Member since
09-10-2016
82
Posts
6
Kudos Received
9
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
6470 | 08-28-2019 11:07 AM | |
5985 | 12-21-2018 05:59 PM | |
3098 | 12-10-2018 05:16 PM | |
2586 | 12-10-2018 01:03 PM | |
1692 | 12-07-2018 08:04 AM |
12-13-2018
01:12 PM
Hi @Sigmund Broele, Would you please check if the below properties set properly. In "Advanced core-site"
hadoop.security.key.provider.path
In "Advanced hdfs-site"
dfs.encryption.key.provider.uri
In "Ranger KMS Service > Custom kms-site.xml
hadoop.kms.proxyuser.hive.hosts=*
hadoop.kms.proxyuser.hive.groups=*
... View more
12-13-2018
10:29 AM
@Sajesh PP Are you able to list the keys using above method?If so, please login and accept the answer.
... View more
12-12-2018
10:45 AM
@VinayPlease login and accept the answer if you find this helpful. Thanks
... View more
12-11-2018
12:35 PM
Hi @Ankita Ghate Check the principals in kdc server $kadmin.local
Authenticating as principal root/admin@<realm> with password.
kadmin.local: listprincsK/M@<realm>
kadmin/admin@<realm>
kadmin/changepw@<realm>
kadmin/KDC_SERVER_FQDN@<realm>
kiprop/KDC_SERVER_FQDN@<realm>
krbtgt/TEST.COM@TEST.COM Must create a admin principal for enabling kerberos from ambari $kadmin.local
$kadmin.local: addprinc admin/admin@<realm>
WARNING: no policy specified for root/admin@<realm>; defaulting to no policy
Enter password for principal "admin/admin@<realm>":<password>
Re-enter password for principal "admin/admin@<realm>":<password>
Principal "admin/admin@<realm>" created. While enabling the kerberos from ambari, use the below principal and corresponding password Admin principal : admin/admin@<realm>
admin password : <password> Try manual kinit of the same principal on ambari-server machine like, kinit admin/admin@REALM
Password: ******* Check if above is working fine. Also, you can refer the below thread which talk about adding the credential using API call as temporary or Permanent https://community.hortonworks.com/articles/42927/adding-kdc-administrator-credentials-to-the-ambari.html Hope this helps!
... View more
12-11-2018
10:58 AM
Hi @Sajesh PP, Could you please try to add new user to KMS policy and grant the permissions. Login as keyadmin -> Access Manager -> Click the KMS service -> Edit "all-keyname" policy -> add newly created user in select user section. Hope this helps!! Please login and accept the answer if you find this answer helpful. Thanks
... View more
12-10-2018
05:16 PM
1 Kudo
Hi @Sajesh PP, To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.
Hope this helps! Please login and accept the answer if you find this answer helpful. Thanks
... View more
12-10-2018
01:03 PM
2 Kudos
Hi @Vinay, It's seems to be an issue with stale WAL splits, try removing WAL's from below hdfs location and restart the Hbase and region services. /apps/hbase/data/WALs/ Please note that, removing them is almost never an ideal situation unless there is no data in HBase.
... View more
12-07-2018
08:04 AM
We have Ranger KMS installed in our cluster. Somehow, ranger kms was in stale config state. I have restarted the Ranger KMS service and hive service check run is fine now.
... View more
12-06-2018
08:49 AM
Hi, I'm getting the below issue during hive service check run. 2018-12-06 08:21:38,426 - Running WEBHCAT checks
2018-12-06 08:21:38,426 - ---------------------
.
.
2018-12-06 08:16:07,624 - Retrying after 5 seconds. Reason: Execution of '/var/lib/ambari-agent/tmp/templetonSmoke.sh a767ca44d046.hkc.com ambari-qa 50111 idtest.ambari-qa.1544084165.41.pig /etc/security/keytabs/smokeuser.headless.keytab true /usr/bin/kinit ambari-qa-yrt_sec_hkt@HADOOP.CER.HKT.COM /var/lib/ambari-agent/tmp' returned 1. Templeton Smoke Test (ddl cmd): Failed. : {"error":"java.net.ConnectException: Connection refused (Connection refused)"}http_code <500>
Templeton Smoke Test (ddl cmd): Failed. : {"error":"java.net.ConnectException: Connection refused (Connection refused)"}http_code <500>
I tried to execute the below command manually. [root@a767ca44d046 ~]# /var/lib/ambari-agent/tmp/templetonSmoke.sh a767ca44d046.hkc.com ambari-qa 50111 idtest.ambari-qa.1544084498.43.pig /etc/security/keytabs/smokeuser.headless.keytab true /usr/bin/kinit ambari-qa-yrt_sec_hkt@HADOOP.CER.HKT.COM /var/lib/ambari-agent/tmp
Templeton Smoke Test (ddl cmd): Failed. : {"error":"java.net.ConnectException: Connection refused (Connection refused)"}http_code <500> I have updated the below properties in custom core-site.xml in ambari but did not help. hadoop.proxyuser.HTTP.hosts=*
hadoop.proxyuser.HTTP.groups=*
webhcat.proxyuser.HTTP.groups=*
webhcat.proxyuser.HTTP.hosts=* Would you please help on this. Thank you.
... View more
Labels:
- Labels:
-
Apache Hive
11-30-2018
11:03 AM
Hi, @Veera Mundra, Glad that the issue is resolved. Since this is a different issue, I would suggest to open a new thread for this issue so that the main thread doesn't get deviated. I'm not sure of this issue, may be other experts can help on this. Thanks
... View more