Member since
01-19-2017
3676
Posts
632
Kudos Received
372
Solutions
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 589 | 06-04-2025 11:36 PM | |
| 1138 | 03-23-2025 05:23 AM | |
| 572 | 03-17-2025 10:18 AM | |
| 2154 | 03-05-2025 01:34 PM | |
| 1350 | 03-03-2025 01:09 PM |
04-03-2017
10:58 PM
Resolved Here we go, the CA signed certificate $ambari_server_fqdn.crt to replaces the crt generated during the selfsigned test phase and the private key generated during the CSR creation is $ambari_server_fqdn.key copy the .crt and .keys, Ambari stores the ssl config in /etc/lib/ambari_server ........
# cp /etc/ambari-server/certs/$ambari_server_fqdn.crt /var/lib/ambari-server/keys/https.crt
# cp /etc/ambari-server/certs/$ambari_server_fqdn.key /var/lib/ambari-server/keys/https.key After copying the above ccert and key to the destinations,restart the ambari-server # service ambari-server restart
The Ambari should trust your CA signed
Import to the trust keystore -destkeypass should be adapted to your environment.
1: convert
$openssl pkcs12 -export -in /etc/ambari-server/certs/$ambari_server_fqdn.crt -inkey /etc/ambari-server\
/certs/$ambari_server_fqdn.key -out /etc/ambari-server/certs/$ambari_server_fqdn.p12 -name \
$ambari_server_fqn 2:import keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /etc/ambari-server\
/certs/$ambari_server_fqdn.jks -srckeystore /etc/ambari-server/certs/$ambari_server_fqdn.p12 \
-srcstoretype PKCS12 -srcstorepass changeit -alias $ambari_server_fqdn
3: After import to trustore remove the .p12 key no longer needed rm /etc/ambari-server/certs/$ambari_server_fqdn.p12
... View more
03-22-2017
12:41 PM
1 Kudo
We got the solution at the same time but I will give you the points it isn't fare to give myself 🙂
... View more
03-22-2017
12:38 PM
Hi all, Problem resolved I grabbed a new kerberos ticket and started solr root@nuveb:/opt/lucidworks-hdpsearch/solr# bin/solr start
Waiting up to 30 seconds to see Solr running on port 8983 [/]
Started Solr server on port 8983 (pid=5214). Happy searching! Thanks
... View more
03-22-2017
12:22 PM
Hi all, Our cluster just got rebooted by a remote user, all is back to normality but the solr instance cant start it complaining for missing xml. Here is the log can someone help out I am stuck for 3 hours now root@nuveb:/var/log/solr# cat solr_log_20170322_1046
2017-01-23 16:08:34,915 [main] INFO [ ] org.eclipse.jetty.util.log.Log (Log.java:186) - Logging initialized @359ms
2017-01-23 16:08:35,064 [main] INFO [ ] org.eclipse.jetty.server.Server (Server.java:327) - jetty-9.2.13.v20150730
2017-01-23 16:08:35,093 [main] WARN [ ] org.eclipse.jetty.server.handler.RequestLogHandler (RequestLogHandler.java:137) - !RequestLog
2017-01-23 16:08:35,097 [main] INFO [ ] org.eclipse.jetty.deploy.providers.ScanningAppProvider (ScanningAppProvider.java:133) - Deployment monitor [file:/opt/lucidworks-hdpsearch/solr/server/contexts/] at interval 0
2017-01-23 16:08:35,312 [main] INFO [ ] org.eclipse.jetty.webapp.StandardDescriptorProcessor (StandardDescriptorProcessor.java:297) - NO JSP Support for /banana, did not find org.eclipse.jetty.jsp.JettyJspServlet
2017-01-23 16:08:35,353 [main] INFO [ ] org.eclipse.jetty.server.handler.ContextHandler (ContextHandler.java:744) - Started o.e.j.w.WebAppContext@50eac852{/banana,file:/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp-banana-1.6.0/banana-webapp/webapp/,AVAILABLE}{/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp-banana-1.6.0/banana-1.6.0.war}
2017-01-23 16:08:35,609 [main] INFO [ ] org.eclipse.jetty.webapp.StandardDescriptorProcessor (StandardDescriptorProcessor.java:297) - NO JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet
2017-01-23 16:08:35,613 [main] WARN [ ] org.eclipse.jetty.security.ConstraintSecurityHandler (ConstraintSecurityHandler.java:807) - ServletContext@o.e.j.w.WebAppContext@198b6731{/solr,file:/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp/,STARTING}{/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp} has uncovered http methods for path: /
2017-01-23 16:08:35,626 [main] INFO [ ] org.apache.solr.servlet.SolrDispatchFilter (SolrDispatchFilter.java:91) - SolrDispatchFilter.init(): WebAppClassLoader=2087258327@7c6908d7
2017-01-23 16:08:35,650 [main] INFO [ ] org.apache.solr.core.SolrResourceLoader (SolrResourceLoader.java:781) - JNDI not configured for solr (NoInitialContextEx)
2017-01-23 16:08:35,650 [main] INFO [ ] org.apache.solr.core.SolrResourceLoader (SolrResourceLoader.java:793) - using system property solr.solr.home: /etc/solr/data_dir
2017-01-23 16:08:35,651 [main] INFO [ ] org.apache.solr.core.SolrResourceLoader (SolrResourceLoader.java:170) - new SolrResourceLoader for directory: '/etc/solr/data_dir'
