Cloudera Community
bgooley
user rank
user rank
Master Guru

Re: I want to install apache ranger with cloudera....

by Master Guru Master Guru in Support Questions
‎10-12-2018 04:41 PM
‎10-12-2018 04:41 PM
@Mahi329,   You found it.  The original post was in Cloudera Manager's community so I moved it to Sentry Community to focus more on the need.  Ranger is not part of CDH and I don't know that it can be integrated with CDH but this is a bit outside my expertise.   Cheers,   Ben ... View more

Re: avax.net.ssl.SSLException: Received fatal aler...

by Master Guru Master Guru in Support Questions
‎10-12-2018 09:40 AM
‎10-12-2018 09:40 AM
@desind,   If none of your clients is breaking and everything looks healthy in Cloudera Manager, then it may not be necessary to dig deeper at this time.  If you do want to, you could do a tcpdump on port 7183 on your CM host... let it run for a bit then read it in WireShark to try to track down which SSL handshakes are failing and what the client is.     ... View more

Re: Cloudera manager/agent installation without ro...

by Master Guru Master Guru in Support Questions
‎10-11-2018 10:15 AM
1 Kudo
‎10-11-2018 10:15 AM
1 Kudo
Hi @hrishi1dypim,   Up through 5.15.x we have "Single User Mode" which allows you to run CM and agent as another user.  Whether the install can be done as a non-root user depends on what privileges you have I suppose.   That said, in CM/CDH 6.x, we are deprecating the Single User Mode and may move toward a docker-based solution for restricted environments as you describe.   For now, if ou are using Cloudera 5, you can use these instructions to see if Single User Mode will work for you:   https://www.cloudera.com/documentation/enterprise/5-15-x/topics/install_singleuser_reqts.html     ... View more

Re: The application won't work without a running H...

by Master Guru Master Guru in Support Questions
‎10-09-2018 11:24 AM
‎10-09-2018 11:24 AM
@Paulina,   Sorry for the mistake... I meant that now with the suggested change, the resulting group lookup filter will be:   (&(objectClass=posixGroup)(|(gidNumber=1004)(memberUid=maslova)))   This is because the hadoop.security.group.mapping.ldap.posix.attr.uid.name property tells ldapgroupmapping which user attribute to use to obtain the value for group lookup.  In your LDAP config that is "uid"   ... View more

Re: The application won't work without a running H...

by Master Guru Master Guru in Support Questions
‎10-09-2018 11:19 AM
‎10-09-2018 11:19 AM
@Paulina,   Long journey, so I hope this does the trick. While not exposed in Cloudera Manager, you can identify an alternative userid attribute.  By default, for posix objecdts, the default is memberUid (which won't work for you unless memberUid contains the numeric id).   Try this:   - In Cloudera Manager, navigate to:   Clusters --> HDFS --> Configuration   - Search for:   Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml   - Add the following: Name: hadoop.security.group.mapping.ldap.posix.attr.uid.name Value: uid   - Save - Restart the cluster (so the servers can detect the new settings)   BACKGROUND:   As you observed, by default HDFS assumes that the memberUid attribute will have a value of the uidNumber of the user account.  The configuration I mentioned above lets you adjust this so that rather than searching for "memberUid=1004" the search will contain "uid=maslova"   You can find more information here:     https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml#hadoop.security.group.mapping.ldap.posix.attr.uid.name   This is the description: "The attribute of posixAccount to use when groups for membership. Mostly useful for schemas wherein groups have memberUids that use an attribute other than uidNumber."   As you can see, the configuration for hdfs meets the needs of your situation.   Cheers,   Ben ... View more

Re: Data node failing after enabling kerberos

by Master Guru Master Guru in Support Questions
‎10-08-2018 01:47 PM
‎10-08-2018 01:47 PM
@Fawze and @sid2707,   Sorry... we need to separate this conversation I think since the issues differ.  I was responding to what @Fawze was saying regarding the DataNode not starting with the SASL message.   @sid2707,   I mentioned a possible cause relating to your krb5 libraries.  Please run the following on one of the hosts where datanodes are not functioning:   # rpm -qa |grep krb5 ... View more

Re: Data node failing after enabling kerberos

by Master Guru Master Guru in Support Questions
‎10-08-2018 01:42 PM
‎10-08-2018 01:42 PM
@sid2707,   What ports did you change.  I thin you need both of these to be less than 1024 if you don't have HTTPS configured:   DataNode Transceiver Port DataNode HTTP Web UI Port ... View more

Re: Max no. of nodes can be managed by Cloudea

by Master Guru Master Guru in Support Questions
‎10-08-2018 10:58 AM
‎10-08-2018 10:58 AM
@bvk,   Functionally, anything under 1000 nodes should work in C5, but there are factors regarding what version of CM 5 (make sure you are on the latest for performance-related improvements over earlier releases) and your CM host's resources.   As far as I recall there is no imposed limit on number of nodes in CM 5. We are looking at imposing a 100 node limit on CDH 6.1 clusters managed with Cloudera Express but that is in the works.  Thre is no functional limitation at this time.     ... View more

Re: Cloudera 6 Heartbeat - SSLError: sslv3 alert b...

by Master Guru Master Guru in Support Questions
‎10-08-2018 10:16 AM
‎10-08-2018 10:16 AM
@Meister1867,   My first guess is that you accidentally enabled Agent Authentication which means that the Cloudera Manager Server requires certificate authentication but you have not configured the agent for that yet.   Check in Cloudera Manager's Administration --> Settings --> Security section to see if you have Use TLS Authentication of Agents to Server enabled.  If so:   - uncheck Use TLS Authentication of Agents to Server - restart Cloudera Manager with "service cloudera-scm-server restart" - verify in the Hosts --> All hosts section that the last heartbeat for your host happened less than 15 seconds ago.   If so, that was likely the cause.   If you wish to enable Agent Authentication to CM, then you can use the following section to guide you:   https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#concept_qzf_mxk_rp   ... View more

Re: Hiveserver2 HA using haproxy load balancing

by Master Guru Master Guru in Support Questions
‎10-08-2018 10:03 AM
‎10-08-2018 10:03 AM
@VijayM,   We see by the following error that the failure occurred during the TLS handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake (state=08S01,code=0)   In this case, it is probably that the server did not understand the connection sent to it.  In order to debug further, you can examine the logs of your HAProxy and also the HiveServer2 instance that you connected to.   I would also suggest testing without the HAProxy (connect directly with beeline to each of the HS2 instances and see if you can connect.  This will help isolate whether to look more closely at HiveServer2 or the HAProxy.   If you know tcpdump, it is perfect for debugging TLS handshake problems since it lets you see all the handshake communication.  Wireshark can decode the packets and display the handshake nicely. If that is not something you know well, let's hit the logs first. ... View more
Contact Me
Online
Offline
Last Visited
‎04-24-2020 01:13 PM
Community Statistics
Member Since ‎04-22-2014 02:47 PM
Last Visited ‎04-24-2020 01:13 PM
Posts 1,218
Kudos received 339