Hello Why does Hue run Impala query as 'hue/master1@MY-REALM' instead my username 'ben'?   I get this error (even i'm logged-in as 'ben' user)   Your query has the following error(s): Request from user 'hue/master1@MY-REALM' with requested pool 'it' denied access to assigned pool 'root.it'   Previous to Cloudera 5.7 i think Cloudera had llama service and ran Impala query as 'llama' user. Now with Cloudera 5.7 I could have Impala without llama and have it's own Dynamic Resource Management. but problem is Hue runs query as hue/master1... user instead of my username.   Similar thing happens to Hive. Hive runs hive query as 'hive' user instead of my username. I found it pretty annoying..   Does anyone has better idea to this? Ben ... View more

I have to ask this question   Few years ago, before the redesign of Hue interface, I was able to configure dataset, data-in, data-out, input-events on Oozie Coordinators from Hue.   However lately with the redesign, I don't see them anymore. It looks like it's replaced with CRON field. WHY!!??   or am I missing something?   I'm using Cloudera 5.7 with Hue 3.9 Ben ... View more

Hi.   I setup Hue load-balancing following instructions on  http://www.cloudera.com/content/www/en-us/documentation/enterprise/latest/topics/cdh_hag_hue_config.html   So i have nginx running and everything seems working fine. However when I open a file from File Browswer (http://hueserver:8888/filebrowser/view/filepath) the page gets redirected to http://hue/filebrowswer/view/filepath, and shows page not found error   i think the unexpected "hue" hostname comes from the upstream name on nginx configuration.   Anyone has any idea how to fix this?   Thanks  Ben ... View more

Hi ! Im using CHD 5.4.0 with kerberos secured cluster    When I run "Refresh Cluster" from Cloudera Manager, I get this message  Failed to update refreshable configuration files in the cluster    this is the stderr   + chown -R : /var/run/cloudera-scm-agent/process/1056-hdfs-DATANODE-refresh + acquire_kerberos_tgt hdfs.keytab + '[' -z hdfs.keytab ']' + '[' -n '' ']' + '[' validate-writable-empty-dirs = refresh-datanode ']' + '[' file-operation = refresh-datanode ']' + '[' bootstrap = refresh-datanode ']' + '[' failover = refresh-datanode ']' + '[' transition-to-active = refresh-datanode ']' + '[' initializeSharedEdits = refresh-datanode ']' + '[' initialize-znode = refresh-datanode ']' + '[' format-namenode = refresh-datanode ']' + '[' monitor-decommission = refresh-datanode ']' + '[' jnSyncWait = refresh-datanode ']' + '[' nnRpcWait = refresh-datanode ']' + '[' -safemode = '' -a get = '' ']' + '[' monitor-upgrade = refresh-datanode ']' + '[' finalize-upgrade = refresh-datanode ']' + '[' rolling-upgrade-prepare = refresh-datanode ']' + '[' rolling-upgrade-finalize = refresh-datanode ']' + '[' nnDnLiveWait = refresh-datanode ']' + '[' refresh-datanode = refresh-datanode ']' + '[' 3 -lt 3 ']' + DN_ADDR=bda1node02.company.com:50020 + /opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/lib/hadoop-hdfs/bin/hdfs --config /var/run/cloudera-scm-agent/process/1056-hdfs-DATANODE-refresh dfsadmin -reconfig datanode bda1node02.company.com:50020 start 15/10/07 16:27:43 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 15/10/07 16:27:43 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 15/10/07 16:27:43 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs (auth:KERBEROS) cause:java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] reconfig: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "bda1node02.company.com/192.168.8.2"; destination host is: "bda1node02.company.com":50020; + RET=255 + '[' 255 -ne 0 ']' + echo 'Unable to start reconfigure task on DataNode bda1node02.company.com:50020.' + exit 255       Any thoughts? Thank you Ben ... View more

Hi,   I have setup our Clouder cluster with Kerbers + AD. A user authenticate through MIT Kerberos to AD, and user/group info is read through  ShellBasedUnixGroupsMapping to AD.   If we run MR job with 300 simultaneous mappers (total 7000 mappers), our domain controller in AD hits CPU load of 100% throughout the job execution.   I executed MR job using Hive after appropritately authenticating with Kerberos server (kinit).   Why would MR job cause such CPU load? My initial thought was MR authenticate and gets user/group info once when job starts or hive-shell stats. Apparently my job is constantly overloading AD resources.   Does the job casue CPU spike each time mapper gets created? or is it each time mapper access HDFS?   And what would be the best way to resolve this issue?   Best regards, Ben     ... View more

Hello !   After some work I finished setting up Cloudera + MIT Kerberos + Windows AD.   from linux machine, I'm able to run "kinit ben@WIN-REALM" and then access hadoop or visit namenode webadmin. Of course I did configure SPNEGO on the web browser.   However, after logging in to my windows machine, which authenticate through windows AD, I can't access namenode webadmin which is at http://namenode:50070. I tried running kinit from CMD but nothing changes. this is what i get when i visit namenode webadmin.   HTTP ERROR 403 Problem accessing /index.html. Reason: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)   what extra configuration do i need to do on windows to access hadoop webadmin page?   thank you! Ben Powered by Jetty://   ... View more

Hi   I have enabled Sentry to work with HiveServer2 with Kerberos Authentication. Therefore, impersonication on HiveServer2 is turned off. Now all queries are run as 'hive' from Hue Hive UI, and oozie hive action.   How does resource management (YARN resource pool) works in this case? I want jobs to go into right pool, but now all Hive jobs are going into root.hive pool.   Samething happens with Impala when using llma. All impala jobs goes into root.llama pool.   Thank you Ben ... View more