I am interested in this as well. ... View more

The following always worked for me: kinit -kt hdfs.keytab hdfs hadoop fs -mkdir /benchmarks hadoop fs -chmod 0777 /benchmarks You can always lock down the directory permissions to only allow a certain group to write to this directory. ... View more

That particular package only comes from the MySQL Community repository.  Not from the OS repos or from the SCL repos. ... View more

Thanks, Li! ... View more

For posterity, I will helpfully refer to the   Cloudera documentation   on the topic.   (Good work docs folks.  I love the evironment customization.) ... View more

Has this situation improved over the past year?  Is there any public information on how to secure the back-end database connections?   ... View more

Assuming that you are referencing Cloudera Navigator Encrypt, as part of the process of encrypting a disk, you can move existing data onto that newly encrypted disk.  See the navencrypt-move command.   If you are referring to HDFS Transparent Encryption, then you must create a new encryption zone in HDFS (effectively a new directory) and then copy your HDFS data into it.  A lot of people ask "How can I encrypt an existing directory".  You would have to perform two extra steps and have plenty of available disk space:  1. Rename the existing directory in HDFS: "hdfs dfs -mv /data /data.bak" 2. Set up the encryption zone for /data. "hadoop key create <keyname>; hdfs dfs -mkdir /data; hdfs crypto -createZone -keyName <keyname> -path /data" 3. Copy the data in /data.bak to /data. "hdfs dfs -cp /data.bak/\* /data/" 4. Remove /data.bak. "hdfs dfs -rm -R /data.bak" ... View more

And to fully answer myself, here are the links to vendor documentation:   Red Hat/CentOS https://access.redhat.com/solutions/8709 https://wiki.centos.org/FAQ/CentOS7#head-8984faf811faccca74c7bcdd74de7467f2fcd8ee https://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df Debian/Ubuntu https://wiki.debian.org/DebianIPv6#How_to_turn_off_IPv6 https://wiki.ubuntu.com/IPv6#Disabling_IPv6 Suse https://www.suse.com/support/kb/doc.php?id=7015035 https://www.suse.com/support/kb/doc/?id=7012111 ... View more

Thanks.  It sounds like the following should suffice:   sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1   ... View more

@Alex,   I am curious as to what the Proactive Support tests look for when testing whether IPv6 is enabled.  Is it the existence of IPv6 addresses on interfaces or the presence of the IPv6 kernel module?   Red Hat's solutions indicate that you can either disable the kernel module via kernel boot options (results in other things breaking) or disable IPv6 on network interfaces via sysctl.  Debian appears to be similar.   ... View more

Hey @bgooley,   Is there any update on  DOCS-1862? ... View more

@sridharm   Hue is not written in Java, thus the Oracle connector jar will not work.  You want the Oracle Instant Client for Hue Parcel. ... View more

@bgooley,   So to clarify my assumptions and (mis)understandings:   The allowed_hosts setting is not checking the HTTP client's DNS domain.  It is the Hue webserver framework (ie Django) checking the HTTP Host: header that the client sends.   In my case of AWS VPC with default public subnet configuration, my web browser thinks I am talking to ec2-54-50-32-4.compute-1.amazonaws.com and sends that as the Host: header.  The Hue server sees that, expecting something more like ip-10-1-2-3.ec2.internal, and replies with the "Bad Request (400)" to the client.   ... View more

I would like to understand what security risk this change addresses.  From what I can tell, this will adversly impact any cloud deployment that is using default cloud-provided domain names (ie AWS with default VPC configuration) and it will not affect any environment (ie on-premesis) where the clients are in the same domain as Hue.  The only situation that I have been able to imagine is one where Hue is sitting on the public Internet at hue.domain with a very loose firewall (if any) but we want only clients (laptop.domain) to be served.   Can the Hue Team elaborate on how allowed_hosts=".domain" can possibly help my customers and why every AWS install I do with 5.10 will require me to revert to allowed_hosts="*"? ... View more

When will Director support this natively? ... View more

SpiveyBen,   Is there some sort of roadmap/timeline for support of both LDAP and Kerberos for HS2 clients? ... View more