Member since
10-14-2015
65
Posts
57
Kudos Received
20
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
7530 | 04-20-2018 10:07 AM | |
2431 | 09-20-2017 12:31 PM | |
2238 | 05-04-2017 01:11 PM | |
1303 | 02-14-2017 07:36 AM | |
4559 | 02-03-2017 05:52 PM |
04-24-2018
03:52 PM
@Marshal Tito thanks for the feedback. based on your feedback will fix the certificate generation
... View more
04-24-2018
10:50 AM
@Marshal Tito there is no /etc/certs_new but the script what I sent is responsible to create it. It is basically just regenerating the certs with a different public ip, teherefore please don't forget to set export PUBLIC_IP=172.21.250.249 to the right value.
... View more
04-20-2018
10:07 AM
Hi @Marshal Tito,
Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:
rm -rf /etc/certs_new
export PUBLIC_IP=172.21.250.249
export CBD_CERT_ROOT_PATH=/etc/certs_new
mkdir -p ${CBD_CERT_ROOT_PATH}
# Generate new certificates
certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite
certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP}
mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem
mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem
# Replaces cert in line 4 and 5
sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
#Reload nginx
pkill -HUP nginx
keytool -printcert -v -file /etc/certs_new/cluster.pem
... View more
04-19-2018
07:31 PM
Sorry, I didn't see the 2nd screenshot. I think it might be related to your notebook's security settings. Is it Cloudbreak 2.5 what you are using? Would you mind to export the certificate and attaching it, please? With a quick Googling I run into such comments like this: The workaround (typing "proceed" on the page) is working for me...are you sure your browser has focus when you're typing the letters? I have doubt of the success of typing 'proceed', but might worth to try it out.
... View more
04-19-2018
06:36 PM
Hi @Marshal Tito, The warning is shown because of self-sign certificate is used. You can click on the "Advanced" link and after that click on "Proceed". screen-shot-2018-04-19-at-202902.png screen-shot-2018-04-19-at-202432.png
... View more
12-07-2017
09:18 AM
Thanks, for answers. I voted up all of them, since all of them are very useful, but I have accepted the answer of @Doroszlai, Attila since that is quite simple to automate from Ansible and SaltStack since both of them are providing built-in solutions for file manipulation.
... View more
12-05-2017
08:53 PM
I would like to set up Ambari SSO in an automated way, but it seems the 'ambari-server setup-sso' does not support it. If I switch on the silent mode then I got a not supported error message, without silent mode it is quite hard to automate since it asks quite a few questions. # Silent mode
$> ambari-server setup-sso --silent
Using python /usr/bin/python
Setting up SSO authentication properties...
WARNING: setup-sso is not enabled in silent mode.
Ambari Server 'setup-sso' completed with warnings.
# Interactive mode
$> ambari-server setup-sso
Using python /usr/bin/python
Setting up SSO authentication properties...
Do you want to configure SSO authentication [y/n] (y)?
Provider URL [URL] (http://example.com):https://somehost:8443/gw-os06/knoxsso/api/v1/websso
Public Certificate pem (empty) (empty line to finish input):
MIICnTCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzaWdu
aW5nMB4XDTE3MTIwNTE3NDUwMloXDTI3MTIwNTE3NDUwMlowEjEQMA4GA1UEAxMH
...
60v5bHlGkAKgdziCm1DZbxmTjcjLdxZAU7NrOlhSicZl17Yym1nmT8Cq2PkSDRaZ
rA==
Do you want to configure advanced properties [y/n] (n) ?
Ambari Server 'setup-sso' completed successfully.
Is there a simple/elegant way to automate it? Thanks, Attila
... View more
Labels:
- Labels:
-
Apache Ambari
11-17-2017
05:38 PM
Thanks, but before triggering the blueprint the mysql is still not installed. MYSQL_SEVER is part of the blueprint and it is installed by Ambari.
... View more
11-17-2017
04:55 PM
Hi, In my test environment Ranger install with Ambari Blueprint fails with with DB access error. I have added RANGER_ADMIN, HIVE_SERVER, HIVE_METASTORE and MYSQL_SERVER components to the blueprints. The MySQL server has been correctly installed/configured by Ambari and it seems that Hive is able to use it without any problem, but Ranger setup fails with the following error: 17 15:40:00,148 [I] Running DBA setup script. QuiteMode:True
2017-11-17 15:40:00,149 [I] Using Java:/usr/lib/jvm/java/bin/java
2017-11-17 15:40:00,149 [I] DB FLAVOR:MYSQL
2017-11-17 15:40:00,149 [I] DB Host:
2017-11-17 15:40:00,149 [I] ---------- Verifying DB root password ----------
2017-11-17 15:40:00,150 [I] DBA root user password validated
2017-11-17 15:40:00,150 [I] ---------- Verifying Ranger Admin db user password ----------
2017-11-17 15:40:00,150 [I] admin user password validated
2017-11-17 15:40:00,150 [I] ---------- Creating Ranger Admin db user ----------
2017-11-17 15:40:00,150 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-5.1.39-bin.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql:///mysql -u root -p '********' -noheader -trim -c \; -query "SELECT version();"
SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES) ErrorCode: 1045
2017-11-17 15:40:00,714 [E] Can't establish db connection.. Exiting..
Traceback (most recent call last): Please note that logging in to the machine and changing password is not really an option since I want to automate the installation of Hive, Ranger and MySQL from Blueprint . My blueprint: blueprint.txt Attila
... View more
Labels:
09-20-2017
12:31 PM
Hi @Matt Andruff, Cloudbreak does not populate kerberos related settings into the gateway-site.xml config file of Knox: https://github.com/apache/knox/blob/master/gateway-release/home/conf/gateway-site.xml#L40 E.g gateway.hadoop.kerberos.secured is not set and krb5.conf is not set. Until this is fixed in Cloudbreak I recommend not to select the "Enable Knox Gateway" on Cloudbreak, but as a workaround you can add KNOX_SERVER into the blueprint and let Ambari configure Knox. Kind regards, Attila
... View more