@Roroka,   I am very glad to hear that you got it working.   The reason I asked about Cloudera Express 6.x is that it does not have support for Auto-TLS. It is certainly possible to set up TLS manually (our docs cover that). If you have any questions, this community is a good place to ask.   Cheers. ... View more

@dennisli,   Awesome work tracking that down!   The "Gateway" role is merely an indicator that Cloudera Manager should distribute client configuration files to that host for that service.  A hive gateway will ensure that /etc/hive/conf is populated with the necessary configuration to run hive clients on that host.  Since there is no running gateway, the status will be None and that is expected.   The parcel files shouldn't need to be modified and are expected to be static. Cloudera Manager does use those files to generate configuration files for servers and clients based on defaults and on your configuration in CM.   I know you ran into some trouble, but I think all the work you did to troubleshoot goes a long way to an understanding the concepts of CM, services, roles, and client configuration :-). ... View more

@HadoopHelp,   I think all directories are listed as 0 size.  Do you mean you are looking to delete "empty" directories? ... View more

@wsmolak,   This thread covers a different issue that is quite old. Let's continue the conversation in the other thread you opened if that is ok:   https://community.cloudera.com/t5/Cloudera-Manager-Installation/Problem-with-path-to-parcels/m-p/93062#M17196?eid=1&aid=1   Please explain what problem you are facing if there is one. ... View more

@dennisli,   I'm not sure what you are trying to accomplish. Can you describe what you are trying to do at the command line?   If you are trying to run SQL queries via hive from the commandline, you can use the "beeline" command line tool.   From CM, start Hive Service (which starts both the Metastore and the HiveServer2 roles).  You can then use beeline to query via HiveServer2.  "hive" commandline as a client tool is deprecated.   CM managing Hive: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_mc_hive_service.html   If Cloudera Manager is managing your cluster, hive and beeline clients should be available and ready to use on your manage hosts.  If you are on a host that has no other roles, you can add a Hive Gateway role to the host to ensure that the Hive client configuration files are distributed by Cloudera Manager. ... View more

@BrettM,   That's great to hear.  I'll inform the Cloudera Manager engineering team. ... View more

@TCloud,   Yeah, the deployment assumes that each HAProxy would be on its own host.  See the diagram here:   https://www.cloudera.com/documentation/enterprise/latest/topics/admin_cm_ha_hosts.html#concept_qkr_bfd_pr and general steps: https://www.cloudera.com/documentation/enterprise/latest/topics/admin_cm_ha_hosts.html#concept_uxy_5zw_pr     ... View more

@mmmunafo,   I guess your workaround should be OK.  The only other two option I could see would be to wrap the pam.authenticate() call with an unset and set of KRB5CCNAME.  Assuming authentication takes milliseconds, it would be unlikely that Hue is attempting to retrieve cache information at that moment, but I don't know that it is any better than what you are up to.   for instance, in desktop/core/src/desktop/auth/backend.py   wrap:   if pam.authenticate(username, password, desktop.conf.AUTH.PAM_SERVICE.get()):   With del os.environ['KRB5CCNAME'] and then after auth:   os.environ['KRB5CCNAME'] = desktop.conf.KERBEROS.CCACHE_PATH.get()   NOTE:  we would need to import os in backend.py to do that.   So possibly, something like this would work:   class PamBackend(DesktopBackendBase): """ Authentication backend that uses PAM to authenticate logins. The first user to login will become the superuser. """ @metrics.pam_authentication_time def authenticate(self, request=None, username=None, password=None): username = force_username_case(username) del os.environ['KRB5CCNAME'] if pam.authenticate(username, password, desktop.conf.AUTH.PAM_SERVICE.get()): os.environ['KRB5CCNAME'] = desktop.conf.KERBEROS.CCACHE_PATH.get() is_super = False if User.objects.count() == 0: is_super = True try: if desktop.conf.AUTH.IGNORE_USERNAME_CASE.get(): user = User.objects.get(username__iexact=username) else: user = User.objects.get(username=username) except User.DoesNotExist: user = find_or_create_user(username, None) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL.name profile.save() user.is_superuser = is_super ensure_has_a_group(user) user.save() user = rewrite_user(user) return user os.environ['KRB5CCNAME'] = desktop.conf.KERBEROS.CCACHE_PATH.get() return None @classmethod def manages_passwords_externally(cls): return True Might not be worth it, though ... View more