About Kartik_Agarwal

Kartik_Agarwal · ‎10-11-2021

To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart

Kartik_Agarwal · ‎10-11-2021

To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart

Kartik_Agarwal · ‎10-11-2021

To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart

Kartik_Agarwal · ‎10-11-2021

To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart

Kartik_Agarwal · ‎10-03-2021

I was facing the similar error and got it resolved by added Hadoop users to passwd file. resource_management.core.exceptions.ExecutionFailed: Execution of 'usermod -G hadoop -g hadoop hive' returned 6. usermod: user 'hive' does not exist in /etc/passwd Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py', 'ANY', '/var/lib/ambari-agent/data/command-59009.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY', '/var/lib/ambari-agent/data/structured-out-59009.json', 'INFO', '/var/lib/ambari-agent/tmp', 'PROTOCOL_TLSv1_2', ''] >> File location /etc/passwd >> Adduser hadoop

Kartik_Agarwal · ‎10-03-2021

I was facing the similar error and got it resolved by added Hadoop users to passwd file. resource_management.core.exceptions.ExecutionFailed: Execution of 'usermod -G hadoop -g hadoop hive' returned 6. usermod: user 'hive' does not exist in /etc/passwd Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py', 'ANY', '/var/lib/ambari-agent/data/command-59009.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY', '/var/lib/ambari-agent/data/structured-out-59009.json', 'INFO', '/var/lib/ambari-agent/tmp', 'PROTOCOL_TLSv1_2', ''] >> File location /etc/passwd >> Adduser hadoop

Kartik_Agarwal · ‎09-29-2021

If you are using the Java truststore it does not have any file extension name like (jks or pem). So it does not require any extension. You need to make sure that it is having the right set of permission to access the truststore.

Kartik_Agarwal · ‎09-29-2021

To invoke kerberos related operations via Ambari APIs requires, we store the KDC credentials to the Ambari's credential store. For more information on the same please refer to: https://community.cloudera.com/t5/Community-Articles/Adding-KDC-Administrator-Credentials-to-the-Ambari/ta-p/246591 1. To set up Ambari's credential store, the following command must be invoked from the Ambari server host's command line: # ambari-server setup-security Then choose option [2] Encrypt passwords stored in ambari.properties file. 2. Review the changes. Once this is complete, the Ambari credential store will be located at /var/lib/ambari-server/keys/credentials.jceks. 3. Restart ambari server. 4. Now we should be able to store the KDC credentials to the ambari credentials store. # curl -u admin:admin -H 'X-Requested-By: ambari' -X POST -d '{ 'Credential' : {'principal' : 'admin/admin@EXAMPLE.COM', 'key' : 'admin','type' : 'persisted'}}' http://example.com:8080/api/v1/clusters/kerberos_ambari/credentials/kdc.admin.credential 5. After this we should be able to run the Kerberos API calls like following: Regenerate for all curl -u admin:admin -H 'X-Requested-By: ambari' -X PUT -d '{'Clusters':{'security_type':'KERBEROS'}}' http://example.com:8080/api/v1/clusters/kerberos_ambari?regenerate_keytabs=all (OR) Below is for missing once. curl -u admin:admin -H 'X-Requested-By: ambari' -X PUT -d '{'Clusters':{'security_type':'KERBEROS'}}' http://example.com:8080/api/v1/clusters/kerberos_ambari?regenerate_keytabs=missing

Kartik_Agarwal · ‎09-23-2021

HDFS data might not always be distributed uniformly across DataNodes. One common reason is addition of new DataNodes to an existing cluster. HDFS provides a balancer utility that analyzes block placement and balances data across the DataNodes. The balancer moves blocks until the cluster is deemed to be balanced, which means that the utilization of every DataNode (ratio of used space on the node to total capacity of the node) differs from the utilization of the cluster (ratio of used space on the cluster to total capacity of the cluster) by no more than a given threshold percentage. The balancer does not balance between individual volumes on a single DataNode. To free up the spaces in particular datanodes. You can use a block distribution application to pin its block replicas to particular datanodes so that the pinned replicas are not moved for cluster balancing. https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.6.0/bk_hdfs-administration/content/overview_hdfs_balancer.html

Kartik_Agarwal · ‎09-23-2021

make sure that the Ambari Server trusts the certificate that the LDAP server is using. One quick way to get that certificate directly is to use openssl to retrieve that certificate from the LDAP server, and then explicitly add it to a new keystore: $ openssl s_client -showcerts -connect ldapserver.domain.com:636 You'll see the certificate printed in STDOUT, just look for BEGIN CERTIFICATE. You will need to grab the entire certificate including the ----BEGIN and END ---- text, and save it to a file. In this case we'll call it ldap.cert. Once this has been done you can follow 1.2.(1-3) steps in the doc to create a new JKS keystore and import that certificate to ensure that it's trusted by Ambari: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_Ambari_Security_Guide/content/_configure_... Now you've got a JKS keystore with that certificate in it, you can tell Ambari to use that when connecting to your LDAP server using SSL by re-running the ambari-server setup-ldap. Just make sure you answer correctly for: Use SSL=true TrustStore type=jks Path to TrustStore file=/etc/ambari-server/keys/ldaps-keystore.jks Password for TrustStore={{ what you typed in step 1.2.3 }}

Online	Offline
Last Visited	‎03-27-2025 08:55 AM

Member Since	‎03-11-2020 04:39 AM
Last Visited	‎03-27-2025 08:55 AM
Posts	197
Kudos received	30

Cloudera Community

Re: Creating SCM configuration file in /etc/cloude...

Re: How to disable kerberos in hive once it has be...

Re: /var/log directory is being changed permission...

Re: Nifi authentication ldap can login but cant ac...

Re: How to put the alert name into the subject of ...

Re: Hive view crashing on ambari after setting up ...

Re: Error while enabling Ambari View

Re: Service 'webhcat' check failed: RA040 I/O erro...

Re: yarn queue manager error: Couldn't connect to ...

Re: Ambari unable to run custom hook for modifying...

Re: Ambari cluster deploy

Re: what extension should keystore and truststore ...

Re: Regenerating Kerberos Keytabs from Ambari API

Re: How HDFS balancer works ?

Re: How to update Ambari truststore and Ranger key...