Member since
07-12-2024
4
Posts
1
Kudos Received
0
Solutions
05-27-2025
01:00 PM
Hi We've an existing HDP cluster with version 2.6.5.0-292 with Ranger service setup. Will this Ranger work with MySql 8.4 (without upgrading HDP itself)? From the documentation, it looks like it doesn't but wanted to confirm. Thanks
... View more
Labels:
- Labels:
-
Hortonworks Data Platform (HDP)
07-22-2024
08:13 AM
1 Kudo
Hi, yes it was a problem with incorrect pass phrase being passed to the keystorePassword.
... View more
07-15-2024
07:26 AM
Hi, I tried following the use case 3. I generated the certificates for all the hosts. When I ran the generateCmCa api, I'm running into this error: Entering HTTP Operation: Method:POST, Path:/v41/cm/commands/generateCmca INFO scm-web-77659:com.cloudera.cmf.service.ServiceHandlerRegistry: Executing Global command GenerateCMCACommand GenerateCmcaCmdArgs{sshPort=22, userName=REDACTED, password=REDACTED, passphrase=REDACTED, privateKey=REDACTED, customCA=true, interpretAsFilenames=true, additionalArguments=null, location=/opt/cloudera/CMCA}. INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCommand: {CLUSTER_NAME} has Kerberos enabled and will be reconfigured to use SASL INFO scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Executing command 1546436812 work: Execute 14 steps in sequence INFO scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Executing command 1546436812 work: Generate a CMCA and enable Auto-TLS. INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Determined CMCA location: /var/lib/cloudera-scm-server/certmanager INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Modifying init file if present: /var/lib/cloudera-scm-server/certmanager/cm_init.txt INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Generating CMCA INFO scm-web-77659:com.cloudera.cmf.command.CertmanagerRunner: Running CMCA command with args: [setup_custom_certdir, --host-cert, REDACTED, --host-key, REDACTED, --ca-cert, REDACTED, --keystore-pw-file, /tmp/auto-tls/keys/key.pwd, --truststore-pw-file, REDACTED, --configure-services, --skip-cm-init, --override, keystore_type=jks] ERROR scm-web-77659:com.cloudera.cmf.command.CertmanagerRunner: Failed to run CMCA command, return code: 1, stderr: INFO:root:certmanager not running as root INFO:root:Logging to /var/log/cloudera-scm-agent/certmanager.log Traceback (most recent call last): File "/opt/cloudera/cm-agent/bin/certmanager", line 11, in <module> load_entry_point('cmf==7.6.7', 'console_scripts', 'certmanager')() File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2857, in main return certmanager(obj=argparse.Namespace()) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 716, in __call__ return self.main(*args, **kwargs) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 696, in main rv = self.invoke(ctx) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 1060, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 889, in invoke return ctx.invoke(self.callback, **ctx.params) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 534, in invoke return callback(*args, **kwargs) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/decorators.py", line 27, in new_func return f(get_current_context().obj, *args, **kwargs) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2694, in setup_custom_certdir truststore_password) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2014, in setup_server_with_custom_certs self.copy_node_cert(None, hostname) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 1798, in copy_node_cert keystore_file, hostname, password) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 1607, in _write_keystore_file raise Exception("Failed to generate host pkcs12 file.") Exception: Failed to generate host pkcs12 file. WARN scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Command 1546436812 Unexpected exception during doWork java.lang.IllegalStateException: Failed to run CMCA command, return code: 1 The ssh user has root permissions assigned. Can you help me with this please @upadhyayk04 Thank you
... View more
07-12-2024
07:40 AM
Hi I have an existing CDP 7.1.x cluster with Auto-tls enabled during the creation of the cluster. I followed the use case 2: https://docs.cloudera.com/cdp-private-cloud-base/7.1.9/security-encrypting-data-in-transit/topics/cm-security-use-case-2.html, to use an existing Root CA. Recently the certificates expired and I'm trying to renew them. I've a couple of questions from the documentation. 1. In the above page, it mentions "In this use case, rotation of the Auto-TLS certificate authority is not supported. Cloudera recommends creating an intermediate CA with a long lifetime. The host certificates can be rotated by using the generateHostCerts API." - Should I use this to generate the host certs. If so, can I get an example of the API call and it's usage. 2. Or should I use this use case 3: https://docs.cloudera.com/cdp-private-cloud-base/7.1.8/security-encrypting-data-in-transit/topics/cm-security-use-case-3.html. Generate the certificates myself and use the generateCmCa api? I don't mind the using the UI too, but I don't think that's feasible with a different Root CA case. Can you suggest how can I go about this please? Thanks
... View more
Labels:
- Labels:
-
Cloudera Data Platform (CDP)