About james_jones

james_jones · ‎11-22-2024

@weixin As a test, try using curl and make sure you have a kerberos ticket: curl -u : --negotiate http://YOURHOST:PORT/jmx You may need to open a support case for this. I also highly recommend upgrading to CDP 7.1.9.

james_jones · ‎02-28-2024

When using two realms, there has to be a trust between realms and your krb5.conf has to be configured properly to handle both realms on both the client and server. Setting this up isn't super difficult if you've done it once or twice but can be hard if it's new to you. The krb5.conf requires proper host or domain realm mapping. If you set up a 1 way trust (but it can also be a 2 way trust), and assuming you use MIT KDC for cluster service principals but AD is the other realm, then MIT KDC has to trust AD, but AD doesn't have to trust MIT KDC. To set up the trust you need to do configurations in both environments. Here's an example: https://community.cloudera.com/t5/Community-Articles/One-Way-Trust-MIT-KDC-to-Active-Directory/ta-p/247638 If the KDC trust isn't the issue, it may be something in there's probably an issue with the driver configuration. And, if this is being done on a Windows computer, you may need to configure the Windows machine to know about the other realm. I also recommend opening a Cloudera support case.

james_jones · ‎02-28-2024

Hi, Do you have a question? The HDP Sandbox is no longer available or supported.

james_jones · ‎01-19-2024

That's a lot of log. Some of the error messages you see are normal. I'm not sure what your issue is. Do you see Cloudera Management Service below the Cluster services in CM (at the very bottom when you click Cloudera Manager - top left)? If so, click Instances and figure out which components/roles are not started. You can also click and start them one by one. Then you can look at the startup logs in the CM UI pop-up after it starts or fails. Check in the order of STDOUT, STDERR and lastly ROLE LOG, which is the log after it is started. You may need to check the Full Log.

james_jones · ‎01-17-2024

Check for errors the Cloudera Manager server log file in /var/log/cloudera-scm-server/cloudera-scm-server.log. Also, I see that the URL is nitbucc-vad001:7180. You should use fully qualified domain names (e.g. nitbucc-vad001.xyz.local) for hosts and in the playbook configurations. I'm not saying that is the issue, but you may run into issues later if you don't use FQDN (especially if you secure the cluster).

james_jones · ‎06-19-2018

Thanks, Pardeep. To make it 500x faster, do 500 files per call to the hadoop command. By changing the second line above, we can do this instead: $ hdfs fsck / | grep 'Under replicated' | awk -F':' '{print $1}' >> /tmp/under_replicated_files # Now using xargs -n 500 (or --max-args 500) $ cat /tmp/under_replicated_files |xargs -n 500 hdfs dfs -setrep 1 /tmp/under_replicated_files<br>

james_jones · ‎04-06-2018

The code for creating principals in AD is here: ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java

james_jones · ‎02-20-2018

@Rachna Dhand I know you must be way past this issue, but -- You have to install the packages on all NodeManager nodes as root so they are available to all users. Maybe this will help someone else in the future.

james_jones · ‎09-27-2017

Thanks @Karthik Narayanan. We do not see an option for cross role permission. Would it have another name? They did grant "Assumerole" but it is actually the same account so I'm not sure why it would need to assume a role in the first place.

james_jones · ‎09-26-2017

In Nifi with the PutS3Object, we get an error using AWS Credentials Provider service. AwsCredentialsProviderControlerService is configured to use IAM roles as follows: Use Default Credentials = True Use Anonymous Credentials = False Assume Role ARN = arn:aws:iam::ahjhdiauisjkk:role/role-test Assume Role Session Name = nifitest (*arbitary name*) Session time = 3600 No other values are set in the AwsCredentialsProviderControlerService We are using IAM roles because of organizational policies. The error is loosely transcribe here (it may contain typos): 13:40:46 EDT - All Nodes - ERROR PutS3Object[id=asdfasdfasdfasdf] Failed to put StandardFlowFileRecord[uuid=xxxxxxxx,claim=StandardContentClaim[resourceClaim=StandardResourceClaim[id=11111111, container=default,section=1], offset=0,length=222222],offset=1,name=test3,size=33333] to Amazon S2 due to com.amazonaws.services.securitytokenmodel.AWSSEcurityToeknServiceException: User: arn:aws:sts::7777777:assumed-role/role-hdf-node/i-03333330000 is not authorized to perform: sts:Assumerole on resource: arn:aws:sts::7777777:role/role-hdf-node (Service: AWSSecurityToeknService;Status Code: 403; Error Code: AccessDenied; Request ID: aaaaaaaaaaaa) com.amazonaws.services.securitytokenmodel.AWSSEcurityToeknServiceException: User: arn:aws:sts::7777777:assumed-role/role-hdf-node/i-03333330000 is not authorized to perform: sts:Assumerole on resource: arn:aws:sts::7777777:role/role-hdf-node (Service: AWSSecurityToeknService;Status Code: 403; Error Code: AccessDenied; Request ID: aaaaaaaaaaaa) Thanks for any help. Jim

Online	Offline
Last Visited	‎11-22-2024 01:45 PM

Member Since	‎01-18-2016 02:01 PM
Last Visited	‎11-22-2024 01:45 PM
Posts	163
Kudos received	31

Cloudera Community

Re: Ambari SPN creation on remote AD

Re: Solr on HDF

Re: Wrong timezone in Ranger admin

Re: SOLR server connection refused

Re: Solr Configuration - Error uploading file

Re: CDH6.2.1 add Kerberos , hive server2 jmx thro...

Re: Connection to Hive & Impala - Kerberos Authent...

Re: hdp sandbox

Re: Getting Error while running the ansible play b...

Re: Getting Error while running the ansible play b...

Re: Fix Under-replicated blocks in HDFS manually

Re: Ambari SPN creation on remote AD

Re: How to import External Libraries for Livy Inte...

Re: Nifi PutS3Object error with AMI Role (AwsCrede...

Nifi PutS3Object error with AMI Role (AwsCredentia...