Cloudera Community
arunpoy
user rank
Guru
My Accepted Solutions
Show All

Re: Kerberos KDC not reachable

by Guru in Support Questions
‎03-24-2016 11:31 AM
‎03-24-2016 11:31 AM
@Paul Codding , @Artem Ervits, @Robert Levas, One strange thing i noticed is, i am able to connect to the same KDC from ambari running in a different environment. But ambari in that environment is 2.1 and the one from where i am not able to connect is 2.2.1 This is weird. How do i resolve this. IS there a way i can just uninstall ambari alone or how do i fix this. I dont think this is a bug in amabri 2.2.1. i have tried this in sandbox before and it worked fine. ... View more

Re: Kerberos KDC not reachable

by Guru in Support Questions
‎03-24-2016 12:52 AM
‎03-24-2016 12:52 AM
@Robert Levas, i have used the FQDN only. ... View more

Kerberos KDC not reachable

by Guru in Support Questions
‎03-23-2016 08:08 AM
1 Kudo
‎03-23-2016 08:08 AM
1 Kudo
kdc-unreachable.jpgI am trying to kereeberise my HDP cluster. I have installed a KDC on the ambari host itself and i want to use that. so i selected option 1 (existing KDC) in ambari. But when i try to test the KDC connection it fails and i get the following error. 23 Mar 2016 13:16:29,457 WARN [qtp-ambari-client-18131] KdcServerConnectionVerification:187 - An unexpected exception occurred while attempting to communicate with the KDC server at hostname:88 over TCP 23 Mar 2016 13:16:29,459 WARN [qtp-ambari-client-18131] KdcServerConnectionVerification:187 - An unexpected exception occurred while attempting to communicate with the KDC server at hostname:88 over UDP 23 Mar 2016 13:16:29,460 ERROR [qtp-ambari-client-18131] KdcServerConnectionVerification:113 - Failed to connect to the KDC at hostname:88 using either TCP or UDP But when i try to do kinit or invoke any kerberos command from the ambari/KDC host it is working fine. It is pretty strange and i dont see any network related issues. this error is seen only when a wrong kdc information is provided. But in my case even after providing the correct details it fails. From the logs i couldnt trace anything. Is there any way to debug or trace it. i used ping, telenet to do the basic checks and everything is fine. P.s i have just replaced my KDC host names with the string "hostname"in the above error message. ... View more

Re: Ranger is not able to audit and polices are no...

by Guru in Support Questions
‎03-21-2016 08:59 AM
‎03-21-2016 08:59 AM
I have already accepted the answer as the best answer ... View more

Re: Manual KDC and kerberos option in ambari

by Guru in Support Questions
‎03-21-2016 06:52 AM
‎03-21-2016 06:52 AM
@Shivaji Thanks for your solution. It worked fine. ... View more

Re: Ranger is not able to audit and polices are no...

by Guru in Support Questions
‎03-21-2016 05:24 AM
1 Kudo
‎03-21-2016 05:24 AM
1 Kudo
@Stefan Kupstaitis-Dunkler, you were bang on. I changed the audit source type from solr to db and i see now the audits in the ranger ui. My another question is i dont wantto have all these log data in mysql db (as this will easily occupy the mysql db soon). Instead i want to have it in hdfs, how can i do that. Also if you see my earlier screen shots, i have selected audit to HDFS and DB in the ambari. How is then the audit logs not written to hdfs and how is solr taken as a default value? ... View more

Re: Ranger is not able to audit and polices are no...

by Guru in Support Questions
‎03-21-2016 12:54 AM
‎03-21-2016 12:54 AM
@Stefan Kupstaitis-Dunkler No i dont see audit events in either mysql database or in hdfs. But i have not enabled solr at all. ... View more

Re: Ranger is not able to audit and polices are no...

by Guru in Support Questions
‎03-18-2016 04:41 PM
‎03-18-2016 04:41 PM
@Stefan Kupstaitis-Dunkler This is the output find /usr/hdp -type f -name "*ranger-hdfs-plugin*"/usr/hdp/2.4.0.0-169/hadoop/lib/ranger-hdfs-plugin-impl/ranger-hdfs-plugin-0.5.0.2.4.0.0-169.jar /usr/hdp/2.4.0.0-169/hadoop/lib/ranger-hdfs-plugin-shim-0.5.0.2.4.0.0-169.jar /usr/hdp/2.4.0.0-169/ranger-hdfs-plugin/lib/ranger-hdfs-plugin-impl/ranger-hdfs-plugin-0.5.0.2.4.0.0-169.jar /usr/hdp/2.4.0.0-169/ranger-hdfs-plugin/lib/ranger-hdfs-plugin-shim-0.5.0.2.4.0.0-169.jar ranger-admin-site.xml ... View more

Ranger is not able to audit and polices are not ap...

by Guru in Support Questions
‎03-18-2016 01:14 PM
‎03-18-2016 01:14 PM
ranger-audit.png ranger-screenshot.jpg I have installed HDP 2.4 and installed ranger also i have enabled HDFs plugin and i used the default policy. I have attached the screenshots. Even when i try to access the resource, none of them is audited and stored. i have enabled both DB and HDFS to store the audit information. Am i missing anything? I do see the json file in the namenode (containing the policy details) /etc/ranger/arunpoy_hadoop/policycache ranger-auditenable.png So Ranger policies are not at all applied and i am not able to see the audit. But other functionalities like usersync are working properly My guess is i am missing something or is it not working properly ... View more
Labels:

Re: Manual KDC and kerberos option in ambari

by Guru in Support Questions
‎03-17-2016 06:57 AM
2 Kudos
‎03-17-2016 06:57 AM
2 Kudos
@Shivaji I dont have an AD integration as of now. Also i have done kerberos setup in the older versions of sandbox, where manual was the only option, i used to download the csv file and generate the keytabs. I just followed a couple of urls from the web. the below one is what i referred, but i dont need the AD integration http://hortonworks.com/blog/enabling-kerberos-hdp-active-directory-integration/ I havent explored the MIT KDC option. does that option allow us to install a KDC on one of the hosts and does everything cleanly. I will give a try that. Also another question is as of now i have only few components of the HDP stack. Suppose i want to add few more components in the future and kerberize them . How can i do that? IS it possible with Ambari? ... View more
Contact Me
Online
Offline
Last Visited
‎03-14-2019 05:48 AM
Community Statistics
Member Since ‎01-21-2016 11:26 AM
Last Visited ‎03-14-2019 05:48 AM
Posts 290
Kudos received 76