About andyboxer

andyboxer · ‎10-27-2017

We are having this issue too, We have been advised by our security analysts that although this nominally presents a low risk, when the consequences of a breach are of a certain proportion this should be addressed. I have searched around for guidance but found nothing I can apply except the following: adding this property to ssl_security.xml <property> <name>ssl.server.exclude.cipher.list</name> <value>TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5 | SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 | TLS_KRB5_EXPORT_WITH_RC4_40_SHA | TLS_KRB5_EXPORT_WITH_RC4_40_MD5 </value> <description>Optional. The weak security cipher suites that you want excluded from SSL communication.</description> </property> however there seems to be no mechanism by which I can apply this property. Please could someone advise on how we can affect this change.

andyboxer · ‎10-24-2016

I am also trying to download the KTS and KMS parcels via the specified urls: http://www.cloudera.com/content/www/en-us/downloads/navigator/key-trustee-server.html http://www.cloudera.com/content/www/en-us/downloads/navigator/key-trustee-kms.html I have a developer license and I have logged into my account and attempted to download the parcels I am not able to do this and receive an access denied message. Is it the case that the developer license whilst it enables the Nav features in the Cloudera Manager still does not give access to the KTS software? I am following the instructions for setting up KTS/KMS and am attempting to set up an internal repository for parcels as instructed, I have tried using the parcel from the standard parcels list in Cloudera Manager but this does not seem to provide all the required software. Please can someone let me know how I can evaluate the KTS software using a developer license. Regards, Andy

andyboxer · ‎10-22-2016

Hi Ben, We don't want to get this in order to reference the cluster but in order to uniquely name our services across different clusters. We would like to be able to reliably assign an index to service names within our clusters in a manner similar to the way in which Cloudera Manager does, it seems to use the database ID for each cluster to append to services names. If it is not possible to obtain the cluster ID from the API then that is fine and we will have to persist with our workaround for now but being able to obtain the cluster ID would solve the issue of service naming in a much more consistent and robust way. I hope this explains our use case sufficiently, if there are other ways of naming services so service names remain unique across clusters in a predictable fashion please let us know. Regards, Andy

andyboxer · ‎10-20-2016

Thanks for the help folkes, It is the unique database ID that I would like to get but I'd like to get it from the CM api without accessing the db as this would require me to distribute the db credentials which is just not possible given my security constraints. I have a work around currently which is to take the id from an enumerated list of clusters returned by the cm api, but this is not ideal and presumes that a cluster will never be removed. Any further help greatly appreciated.

andyboxer · ‎10-17-2016

I'm running some Ansible scripts to configure a Cloudera Cluster. I have come across an issue whilst creating services in multiple clusters which I would like to resolve by fetching the cluster database ID from the Cloudera Manager so that I can use this in the service name postfix in the same way that manual GUI installations do. I have tried to find this ID in the config output of all levels of the cluster, Manager, manager service, cluster, service, role and have been unable to get to it. The only time it has been returned from the manager was during an error response whlist trying to add a service to a cluster with a name that already existed for that service in a different cluster, whilst I could force this error and parse the exception message, this is far from an ideal solution. Please could someone let me know if this piece of cluster configuration data is available via the CM API and if so which call should I use to retrieve it. If it is not possible to get the ID from any CM API source how future proof would the solution proposed be, i.e. forcing the error and parsing the error message to get the cluster DB id? Any help in this would be greatly appreciated.

andyboxer · ‎10-04-2016

Hi Laideepak, There are some excellent courses available here https://www.edx.org/ these can be studied free of charge or you may pay to earn a signed certificate

andyboxer · ‎09-30-2016

Hello Folkes, I am a developer at Sainsbury's currently working to provide a corporate hadoop data warehouse and processing ecosystem using pretty much the entire Cloudera stack. I studied Computer Science at the University of Necastle upon Tyne many moons ago and have worked in IT for about thirty years. I have written systems integration services, ETL services, b2b interfaces and web services in various languages including C++, PHP, Python and Java I'm currently learning a lot about the Hadoop eco system and am enjoying learning Scala and spark. I hope that I will learn together with you folkes and hope that I will be able to contribute in some way to your efforts to get to grips with this nebulous subject. Bon voyage, Andy

Online	Offline
Last Visited	‎11-06-2017 08:34 AM

Date Registered	‎09-29-2016 06:34 AM
Last Visited	‎11-06-2017 08:34 AM
Total Messages Posted	5

Re: How to restrict TLS versions and ciphers allow...

Re: KTS Installation as parcel

Re: Cluster Database ID

Re: Cluster Database ID

Cluster Database ID

Re: INTRODUCE YOURSELF: Please Reply here to tell ...

Re: INTRODUCE YOURSELF: Please Reply here to tell ...