Member since
12-07-2018
29
Posts
0
Kudos Received
0
Solutions
12-31-2019
08:30 AM
[root@scaj43bda05 1238-hbase-MASTER]# cat /etc/passwd | grep hbase hbase:x:483:480:HBase:/var/lib/hbase:/bin/false [root@scaj43bda05 1238-hbase-MASTER]# vi /etc/passwd [root@scaj43bda05 1238-hbase-MASTER]# sudo su hbase -l [hbase@scaj43bda05 ~]$ cat /etc/passwd | grep hbase hbase:x:483:480:HBase:/var/lib/hbase:/bin/bash [hbase@scaj43bda05 ~]$ Should we change it to /bin/bash
... View more
Labels:
- Labels:
-
Apache HBase
12-27-2019
10:24 AM
Kindly correct if wrong 1) If Active NameNode1 crashes, then after ha.health-monitor.rpc-timeout.ms seconds, NameNode2 will try to become Active. No, Every 2000ms zookeeper "ticktime" setting to do heartbeats and the minimum session timeout will be twice the tickTime. The new entry, initLimit is timeouts ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader. The entry syncLimit limits how far out of date a server can be from a leader. Failover controller running on namenode1 and namenode2 check/does the health monitoing and ZKFC property for monitorHealth RPC timeouts are set by parameter ha.health-monitor.rpc-timeout.ms(Timeout for the actual monitorHealth() calls) ha.health-monitor.rpc-timeout.ms parameter means Timeout for the actual monitorHealth() calls. Kindly remember this setting is for timeout of health monitor calls 2) If active node crashes, then after dfs.ha.fencing.ssh.connect-timeout seconds NameNode2 will try to become Active. Answer - The above statement is incorrect dfs.ha.fencing.ssh.connect-timeout is only applicable when dfs.ha.fencing.methods is selected or mentioned as "sshfence" But in cloudera default dfs.ha.fencing.methods is mentioned as shell(true) The transition from the active namenode to the standby is managed by a new entity in the system called the failover controller. Failover controllers are pluggable, but the first implementation uses ZooKeeper to ensure that only one namenode is active. Each namenode runs a lightweight failover controller process whose job it is to monitor its namenode for failures (using a simple heartbeating mechanism) and trigger a failover on namenode failure. Failover may also be initiated manually by an administrator, in the case of routine maintenance, for example. This is known as a graceful failover, since the failover controller arranges an orderly transition for both namenodes to switch roles. In the case of an ungraceful failover, however, it is impossible to be sure that the failed namenode has stopped running. For example, a slow network or a network partition can trigger a failover transition, even though the previously active namenode is still running, and thinks it is still the active namenode. The HA implementation goes to great lengths to ensure that the previously active namenode is prevented from doing any damage and causing corruption—a method known as fencing. The system employs a range of fencing mechanisms, including killing the namenode’s process, revoking its access to the shared storage directory (typically by using a vendor-specific NFS command), and disabling its network port via a remote management command. As a last resort, the previously active namenode can be fenced with a technique rather graphi- cally known as STONITH, or “shoot the other node in the head”, which uses a specialized power distribution unit to forcibly power down the host machine. Client failover is handled transparently by the client library. The simplest implementation uses client-side configuration to control failover. The HDFS URI uses a logical hostname which is mapped to a pair of namenode addresses (in the configuration file), and the client library tries each namenode address until the operation succeeds. Let's take an example - I have configured Hadoop HA cluster. If I kill Namenode process with command "kill -9 NameNodeProcessId" my standby node changes its state to active. But if I power off active node then standby node can't change its state to active because it trys to connect to the crashed node by using SSH. This parameter doesn't work: dfs.ha.fencing.ssh.connect-timeout 3000 It is 5 second by default. But even after 5 minutes standby node continue try to connect to crashed node. I set it manually for 3 second but it still doesn't work. So, if we just kill namenode process our cluster works but if we crash active node our cluster become unavailable. Since you powered off the Active NN machine, during fail-over SNN(Standby Namenode) timed out to connect to this machine and fencing is failed. Typically fencing methods should be configured to not to allow multiple writers to same shared storage. It looks like you are using 'QJM' and it supports the fencing feature on its own. i.e. it wont allow multiple writers at a time. So I think external fencing methods can be skipped. AFAIK, to improve the availability of the system in the event the fencing mechanisms fail, it is advisable to configure a fencing method which is guaranteed to return success. You can remove the SSH fencing method from both machines configuration. Please try the below shell based fence method just to skip SSH fence and restart the cluster. Then fail over will happen successfully. <property> <name>dfs.ha.fencing.methods</name> <value>shell(/bin/true)</value> </property>
... View more
12-23-2019
06:23 AM
1) How can I view the history of switching modes (standby/active) in namenode service? 2) After how long of active namenode unavailability, standby becomes active?
