Hi @EranK, can you please double-check the Windows Server version with your Active Directory team? The releases of Windows Server include 2012 and 2012 RC2 but not 2013.   Hence, you might be using Windows Server 2012 (or 2012 RC2) which fits to the referenced documentation page.   While I can not provide you with a support matrix, from personal experience I know that a Windows Server 2012 KDC does work together with Cloudera. However, pay close attention to the chosen encryption types to choose ones that are supported / activated in your specific Active Directory.   Regards Benjamin ... View more

While the output of the log does not provide any insights (are these the logs before the server crashed?) the journalctl output could hint a OOM of the Cloudera Manager Server.   You can try to change the heap to 4GB and test if the behaviour persists. To do so, alter /etc/default/cloudera-scm-server and change -Xmx2G to -Xmx4G in this line: export CMF_JAVA_OPTS="-Xmx2G -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp"   ... View more

Hi @hiveexport, can you please clarify, if you ran this command exactly as you wrote it or which parts were anonymized to hide sensitive values? ... View more

Hi YurriL,   can you please provide the latest output from /var/log/cloudera-scm-server/cloudera-scm-server.log any errors or warnings from "journalctl -xe" ... View more

To use the system's own commands like "curl", you also need to import the AD certificate (or its root CA's certificate) to the system non-Java truststore.   For RHEL 7, the procedure is as follows: Copy the pem-file to  /etc/pki/ca-trust/source/  and run  update-ca-trust extract. ... View more

Hi @lsouvleros, as you already pointed out: this is influenced by a number of factors and widely influenced by your use case and existing organizational context.   Comparing to an HDFS in a classic compute/storage-coupled Hadoop cluster, some of the discussions from here do also apply: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sdx_vpc.html. This is, because Isilon is a network-attached storage and - similar to using Cloudera Virtual clusters - this has some implications on performance, especially for workloads with high-performance requirements. I have also seen environments where using Isilon instead of HDFS had impact on Impala performance.   In terms of reliability and stability, you can argue each way - depending on your architecture. However, a multi-datacenter-deployment is likely to be more easy to realize with Isilon, due to its enterprise-proof replication and failover capabilities.   In terms of efficiently using storage space, Isilon will have advantages. However, the higher cost compared to JBOD-based HDFS might make this point irrelevant.   For scalability, I guess it depends again on your organizational setup. You can easily scale up Isilon by buying more boxes from EMC. There are certainly really large Isilon deployments out there. On the other hand, scaling HDFS is also not hard and can help you to realize huge deployments.   In the end it will be a tradeoff of higher costs with Isilon but with more easy management vs. lower costs by higher efforts with HDFS.    This is my personal opinion and both EMC and Cloudera might have stronger arguments for their respective storage (e.g. [EMC link]). You can also look for the latest announcement for the blog.   Regards, Benjamin ... View more

From the sent screenshots both errors regarding port binding and missing directory seem to originate from the Edge Server (where there should not be any DataNode from your first screenshots). Can you please double-check that you are not trying to run a DataNode on your Edge Node? The logs may not be relevant then.   From your other screenshot there might be a problem in the interconnection of DataNodes and NameNode. Can you please check the NameNode log? ... View more

Hi SS, you could try to declare the disks of the additional nodes as SSD-tier and flag the temporary data with One_SSD storage policy. This way, data should only reside on the declared "SSD-disks" and by that on the "burst nodes". However, keep in mind the performance implications when storing data only on a subset of your cluster. Jobs that primarily use that data might create more heavy network load and suffer from a lower aggregated IO bandwith thus leading to degraded performance. Regards, Benjamin ... View more

Hi, are you using an environment managed by Cloudera Manager? Setting parameters such as the secure datanode user should not be required when using the Cloudera-Manager-guided Kerberos path. Please refer to https://www.cloudera.com/documentation/enterprise/5-11-x/topics/cm_sg_intro_kerb.html   Please note that using root for Datanodes was required in HDFS to bind to privileged ports (<1024) in order to protect against attackers spinning up rouge DataNodes inside of YARN jobs. With SASL protection and SSL this is not required anymore and the user is "hdfs" again.   Regards Benjamin ... View more

Nope Sentry is set up and all other grants work. It is only the SELECT GRANT that makes problems and does not work in Impala. ... View more

Hi,   I am using the same user for the access both from Hive and Impala. Besides, both users are in the Sentry admin group list.   Best Benjamin ... View more

Quite strangely, the same GRANT Query seems to work when running through HiveServer2 (e.g. using beeline). Is this an Impala Bug? ... View more

Yes, there is. In Spark 2.x set the parameter "spark.ui.killEnabled" to false in "Custom spark2-defaults" / spark-defaults.conf. ... View more

Did you authenticate using Keytabs or using a password-based kinit? Could you please send the result of "klist" and "klist -kte <keytab-file>" ... View more

Hi @Jinyu Li your issue is likely produced by Hive Permission Inheritance. After creating the tables, the Sqoop app tries to change the owner/mode of the created HDFS files. Ranger permissions (even rwx) do not give rights to change POSIX owner/mode, which is why the operation fails. Such failure is classified as "EXECUTE" action by Ranger. You can find more details in the HDFS Audit log, stored locally on the NameNode. Solution: Could you please try to set "hive.warehouse.subdir.inherit.perms" to false and re-run the job? This stops Hive Imports from trying to set permissions, which is fine when Ranger is the primary source of authorization. see https://cwiki.apache.org/confluence/display/Hive/Permission+Inheritance+in+Hive for more details. Best, Benjamin ... View more