2017-01-23 16:08:35,652 [main] INFO [ ] org.apache.solr.core.SolrResourceLoader (SolrResourceLoader.java:781) - JNDI not configured for solr (NoInitialContextEx)
2017-01-23 16:08:35,652 [main] INFO [ ] org.apache.solr.core.SolrResourceLoader (SolrResourceLoader.java:793) - using system property solr.solr.home: /etc/solr/data_dir
2017-01-23 16:08:35,670 [main] INFO [ ] org.apache.solr.common.cloud.SolrZkClient (SolrZkClient.java:211) - Using default ZkCredentialsProvider
2017-01-23 16:08:35,701 [main] INFO [ ] org.apache.solr.common.cloud.ConnectionManager (ConnectionManager.java:192) - Waiting for client to connect to ZooKeeper
2017-01-23 16:08:36,080 [zkCallback-1-thread-1] INFO [ ] org.apache.solr.common.cloud.ConnectionManager (ConnectionManager.java:102) - Watcher org.apache.solr.common.cloud.ConnectionManager@4668cbcb name:ZooKeeperConnection Watcher:10.176.69.1:2181,10.176.69.9:2181 got event WatchedEvent state:SyncConnected type:None path:null path:null type:None
2017-01-23 16:08:36,080 [main] INFO [ ] org.apache.solr.common.cloud.ConnectionManager (ConnectionManager.java:210) - Client is connected to ZooKeeper
2017-01-23 16:08:36,081 [main] INFO [ ] org.apache.solr.common.cloud.SolrZkClient (SolrZkClient.java:227) - Using default ZkACLProvider
2017-01-23 16:08:36,087 [main-SendThread(10.176.69.1:2181)] ERROR [ ] org.apache.zookeeper.client.ZooKeeperSaslClient (ZooKeeperSaslClient.java:384) - An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state.
2017-01-23 16:08:36,087 [main-SendThread(10.176.69.1:2181)] ERROR [ ] org.apache.zookeeper.ClientCnxn$SendThread (ClientCnxn.java:1015) - SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state.
2017-01-23 16:08:36,088 [zkCallback-1-thread-1] INFO [ ] org.apache.solr.common.cloud.ConnectionManager (ConnectionManager.java:102) - Watcher org.apache.solr.common.cloud.ConnectionManager@4668cbcb name:ZooKeeperConnection Watcher:10.176.69.1:2181,10.176.69.9:2181 got event WatchedEvent state:AuthFailed type:None path:null path:null type:None
2017-01-23 16:08:36,088 [zkCallback-1-thread-1] WARN [ ] org.apache.solr.common.cloud.ConnectionManager (ConnectionManager.java:171) - zkClient received AuthFailed
2017-01-23 16:08:36,197 [main] ERROR [ ] org.apache.solr.servlet.SolrDispatchFilter (SolrDispatchFilter.java:116) - Could not start Solr. Check solr/home property and the logs
2017-01-23 16:08:36,225 [main] ERROR [ ] org.apache.solr.common.SolrException (SolrException.java:159) - null:org.apache.solr.common.SolrException: Error occurred while loading solr.xml from zookeeper
at org.apache.solr.servlet.SolrDispatchFilter.loadNodeConfig(SolrDispatchFilter.java:159)
at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:131)
at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:109)
at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:852)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:298)
at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1349)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1342)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:505)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41)
at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:186)
at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:498)
at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:146)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180)
at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:461)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64)
at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:609)
at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:528)
at org.eclipse.jetty.util.Scanner.scan(Scanner.java:391)
at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:313)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:150)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:560)
at org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:235)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1255)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1174)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:321)
at org.eclipse.jetty.start.Main.start(Main.java:817)
at org.eclipse.jetty.start.Main.main(Main.java:112)
Caused by: org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /solr.xml
at org.apache.zookeeper.KeeperException.create(KeeperException.java:123)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.exists(ZooKeeper.java:1045)
at org.apache.solr.common.cloud.SolrZkClient$5.execute(SolrZkClient.java:311)
at org.apache.solr.common.cloud.SolrZkClient$5.execute(SolrZkClient.java:308)
at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:60)
at org.apache.solr.common.cloud.SolrZkClient.exists(SolrZkClient.java:308)
at org.apache.solr.servlet.SolrDispatchFilter.loadNodeConfig(SolrDispatchFilter.java:153)
... 43 more
