Hi @EranK, can you please double-check the Windows Server version with your Active Directory team? The releases of Windows Server include 2012 and 2012 RC2 but not 2013.   Hence, you might be using Windows Server 2012 (or 2012 RC2) which fits to the referenced documentation page.   While I can not provide you with a support matrix, from personal experience I know that a Windows Server 2012 KDC does work together with Cloudera. However, pay close attention to the chosen encryption types to choose ones that are supported / activated in your specific Active Directory.   Regards Benjamin ... View more

While the output of the log does not provide any insights (are these the logs before the server crashed?) the journalctl output could hint a OOM of the Cloudera Manager Server.   You can try to change the heap to 4GB and test if the behaviour persists. To do so, alter /etc/default/cloudera-scm-server and change -Xmx2G to -Xmx4G in this line: export CMF_JAVA_OPTS="-Xmx2G -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp"   ... View more

Hi @hiveexport, can you please clarify, if you ran this command exactly as you wrote it or which parts were anonymized to hide sensitive values? ... View more

Hi @R_SHETH, great to hear! Please mark the reply as the accepted answer if it solved your problem 🙂 ... View more

Hi YurriL,   can you please provide the latest output from /var/log/cloudera-scm-server/cloudera-scm-server.log any errors or warnings from "journalctl -xe" ... View more

You can override the "spark-submit" association with alternatives, e.g.: /usr/sbin/alternatives --set spark-submit <path-to-spark2-submit> # <path-to-spark2-submit> could be like "/opt/cloudera/parcels/SPARK2-2.2.0-cloudera1-cdh5.13.3.p0.611179/bin/spark2-submit" # This is a path of CDH 5 to the Spark parcel directory. You need to adjust it to your path (the one that spark2-shell is pointing to) # You can find this path with: /usr/sbin/alternatives --display spark2-submit   However, from CDH 6.x, it is normal to use spark-submit instead of spark2-submit because there is only Spark2 included in CDH. Also, it is normal to use the packaged version inside of the CDH distribution, which seems to be 2.4.0 for your CDH 6.1.1. I am not sure, if using a different version is supported or recommended by Cloudera.   How did you install that Spark 2.2 version in your CDH 6 cluster?    Also see https://www.cloudera.com/documentation/enterprise/6/6.1/topics/spark.html ... View more

To use the system's own commands like "curl", you also need to import the AD certificate (or its root CA's certificate) to the system non-Java truststore.   For RHEL 7, the procedure is as follows: Copy the pem-file to  /etc/pki/ca-trust/source/  and run  update-ca-trust extract. ... View more

Hi @lsouvleros, as you already pointed out: this is influenced by a number of factors and widely influenced by your use case and existing organizational context.   Comparing to an HDFS in a classic compute/storage-coupled Hadoop cluster, some of the discussions from here do also apply: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sdx_vpc.html. This is, because Isilon is a network-attached storage and - similar to using Cloudera Virtual clusters - this has some implications on performance, especially for workloads with high-performance requirements. I have also seen environments where using Isilon instead of HDFS had impact on Impala performance.   In terms of reliability and stability, you can argue each way - depending on your architecture. However, a multi-datacenter-deployment is likely to be more easy to realize with Isilon, due to its enterprise-proof replication and failover capabilities.   In terms of efficiently using storage space, Isilon will have advantages. However, the higher cost compared to JBOD-based HDFS might make this point irrelevant.   For scalability, I guess it depends again on your organizational setup. You can easily scale up Isilon by buying more boxes from EMC. There are certainly really large Isilon deployments out there. On the other hand, scaling HDFS is also not hard and can help you to realize huge deployments.   In the end it will be a tradeoff of higher costs with Isilon but with more easy management vs. lower costs by higher efforts with HDFS.    This is my personal opinion and both EMC and Cloudera might have stronger arguments for their respective storage (e.g. [EMC link]). You can also look for the latest announcement for the blog.   Regards, Benjamin ... View more