... View more
Labels:
- Labels:
-
Apache Hadoop
12-18-2019
03:29 AM
Error is: "Failed to upgrade cluster: The Cloudera Data Science Workbench service cannot be upgraded: the target version does not support the Cloudera Data Science Workbench service type. You might need to install a newer CSD that supports the target version, or remove this service." Trying to solve the problem we followed instructions from Cloudera document https://docs.cloudera.com/documentation/data-science-workbench/1-6-x/topics/cdsw_upgrade.html#cdh_5_to_6, but didn't help.
upgrade from CDH 5.14 to CDH 6.1.1
Actually we are on CDSW 1.6 and uploaded the CDSW 1.6 for CDH 6 following the instructions from Cloudera CDSW upgrade site, but still showing the same error
... View more
Labels:
11-22-2019
04:51 AM
In Kerberos cluster, zookeeper-client utility should ask for kinit of zookeeper principal however it is not happening(It is big security concern)
bug mentioned below in the post will be fixed at Zookeeper 3.6.0. And I have checked in latest release CDH6.2.1, Zookeeper version in CDH6.2.1 is 3.4.5 also, there still have this issue.
Would you show us which BDA version will include Zookeeper 3.6.0?
And is it possible to upgrade Zookeeper 3.4.5 to Zookeeper 3.6.0 independently in BDA?
Any remote zookeeper client can connect zookeeper server to read znode without authentication. I agree, there is way to enforce SASL authentication but currently there is no way to enforce authentication using the plugin mechanism. Enforcing authentication for that is more tricky since authentication can come any time later. This option doesn't drop the connection if there was no authentication. It is only throwing NoAuth for any operation until the Auth packet arrives.
As far as I know and understands, Security of zookeeper is "open" and if you want to create something "protected" you have to do it explicitly.
https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cdh_sg_zookeeper_security.html
Create a protected znode from within the ZooKeeper CLI. Make sure that you substitute YOUR-REALM as appropriate.
Example -
create /znode1 znode1data sasl:zkcli@{{YOUR-REALM}}:cdwra
Bugs and enhancements for your reference –
Proposal to ZooKeeper: authentication enforcement https://issues.apache.org/jira/browse/ZOOKEEPER-1634
Force authentication/authorization https://issues.apache.org/jira/browse/ZOOKEEPER-2462
https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cdh_sg_zookeeper_security.html
Zookeeper grants permissions through ACLs through different schemas or authentication methods, such as 'world', 'digest', or 'sasl' if we use Kerberos.
Here a sample in a Big Data Appliance.
