Try below. Some times the ambari cluster environment variable security_enabled might still hold the value true and hence all services expect keytabs .   To validate the value of the environment variable  /var/lib/ambari-server/resources/scripts/configs.py -a get -l <ambari-server host> -t 8080 -n <cluster-name> -u <admin-user> -p <admin-password> -c cluster-env | grep security "security_enabled": "true", "smokeuser_keytab": "/etc/security/keytabs/smokeuser.headless.keytab"   /var/lib/ambari-server/resources/scripts/configs.py -a set -k security_enabled -v false -l <ambari-server host> -t 8080 -n <cluster name> -u <admin user> -p <admin password> -c cluster-env   Try setting that variable to false ... View more

@nilesh_shrimant    it seems you have some corrupt data. Could you please run the below    hdfs dfs -text <path> | tail 10 (this will help us to review whether you can read the data or not )   hdfs fsck <path of the file> -files -blocks -locations  ... View more

@cbfr  Before you decide whether the cluster has corrupt files can you check the replication factor? If it's set to 2 then that normal  The help option will give you a full list of sub commands $ hdfs fsck / ? fsck: can only operate on one path at a time '?' The list of sub command options $ fsck <path> [-list-corruptfileblocks | [-move | -delete | -openforwrite] [-files [-blocks [-locations | -racks | -replicaDetails | -upgradedomains]]]] [-includeSnapshots] [-showprogress] [-storagepolicies] [-maintenance] [-blockId <blk_Id>] start checking from this path -move move corrupted files to /lost+found -delete delete corrupted files -files print out files being checked -openforwrite print out files opened for write -includeSnapshots include snapshot data of a snapshottable directory -list-corruptfileblocks print out list of missing blocks and files they belong to -files -blocks print out block report -files -blocks -locations print out locations for every block -files -blocks -racks print out network topology for data-node locations -files -blocks -replicaDetails print out each replica details -files -blocks -upgradedomains print out upgrade domains for every block -storagepolicies print out storage policy summary for the blocks -maintenance print out maintenance state node details -showprogress show progress in output. Default is OFF (no progress) -blockId print out which file this blockId belongs to, locations (nodes, racks)   It would be good to first check for corrupt files and then run the delete    $ hdfs fsck / -list-corruptfileblocks Connecting to namenode via http://mackenzie.test.com:50070/fsck?ugi=hdfs&listcorruptfileblocks=1&path=%2F ---output-- The filesystem under path '/' has 0 CORRUPT files A simple demo here my replication factor is 1  see above screenshot when I create a new file in hdfs the default repélication factor is set to 1 $ hdfs dfs -touch /user/tester.txt Now to check the replication fact  see the number 1 before the group:user hdfs:hdfs $ hdfs dfs -ls /user/tester.txt -rw-r--r-- 1 hdfs hdfs 0 2020-10-18 10:21 /user/tester.txt   Hope that helps            ... View more

@sgovi  I have just downloaded a Virtual box sandbox image and imported it into the VirtualBox successfully. In my configuration, I  enabled only one network card Bridge Adapter so it picks the IP from my LAN of 192.168.0.x   After uncompressing the Docker image, the initial screen shows it picked my local LAN IP which I used to access the browser CLI as shown below.  Make sure you update your  windows hosts file in C:\Windows\System32\drivers\etc  Using the above  URL  change the initial  root and Ambari passwords see steps I completed the below steps changing the initial root password Hadoop and then reset the Ambai user password. Once that is successful is starts the Ambari server    sandbox-hdp login: root root@sandbox-hdp.hortonworks.com's password: You are required to change your password immediately (root enforced) Last login: Sat Oct 17 20:21:47 2020 Changing password for root. (current) UNIX password: New password:   Ambari user password reset steps   ambari-admin-password-reset Please set the password for admin: Please retype the password for admin: The admin password has been set. Restarting ambari-server to make the password change effective... Using python /usr/bin/python Restarting ambari-server Waiting for server stop... Ambari Server stopped Ambari Server running with administrator privileges. Organizing resource files at /var/lib/ambari-server/resources... Ambari database consistency check started... Server PID at: /var/run/ambari-server/ambari-server.pid Server out at: /var/log/ambari-server/ambari-server.out Server log at: /var/log/ambari-server/ambari-server.log Waiting for server start................................ Server started listening on 8080 DB configs consistency check: no errors and warnings were found.   Using the Local IP given to the VirtualBox from my LAN,I could access Ambari with the new password I reset above and restarted all serive though some were running. Can you confirm you followed those steps and still failed?? Happy hadooping ... View more

Hi and thank you for your reply! Reading the logs of kafka i found that the controller was null, due to a enabling-desabling kerberos error. After cancelling the znode and restart kafka, i am able now to start kafka connect correctly. Also i configured debezium plugin and i have all the data of the mysql server in kafka topic. However i am not able to configure correctly the hdfssink connector to convert kafka topic in hive table. Can you please help me? @Shelton  ... View more

Thanks for your reply mate, but i know where to find this config, but i can't change it every time because ambari does have its main configuration and when ambari start hbase then it will replace config, so i need to change it by ambari or change directly in config wherever ambari store its service's configuratio. ... View more

little question   why just not stop the service - HDFS on each new data node  and set it to maintenance mode ? ... View more

