Hi All,   I had implemented the Level 1 TLS encryption and which is working.   But, when I have implemented the Level 2 TLS encryption as per the steps given in below link https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_config_tls_auth.html#topic_3   I have started getting below error.   1. In cloudera-scm-agent log   [17/Aug/2017 07:24:50 +0000] 31094 MainThread agent ERROR Heartbeating to c018-srv1.e8sec.com:7182 failed. Traceback (most recent call last): File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/agent.py", line 1346, in _send_heartbeat self.max_cert_depth) File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/https.py", line 132, in __init__ self.conn.connect() File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect self.sock.connect((self.host, self.port)) File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect ret = self.connect_ssl() File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl return m2.ssl_connect(self.ssl) SSLError: certificate verify failed     2. In Cloudera-scm-Server Log   2017-08-17 07:51:04,118 WARN 118674289@agentServer-169:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: unknown_ca   I have tried by using verify_cert_file as well as by using verify_cert_dir. Can anybody please help me on the same, if I am missing something or anything else needed to be done to fix this issue.   I would be really thankful for any help on the same.   Thank you, Amit ... View more

Hi,   I have enabled the TLS level 1 encryption and after the same I am getting few errors in my log as per below;   1] Getting below error in My cloudera-scm-server.log   2017-08-16 14:56:56,261 INFO MainThread:com.cloudera.server.cmf.WebServerImpl: Cipher suite TLS_EMPTY_RENEGOTIATION_INFO_SCSV found. Allowing SSL/TLS renegotiations. 2017-08-16 14:56:56,288 INFO MainThread:com.cloudera.server.cmf.WebServerImpl: TLS web connections will use port: 7183 2017-08-16 14:56:56,292 INFO MainThread:com.cloudera.server.cmf.WebServerImpl: Plaintext web connections will use port: 7180 2017-08-16 14:56:56,337 INFO MainThread:com.cloudera.cmf.service.ServiceHandlerRegistry: Executing command GenerateCredentials BasicCmdArgs{args=[]}. 2017-08-16 14:56:56,337 INFO MainThread:com.cloudera.server.cmf.Main: Generating credentials (command 4481) at startup 2017-08-16 14:56:56,393 INFO WebServerImpl:com.cloudera.enterprise.JavaMelodyFacade: No JavaMelody class net.bull.javamelody.SessionListener: net.bull.javamelody.SessionListener 2017-08-16 14:56:56,479 ERROR ParcelUpdateService:com.cloudera.parcel.components.ParcelDownloaderImpl: Unable to retrieve remote parcel repository manifest java.util.concurrent.ExecutionException: java.net.ConnectException: Connection refused to http://serverip:8000/manifest.json at com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:297) at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:104) at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:399) at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:390) at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:352) at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink$Boss.connect(NioClientSocketPipelineSink.java:409) at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink$Boss.processSelectedKeys(NioClientSocketPipelineSink.java:366) at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink$Boss.run(NioClientSocketPipelineSink.java:282) at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102) at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.net.ConnectException: Connection refused to http://serverip:8000/manifest.json at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:100) ... 11 more Caused by: java.net.ConnectException: Connection refused at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:739) at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink$Boss.connect(NioClientSocketPipelineSink.java:404) at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink$Boss.processSelectedKeys(NioClientSocketPipelineSink.java:366) at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink$Boss.run(NioClientSocketPipelineSink.java:282) ... 3 more   2017-08-16 15:31:35,624 INFO 1922557741@scm-web-39:com.cloudera.server.web.cmf.AuthenticationFailureEventListener: Authentication failure for user: '__cloudera_internal_user__mgmt-EVENTSERVER-bdec96eb8ea18d0be431197fa05f0a3b' from CMhost       2] Getting below error in my cloudera-scm-agent.log   ERROR    Heartbeating to CMhostname:7182 failed. Connection refused Traceback (most recent call last): File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/agent.py", line 1346, in _send_heartbeat self.max_cert_depth) File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/https.py", line 132, in __init__ self.conn.connect() File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect self.sock.connect((self.host, self.port)) File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 181, in connect self.socket.connect(addr) File "<string>", line 1, in connect error: [Errno 111] Connection refused     ERROR    [1646-cloudera-mgmt-HOSTMONITOR] Failed to update   3] In Eventserver log file   2017-08-16 13:28:30,475 ERROR com.cloudera.cmf.eventcatcher.server.EventCatcherService: Error starting EventServer org.apache.lucene.store.LockObtainFailedException: Lock obtain timed out: NativeFSLock@/var/lib/cloudera-scm-eventserver/v3/write.lock   Can anybody please help me on the same, as I am not able to find out the proper solution for the same.   Thank you in advance.   Thanks, Amit   ... View more

Hi,   I had a cluster[CDH 5.8.2] in which I was using Impala and Kudu. Impala Parcel is downloaded from - http://archive.cloudera.com/beta/impala-kudu/parcels/latest/ I have upgraded this cluster to CDH 5.10 with cloudera manager 5.10.   Now, running the select verison() query on this upgraded cluster in Impala gives me below details;   impalad version 2.7.0-cdh5.10.0 RELEASE   However, in CDH 5.10 upgrade they mentioned the support for Imapal 2.8. I can not find the parcel for the Impala 2.8. Also, running the delete command on Impala table give me below error.   "ERROR: AnalysisException: Impala does not support modifying a non-Kudu table: default.impala_testtable"   Questions:   1. Can anybody suggest me how can I upgrade to Impala 2.8? Is there any parcel for the same or the one which I'm currently using is the latest?   2. As running delete command on Impala table gives me the error what is the alternative to delete data from existing impala table? However, the delete command works fine with Kudu tables.   Can anybody please help me on the same.   Thanks, Amit     ... View more

Hi,   I need to implement the  JDBC connection for Impala with username and password[I guess here username=host user on which Impala daemon is running and Password=corresponding user password] for our client cluster. As per my understanding we do not need to make any specific change in Impala server configs or on server for the same.   What I tried:   1. Cluster is without Kerberos. 2, Tried two types of drivers.    a] Driver Type 1]         JDBC:hive2 - When I uses connection string;                DriverManager.getConnection("jdbc:hive2://server:21050/default;","hostuser","password").         It does not work at all and ends in connection timeout.                     When I uses connection string;               DriverManager.getConnection("jdbc:hive2://server:21050/default;auth=noSasl;")          It works and gets connected to impala.        b] Driver Type 2]         JDBC:impala -              When I uses connection string;    DriverManager.getConnection("jdbc:impala://Server:21050/default;AuthMech=3;UID=hostuser;PWD=password")         It does not work at all and ends in connection timeout.           When I uses connection string;    DriverManager.getConnection("jdbc:impala://Server:21050/default;AuthMech=0;")          It works and gets connected to impala.     Questions:   1. For Implementing the Impala JDBC username & password based connection, is it mandatory to have either Kerberos or LDAP or Sentry Implented?   2. If not, then using JDBC with Impala local user credentials does need any additional parameters or change at the server level or change in Impala local user permission?    3. Can you please provide any example to implement it, like any server level or client level changes if my implementation is wrong.   Thank you in advance.   Amit     ... View more