2017-01-23 16:08:36,225 [main] INFO [ ] org.apache.solr.servlet.SolrDispatchFilter (SolrDispatchFilter.java:123) - SolrDispatchFilter.init() done
2017-01-23 16:08:36,228 [main] INFO [ ] org.eclipse.jetty.server.handler.ContextHandler (ContextHandler.java:744) - Started o.e.j.w.WebAppContext@198b6731{/solr,file:/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp/,AVAILABLE}{/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp}
2017-01-23 16:08:36,236 [main] INFO [ ] org.eclipse.jetty.server.AbstractConnector (AbstractConnector.java:266) - Started ServerConnector@6caf0677{HTTP/1.1}{0.0.0.0:8983}
2017-01-23 16:08:36,237 [main] INFO [ ] org.eclipse.jetty.server.Server (Server.java:379) - Started @1683ms
2017-03-22 10:42:09,937 [ShutdownMonitor] INFO [ ] org.eclipse.jetty.server.AbstractConnector (AbstractConnector.java:306) - Stopped ServerConnector@6caf0677{HTTP/1.1}{0.0.0.0:8983}
2017-03-22 10:42:09,947 [ShutdownMonitor] INFO [ ] org.eclipse.jetty.server.handler.ContextHandler (ContextHandler.java:865) - Stopped o.e.j.w.WebAppContext@198b6731{/solr,file:/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp/,UNAVAILABLE}{/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp}
2017-03-22 10:42:09,949 [ShutdownMonitor] INFO [ ] org.eclipse.jetty.server.handler.ContextHandler (ContextHandler.java:865) - Stopped o.e.j.w.WebAppContext@50eac852{/banana,file:/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp-banana-1.6.0/banana-webapp/webapp/,UNAVAILABLE}{/opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp-banana-1.6.0/banana-1.6.0.war}
... View more
Labels:
- Labels:
-
Apache Solr
03-15-2017
07:16 AM
I have created self signed certificates (.csr and .key) for my Ambari and Ranger in a kerberized environment all is working fine.We just order CA signed certificates ,so my question is how to I just repalce these self signed certificates with too much reconfiguration.
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Ranger
02-21-2017
03:03 AM
@ Raja Sekhar Chintalapati Of course if you setup a KDC the keytabs are valid but you need to grab a valid one to proceed! Get the list of keytabs List all valid keytabs $ ls /etc/security/keytabs List valid principals for this keytab $ klist -kt /etc/security/keytabs/hive.service.keytab
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
1 02/02/17 23:00:12 hive/Ambari-Host_name@YOUR_REALM.COM
1 02/02/17 23:00:12 hive/Ambari-Host_name@YOUR_REALM.COM Grab a valid ticket $ kinit -kt /etc/security/keytabs/hive.service.keytab hive/Ambari-Host_name@YOUR_REALM.COM Check validity $ klist Ticket cache: FILE:/tmp/krb5cc_504
Default principal: hive/Ambari-Host_name@YOUR_REALM.COM
Valid starting Expires Service principal
02/10/17 01:32:45 02/11/17 01:32:45 krbtgt/YOUR_REALM.COM@YOUR_REALM.COM
renew until 02/10/17 01:32:45 Grab a valid ticket $ kinit -kt /etc/security/keytabs/hive.service.keytab hive/Ambari-Host_name@YOUR_REALM.COM This should have been the correct connect string if you had a valid ticket beeline -u jdbc:hive2://hiveServer2_hostname:10000;principal=hive/Keytab@PRINCIPAL With the above you should successfully log on and execute your HQL
... View more
02-04-2017
09:36 PM
@Aditya Mamidala Here is a good reference for manually setting the YARN memory parameters
... View more
02-02-2017
05:39 PM
@Aditya Mamidala Can you give a little background of your Cluster or node ? From your input it seems you are an Ambari or Cloudera Manager managed hadoop installation. application managed by YARN ? when you start with shell scripts that it is a manually installed Hadoop otherwise you should do all changes and stop/start through Ambari or cloudera Manager. With more details the community will defintitely come to your rescue !
... View more
02-01-2017
05:28 PM
1 Kudo
@Ram Charan Tej Changing the standard HDP installation directories can cause problems during upgrade and normal debugging . I had some issues in changing log directories for Ranger Admin and Ranger usersync and resolved it with symlinks. But I think its doable.
... View more
02-01-2017
05:16 PM
1 Kudo
@rakesh kumar Granting insert,update,delete,select on table x to user1 is more granular level security there are usually many application users with different levels of privileges accessing the same table x in a database. I could run grant select on table x to user2 ; this user will only have as the statements say ONLY select on tablex, Whereas the grant insert,update,delete,select on database db1 to user user1; Gives user1 the precedent privileges to all tables in database db1. To limit select ONLY to user2 I would run the below grant select on database db1 to user user2; Having said that database management is easier using roles otherwise management of user privileges can become a headache.
... View more