I am getting the same output when performing command ls /hiveserver2 Any possible solution acquired? ... View more

@lxs    I have helped resolve this kind of issue a couple of times. Can you help with screenshots of your configuration of the sandbox? Memory Network  Splash screen After restarting the sandbox and any other screenshot you deem important ... View more

@vinod_artga    The first step is to check the Cloudera upgrade path using the My environment matrix calculator See screenshot below     After filling in all the information request this generates for you a report and warnings like Warning Upgrades from CDH 5.12 and lower to  CDP Private Cloud Base  are not supported. You must upgrade the cluster to CDH versions 5.13 - 5.16 before upgrading to  CDP Private Cloud Base . Warning For upgrades from CDH 5 clusters with Sentry to Cloudera Runtime 7.1.1 (or higher) clusters where Sentry privileges are to be transitioned to Apache Ranger, the cluster must have Kerberos enabled before upgrading It also gives you comprehensive details about the best approach and component incompatibilities, this is your source of true I would suggest you try it and revert HTH ... View more

@pazufst                                                                  How Ranger policies work for HDFS Apache Ranger offers a federated authorization model for HDFS. Ranger plugin for HDFS checks for Ranger policies and if a policy exists, access is granted to user. If a policy doesn’t exist in Ranger, then Ranger would default to the native permissions model in HDFS (POSIX or HDFS ACL). This federated model is applicable for HDFS and Yarn service in Ranger. For other services such as Hive or HBase, Ranger operates as the sole authorizer which means only Ranger policies are in effect. The option for the fallback model is configured using a property in Ambari → Ranger → HDFS config → Advanced ranger-hdfs-security   xasecure.add-hadoop-authorization=true   The federated authorization model enables to safely implement Ranger in an existing cluster without affecting jobs that rely on POSIX permissions to enable this option as the default model for all deployments. org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=XXXXX, access=READ, inode="/user/.snapshot/user_201806150000":w93651:hdfs:drwx------ Is self-explanatory does the user w93651 exist on both clusters with valid Kerberos tickets if the cluster is kerberized? Ensure the CROSS-REALM is configured and working.   Is your ranger managing the 2 clusters? HTH ... View more

Hello @Shelton    Any suggestions ? My only doubt is, As other nodemanagers are running fine in the cluster why these newly added nodemanagers were going to unknown state?   Regards, Vinod ... View more

Thanks for your reply. I have already tried but still getting the same error.   ... View more

@wert_1311  Domain name changes will affect the KDC database. Kerberos is super sensitive to domain changes according to experience you will have to recreate the KDC database and regenerate the keytabs/principals to enable you applications to reconnect. Cluster hostname If the hosts in the cluster were re-named ie host1.old.com to host1.new.com then ensure those changes are also reflected or resolved by the DNS.   This is going a tricky one but fortunately, CM or Ambari will make your work easy now that your domain has changed the earlier generated keytabs have the old domain name . A keytab contains a pair of principals and an encrypted copy of that principal's key it's unique to each host since the principal names include the hostname and may be concatenated with the domain name Delete the old KDC database Usually, as the root user call the Kerberos database utility kdb5_util destroy assuming the old domain was OLD.COM this should delete the keytabs and principals linked to the old REALM,   # kdb5_util -r OLD.COM destroy You will need to manually delete the keytabs liked to the old REALM on the file system /etc/security/keytabs/ [HDP] or /etc/hadoop/conf/[CDH]. You will be prompted to confirm before destroying the database, usually, this is a better option if you have second thought rather than using the kdb5_util destroy -f will naturally not prompt you for a confirmation   Recreate the New KDC database Use the Kerberos database utility kdb5_util create [-s] assuming the new domain was NEW.COM # kdb5_util NEW.COM create # kdb5_util -r NEW.COM create -s With the -s option, kdb5_util will stash a copy of the master key in a stash file this allows a KDC to authenticate itself to the database utilities, such as kadmin, kadmind, krb5kdc, and kdb5_util best option.   Update Kerberos files. Make sure you update the below files to reflect the new REALM assuming your MIT KDC server's domain isn't changed. krb5.conf kdc.conf kadm5.acl Auth-to-local Rules jaas.conf files [if being used by applications] Enable Kerberos Using CM or Ambari the process is straight forward.   Please let me know if you need more help   ... View more

@npdell curious to know if you have fixed the above issue and what you did.   ... View more

I think the reality is now that both are great technologies and the overlap in use cases is pretty big - there are a lot of SQL workloads where either can work.   I just wanted to clarify a few points.   Impala does support querying complex types from Parquet - https://docs.cloudera.com/documentation/enterprise/latest/topics/impala_complex_types.html   We also are working on a transparent query retry feature in Impala that should be released soon. ... View more

@BBFayz  Below is the link with all the passwords you could be interested in. The default root password by default is root/hadoop but you will be requested to change that on the first logon   Sandbox passwords  learning rope Setup Static IP on RHEL Hope that helps ... View more

Hi @Shelton    Could you please help me.   Thanks, Vinod ... View more

While starting Hortonworks sandbox it gets stuck on "extracting and loading the hortonworks sandbox..." And after some times it shows the message of critical error or sometimes it says "your system has ran into an error we'll restart it" ... View more