Cloudera Community
teo123
user rank
Explorer

Can't keep Hive service healthy

by Explorer in Support Questions
‎05-07-2025 05:11 AM
‎05-07-2025 05:11 AM
Hello, After cloudera cluster upgrade, the hive service becomes unhealthy after a few hours. What i noticed is that the symlinks from /etc/alternatives are still pointing to the old parcel, but not sure if this is what makes the service unhealthy because I keep seeing the following error in the logs: ERRORS: Failed to get database cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_* NoSuchObjectException(message:No catalog cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_* Failed to delete hdfs://*/user/hue/.cloudera_manager_hive_metastore_canary/cloudera_manager_metastore_canary_test_catalog_hive_HIVEMETASTORE_*   Thank you! ... View more

Re: Hardening Security on cloudera Cluster

by Explorer in Support Questions
‎05-05-2025 11:18 PM
‎05-05-2025 11:18 PM
Sorry, just an update regarding port 7000. From my debug on the server, this port is opened by a java process running the zookeeper-server process. This is why I mentioned it here.  Also, the configuration in the zookeeper service -> Server -> metrics   Thanks! ... View more

Re: Hardening Security on cloudera Cluster

by Explorer in Support Questions
‎05-05-2025 10:39 PM
‎05-05-2025 10:39 PM
hello,   Thank you for your answer. 1. port 7000 here: https://access.redhat.com/solutions/198813 it says to modify 'echo TraceEnable off >>/etc/httpd/conf/httpd.conf' & and restart 'service httpd reload' apache server. The problem is that on none of my servers in the cluster, the httpd service is not actually running. Do you have any other suggestions?   2. For MapReduce -> I enabled HTTS on MapReduce Shuffle with:   but I still don't understand where I should add the HSTS header configuration. In ssl-server.xml? How would the config look like? Like in the image bellow?   I tested with what I stated in the images above and HSTS header is not present.   Thank you! ... View more

Hardening Security on cloudera Cluster

by Explorer in Support Questions
‎05-05-2025 06:26 AM
‎05-05-2025 06:26 AM
Hello, During a security scan, two issues have been discovered in my Cloudera cluster (Cloudera Manager version 7.13.1, Cloudera Runtime 7.3.1). Zookeeper issue (Zookeeper version 3.8.1.7.3.1.0-197): On the nodes where zookeeper runs, I have the bellow issue: HTTP TRACE / TRACK Methods Allowed - Debugging functions are enabled on the remote web server - port 7000 Mapreduce HSTS header: HSTS Missing From HTTPS Server / port 13562   Can you please assist on how to mitigate these issues?   Thank you!   ... View more

Re: Enable HSTS header for Cloudera Management Ser...

by Explorer in Support Questions
‎04-30-2025 10:41 PM
‎04-30-2025 10:41 PM
Hello, Thank you for your answer! I need to ENABLE HSTS header on all ports in the cluster which are exposed via HTTPS.  But if I understand it correcly, I can safely disable the debug interface. I can’t enable HSTS on the Service and Host Monitoring services, right?   Thank you so much! All the best! ... View more

Enable HSTS header for Cloudera Management Service...

by Explorer in Support Questions
‎04-30-2025 09:28 AM
‎04-30-2025 09:28 AM
Hello, I need to enable the HSTS header for Cloudera Management Services - Host Monitor Service and Service Monitor Service. Whilst I managed to do this for all the other services in the cluster using CORE_SETTINGS -> via HTTP Strict Transport Security parameter, this doesn't seem to be applied to Host Monitor Service and Service Monitor Instance from Cloudera Management Services . Is there a way to enable this? I am running a cloudera manager 7.13.1 with a cloudera runtime 7.3.1. Thank you so much! ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎05-07-2025 09:45 PM
Community Statistics
Member Since ‎04-30-2025 09:21 AM
Last Visited ‎05-07-2025 09:45 PM
Posts 6