Hi ! I tried to install CDP 7.4.4 trial version on an Rocky 8.7  but installer refuse. Did you do any trick to "bypass" the installer os check ? its on an x86-64 machine/s ... View more

The symbolic link is intentional but less important as its primary purpose is to ultimately prevent the need for changes in configured/operating software. The navencrypt-move tool creates a specific storage architecture in the encrypted "container" that is uses to identify monitored spaces for which the kernel module applies controls. If you are not using this structure the ACLs will not work properly unless you are using the Universal ACL which then applies little to no control over data access. ... View more

The following always worked for me: kinit -kt hdfs.keytab hdfs hadoop fs -mkdir /benchmarks hadoop fs -chmod 0777 /benchmarks You can always lock down the directory permissions to only allow a certain group to write to this directory. ... View more

That particular package only comes from the MySQL Community repository.  Not from the OS repos or from the SCL repos. ... View more

For posterity, I will helpfully refer to the   Cloudera documentation   on the topic.   (Good work docs folks.  I love the evironment customization.) ... View more

Has this situation improved over the past year?  Is there any public information on how to secure the back-end database connections?   ... View more

Assuming that you are referencing Cloudera Navigator Encrypt, as part of the process of encrypting a disk, you can move existing data onto that newly encrypted disk.  See the navencrypt-move command.   If you are referring to HDFS Transparent Encryption, then you must create a new encryption zone in HDFS (effectively a new directory) and then copy your HDFS data into it.  A lot of people ask "How can I encrypt an existing directory".  You would have to perform two extra steps and have plenty of available disk space:  1. Rename the existing directory in HDFS: "hdfs dfs -mv /data /data.bak" 2. Set up the encryption zone for /data. "hadoop key create <keyname>; hdfs dfs -mkdir /data; hdfs crypto -createZone -keyName <keyname> -path /data" 3. Copy the data in /data.bak to /data. "hdfs dfs -cp /data.bak/\* /data/" 4. Remove /data.bak. "hdfs dfs -rm -R /data.bak" ... View more

@soundy Yes the feature already exists in CDH to allow HiveServer2 to be configured for both Kerberos and LDAP authentication at the same time, just like Impala.  You don't need any "testing mode" configurations or anything like that. ... View more

Thank you Michael. I appreciate the links. ... View more

@sridharm   Hue is not written in Java, thus the Oracle connector jar will not work.  You want the Oracle Instant Client for Hue Parcel. ... View more

Can you give me the exact AMI IDs that you are using to try out? ... View more

@bgooley,   So to clarify my assumptions and (mis)understandings:   The allowed_hosts setting is not checking the HTTP client's DNS domain.  It is the Hue webserver framework (ie Django) checking the HTTP Host: header that the client sends.   In my case of AWS VPC with default public subnet configuration, my web browser thinks I am talking to ec2-54-50-32-4.compute-1.amazonaws.com and sends that as the Host: header.  The Hue server sees that, expecting something more like ip-10-1-2-3.ec2.internal, and replies with the "Bad Request (400)" to the client.   ... View more