Member since
05-22-2017
56
Posts
12
Kudos Received
2
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
841 | 11-29-2021 01:52 AM | |
3340 | 12-06-2018 06:37 PM |
02-21-2019
05:05 AM
Hi @rajendra, Disabling Spnego for Ambari Infra will affect Atlas Startup from Ambari UI. Because Atlas runs curl cmd over Infra using --negotiate option and doesn't get expected output, startup fails. Do kinit with admin user and try to check. or try setting up [domain_realm] in krb5.conf of infra server
... View more
12-06-2018
06:37 PM
1 Kudo
Hi @Sajesh PP Currently, I see a hadoop_logs collection which logsearch uses is in down state and not recovering, due to which leader is not assigned to the collection. For fix this issue, you can drop the collection. If cluster is kerberized follow below step: kinit with ambari-infra keytab # curl -i -v --negotiate -u : "http://<SOLR_HOST>:8886/solr/admin/collections?action=DELETE&name=hadoop_logs" Restart LogSearch, which will create hadoop_logs. If the cluster is Non-Kerberos just normal url in a browser that will also work. Same method, can be used for other collections, if they are in DOWN state. You can access Solr UI -> Cloud -> check the status of collections
... View more
01-06-2018
07:57 AM
Is it possible to share the ldapsearch output for a specific user you're trying to access webhdfs. or use main.ldapRealm.userSearchBase=OU=Domain Users & Groups,DC=ragaca,DC=com and let me know if it works
... View more
01-06-2018
03:33 AM
can you correct the user search base seems to be incorrect. Refer : Using Apache Knox with ActiveDirector <param>
<name>main.ldapRealm.userSearchBase</name>
<value>Users,OU=Domain Users & Groups,DC=ragaca,DC=com</value>
</param>
... View more
10-11-2017
06:13 PM
Hi @skothari, From where do we get -srcalias <src-alias> from Step 3 ?
... View more
10-05-2017
01:06 PM
2 Kudos
Cloudbreak contains mini KNOX which is not managed by Ambari. Below are the steps to replace Self Signed Certificate with CA Signed Certificates Step 1: Remove below two entries from /usr/hdp/current/knox-server/conf/gateway-site.xml and save it. <property>
<name>gateway.signing.keystore.name</name>
<value>signing.jks</value>
</property>
<property>
<name>gateway.signing.key.alias</name>
<value>signing-identity</value>
</property> Step 2: Take a backup of original configuration: [~]$ cd /usr/hdp/current/knox-server/data/security/keystores/
[~]$ mkdir backup
[~]$ mv __gateway-credentials.jceks gateway.jks backup/ Step 3: Create a keystore in PKCS12 format from your private key file, certificate, Intermediate certificate and root certificate [~]$ openssl pkcs12 -export -out corp_cert_chain.pfx -inkey <private-key>.key -in <cert.cer> -certfile <root_intermediate>.cer -certfile <root_ca>.cer Step 4: Regenerate Master Key. Use the same password for master key and keystore. # rm -rf /usr/hdp/current/knox-server/data/security/master
# ls -l /usr/hdp/current/knox-server/data/security/master
# /usr/hdp/current/knox-server/bin/knoxcli.sh create-master Step 5: Generate Knox keystore [~]$ cp corp_cert_chain.pfx /usr/hdp/current/knox-server/data/security/keystores/
[~]$ cd /usr/hdp/current/knox-server/data/security/keystores/
[~]$ keytool -importkeystore -srckeystore corp_cert_chain.pfx -srcstoretype pkcs12 -destkeystore
gateway.jks -deststoretype jks -srcstorepass <src-keystore-password> -deststorepass <knox-master-secret> -destkeypass <knox-master-secret> Step 6: Replace the alias of keystore keytool -changealias -alias "1" -destalias "gateway-identity" -keypass keypass -keystore gateway.jks-storepass storepass Step 7: Store the keystore password in jceks file [~]$ /usr/hdp/current/knox-server/bin/knoxcli.sh create-alias gateway-identity-passphrase
--value <knox-master-secret> Step 8: Restart Knox, you should see the below-highlighted lines in your knox logs [~]$ tail –f /var/log/knox/gateway.log
... View more
Labels:
09-06-2017
12:53 PM
Hi @Pooja Kamle, Caused by: javax.naming.CommunicationException: simple bind failed: <server>:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] The issue is Active Directory SSL certificate had not been imported into the "cacerts" keystore used by the Java Runtime Environment (JRE) running the Zeppelin services. Could you please ensure you have imported the AD SSL certificate into the cacerts keystore on the node running Zeppelin.
... View more
09-02-2017
04:29 AM
Hi @Kartik Ramalingam, Regarding Step 7: KNOX To enable Ranger Plugin : Replace instances of AclsAuthz with XASecurePDPKnox in topology.xml To disable Ranger Plugin : Replace instance of XASecurePDPKnox with AclsAuthz in topology.xml
... View more
08-22-2017
09:18 AM
4 Kudos
Requirement: HDP 2.6.1 Fix version is knox: 0.12.0, according to KNOX-841 Method I: Using "solr" as data service {/usr/hdp/current/knox-server/data/services/solr} Add below in Ambari UI > KNOX > Configs > Advanced topology for Solr UI. default.xml <service>
<role>SOLR</role>
<url>http://<solr-hostname>:8983</url>
</service>
Make sure service def is in Upper Case. Restart KNOX Use below URL for access Solr UI using KNOX https://<knox-hostname>:8443/gateway/default/solr Method II: Using "solrapi" as data service {/usr/hdp/current/knox-server/data/services/solrapi} for Banana UI KNOX-528 Add below in Ambari UI > KNOX > Configs > Advanced topology for Solr UI. default.xml <service>
<role>SOLRAPI</role>
<url>http://<solr-hostname>:8983/solr</url>
</service>
Login into sorl server: Please make sure you have "banana" folder under below location. /opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp Create a new file called banana-jetty-context.xml under /opt/lucidworks-hdpsearch/solr/server/contexts and populate it with the following <?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath"><Property name="hostContext" default="/solr/banana"/></Set>
<Set name="war"><Property name="jetty.base"/>/solr-webapp/webapp/banana</Set>
<Set name="defaultsDescriptor"><Property name="jetty.base"/>/etc/webdefault.xml</Set>
<Set name="extractWAR">false</Set>
</Configure> Restart SOLR and access Banana UI using below URL. https://<knox-hostname>:8443/gateway/default/solr/banana/index.html#/dashboard
... View more
Labels:
08-15-2017
08:30 AM
@Hajime Thanks , It worked for me. Some kind typo in copy paste.
... View more
- « Previous
-
- 1
- 2
- Next »