From the sent screenshots both errors regarding port binding and missing directory seem to originate from the Edge Server (where there should not be any DataNode from your first screenshots). Can you please double-check that you are not trying to run a DataNode on your Edge Node? The logs may not be relevant then.   From your other screenshot there might be a problem in the interconnection of DataNodes and NameNode. Can you please check the NameNode log? ... View more

Hi pollard, most services expose a "/conf" servlet in their WebUI which gives you the most complete set of actually used parameters. This should be the most promising source of thruth. Impala has a similar Servlet with path "/varz".   The instance process view of Cloudera Manager shows you the actually distributed config files - which often helps a lot but does not include default values. You can reach it from a service (e.g. Impala) by clicking on "Instances" -> (the instance you want to see, e.g. Impala Catalog Server on a node) -> Processes   Regards, Benjamin ... View more

Hi SS, you could try to declare the disks of the additional nodes as SSD-tier and flag the temporary data with One_SSD storage policy. This way, data should only reside on the declared "SSD-disks" and by that on the "burst nodes". However, keep in mind the performance implications when storing data only on a subset of your cluster. Jobs that primarily use that data might create more heavy network load and suffer from a lower aggregated IO bandwith thus leading to degraded performance. Regards, Benjamin ... View more

Hi, are you using an environment managed by Cloudera Manager? Setting parameters such as the secure datanode user should not be required when using the Cloudera-Manager-guided Kerberos path. Please refer to https://www.cloudera.com/documentation/enterprise/5-11-x/topics/cm_sg_intro_kerb.html   Please note that using root for Datanodes was required in HDFS to bind to privileged ports (<1024) in order to protect against attackers spinning up rouge DataNodes inside of YARN jobs. With SASL protection and SSL this is not required anymore and the user is "hdfs" again.   Regards Benjamin ... View more

I am using CDH/CM 6.2. Will update the cluster and test again. However, according to the docs, it should already work since 5.14. ... View more

Nope Sentry is set up and all other grants work. It is only the SELECT GRANT that makes problems and does not work in Impala. ... View more

Hi,   I am using the same user for the access both from Hive and Impala. Besides, both users are in the Sentry admin group list.   Best Benjamin ... View more

Quite strangely, the same GRANT Query seems to work when running through HiveServer2 (e.g. using beeline). Is this an Impala Bug? ... View more

Yes, there is. In Spark 2.x set the parameter "spark.ui.killEnabled" to false in "Custom spark2-defaults" / spark-defaults.conf. ... View more

Did you authenticate using Keytabs or using a password-based kinit? Could you please send the result of "klist" and "klist -kte <keytab-file>" ... View more

Hi @Jinyu Li your issue is likely produced by Hive Permission Inheritance. After creating the tables, the Sqoop app tries to change the owner/mode of the created HDFS files. Ranger permissions (even rwx) do not give rights to change POSIX owner/mode, which is why the operation fails. Such failure is classified as "EXECUTE" action by Ranger. You can find more details in the HDFS Audit log, stored locally on the NameNode. Solution: Could you please try to set "hive.warehouse.subdir.inherit.perms" to false and re-run the job? This stops Hive Imports from trying to set permissions, which is fine when Ranger is the primary source of authorization. see https://cwiki.apache.org/confluence/display/Hive/Permission+Inheritance+in+Hive for more details. Best, Benjamin ... View more

@Adi Jabkowsky This did the trick! Thank you. Now it works. ... View more

I am having the same issues after upgrading from Ambari 2.4.0.1 to Ambari 2.5.0.3: The CapSched View is effectively unusable, as no Admin can access it anymore. ... View more

Thank you for that answer. I was not sure, if there are any specialities, as Hive did some custom checks for read/write rights until: https://issues.apache.org/jira/browse/HIVE-7583 and https://issues.apache.org/jira/browse/HDFS-6570 ... View more

Thank you! This answers the second question. ... View more