org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer See Slides 18 and 19 in http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger If there are no Ranger policies, it falls back to HDFS ACL

amcbarnett · ‎03-09-2016

As the zookeeper user, after a successful kinit, in a Kerberos enabled cluster,we still cannot invoke zkCli.sh. The error is: 2016-03-04 12:08:47,596 - ERROR [main-SendThread(localhost.localdomain:2181):ZooKeeperSaslClient@384] - An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state.

amcbarnett · ‎03-09-2016

No. For now, Voltage is supported as a KMS. The only other supported option is Ranger KMS.

amcbarnett · ‎03-09-2016

No it can be the same metadata repository. You have two different MySQL instances for two different metadata repositories if you wish

amcbarnett · ‎03-08-2016

Yes you create another HS2 with HTTP transport to bind. Knox only uses http.

amcbarnett · ‎03-07-2016

It has now been patched. https://issues.apache.org/jira/browse/HIVE-11470

amcbarnett · ‎03-04-2016

@Predrag Minovic Do a vi /etc/ranger/usersync/conf/ranger-ugsync-site.xml What is in your ranger.usersync.source.impl.class property? Yes try in a chron job run for Unix: java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder OR for LDAP java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder

amcbarnett · ‎03-04-2016

@Kumar Sanyam Your DataNode cannot connect to your Name Node: So either: Your NameNode went down Your firewall prevents you from connecting from Data Node to Name Node your /etc/hosts is wrong. Remove any reference to 127.0.0.1. Ensure name Node FDQN is there. Do a netstat and ensure that Name Noe is listening to right port. The fs.default.name property in core-site.xml doesn't point to the correct hostname for the Name Node

amcbarnett · ‎03-03-2016

Did you upgrade Ambar first to 2.2.1?

amcbarnett · ‎03-03-2016

Did you do an upgrade? This usually occurs after an upgrade of Ambari. Did you remember to upgrade the Ambari database schema? This is an indication that the configurations e.g. Hive configurations in the newer version was not upgraded properly. The easiest way to fix is to look at each component, especially YARN or Hive, see if there is a missing property, usually on the initial Settings table (e.g, Hive authentication) and add it manually to the configuration file e.g. hive-site.xml.

Online	Offline
Last Visited	‎04-13-2018 03:07 PM

Member Since	‎09-29-2015 05:35 PM
Last Visited	‎04-13-2018 03:07 PM
Posts	286
Kudos received	595

Cloudera Community

Re: HIVE : counting null values based on group by

Re: ERROR 500 received - when installing the PIVOT...

Re: How do you achieve high availability in HDFS w...

Re: Why can't we use LDAP for Hadoop authenticatio...

Re: Error Installing HDB HAWQ Standby Master

Re: Should we disable HDFS default ACL to enable R...

zkCli cannot execute in a Kerberos cluster - zooke...

Re: Can Ranger use KTS (Key Trustee Server) and KM...

Re: Knox on hive tcp jdbc

Re: Knox on hive tcp jdbc

Re: Java MapReduce and HCatalog with Dynamic Parti...

Re: Is there a way to force Ranger user-sync to ru...

Re: Containers in datanode showing connection erro...

Re: Ambari Install of HDP 2.4 Continually Failing

Re: ambari user management view missing