[zk: localhost:2181(CONNECTED) 1] ls / [zookeeper, yarn-leader-election, hadoop-ha, rmstore, kmsZKRoot, zkdtsm, hive_zookeeper_namespace_hive, keytrustee, sentry] [zk: localhost:2181(CONNECTED) 2] getAcl /hadoop-ha 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 4] ls /hadoop-ha [templatecluster-ns, TOTO-ns] [zk: localhost:2181(CONNECTED) 5] getAcl /hadoop-ha/TOTO-ns 'digest,'hdfs-fcs:I/OoJriH1A7bSgK8vK6NPgJIJHI= : cdrwa [zk: localhost:2181(CONNECTED) 6] ls /hadoop-ha/TOTO-ns Authentication is not valid : /hadoop-ha/TOTO-ns
[zk: localhost:2181(CONNECTED) 0] addauth digest hdfs-fcs:2pHx7qw0LkHwy9E3Qbj3vxgh9A6e34
[zk: localhost:2181(CONNECTED) 1] ls /hadoop-ha/TOTO-ns [ActiveBreadCrumb, ActiveStandbyElectorLock]
[zk: localhost:2181(CONNECTED) 2] create /zkPro myData Created /zkPro
[zk: localhost:2181(CONNECTED) 4] getAcl /zkPro 'world,'anyone : cdrwa
[zk: localhost:2181(CONNECTED) 13] setAcl /zkPro digest:hdfs-fcs:I/OoJriH1A7bSgK8vK6NPgJIJHI=:rwcda; Unknown perm type: ; cZxid = 0x13001bbef5 ctime = Mon Nov 18 14:21:52 UTC 2019 mZxid = 0x13001bbef5 mtime = Mon Nov 18 14:21:52 UTC 2019 pZxid = 0x13001bbef5 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 6 numChildren = 0
[zk: localhost:2181(CONNECTED) 19] getAcl /zkPro 'digest,'hdfs-fcs:I/OoJriH1A7bSgK8vK6NPgJIJHI= : cdrwa
If I try again without doing addauth + digest, I will have an error
[zk: localhost:2181(CONNECTED) 1] ls /zkPro Authentication is not valid : /zkPro
You can find the digest in the core-site.xml.
<property> <name>ha.zookeeper.auth</name> <value>digest:hdfs-fcs:2pHx7qw0LkHwy9E3Qbj3vxgh9A6e34</value> </property> <property> <name>ha.zookeeper.acl</name> <value>digest:hdfs-fcs:I/OoJriH1A7bSgK8vK6NPgJIJHI=:rwcda</value> </property>
... View more
Labels:
- Labels:
-
Apache Zookeeper
11-22-2019
04:44 AM
I have the same set of questions 1. How do I take znode back ups? is there a way ? 2. rmr /hbase-secure from zkcli and restarting hbase services , should essentially built me all the znode tree structure back. is my assumption right?
... View more
10-10-2019
03:06 AM
I need clarification about Metastore URI configuration of Hive data server. The problem is that in the official cloudera documentation you can see that it is a requirement to block external applications accessing Hive Metastore in order to secure cluster with Sentry:
https://www.cloudera.com/documentation/enterprise/latest/topics/sg_sentry_service_config.html#concept_z5b_42s_p4__section_lvc_4g4_rp
Block the external applications from accessing the Hive metastore:
In the Cloudera Manager Admin Console, select the Hive service.
On the Hive service page, click the Configuration tab.
In the search well on the right half of the Configuration page, search for Hive Metastore Access Control and Proxy User Groups Override to locate the hadoop.proxyuser.hive.groups parameter and click the plus sign.
Enter hive into the text box and click the plus sign again.
Enter hue into the text box.
Enter sentry into the text box.
Click Save Changes.
ODI is also an external application so its direct access requirement to Metastore contradicts with this requirement.
Why are we setting Metastore URI in Hive data server? What is it used for? If it is a requirement, how can we explain this contradiction?
Another problem is that we are configuring Metastore HA by default in our BDA. However how can we configure ODI Metadata Uri to support metadata HA configuration? Is there any way to write a Uri supporting connecting more than one Metastore? If not, how can we explain this situation?
... View more
Labels:
- Labels:
-
Apache Hive
-
Cloudera Manager
05-29-2019
03:54 AM
This flaw affects Tomcat on oracle Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected. Ensure that readonly is set to true (by default, it is true even not mentioned in web.xml) for the DefaultServlet, WebDAV servlet or application context. Example – Depending upon what version you are, there are many web.xml for each service. [root@labUSbda07 ~]# vi /opt/cloudera/parcels/CDH-5.10.0-1.cdh5.10.0.p0.41/etc/oozie/tomcat-conf.http/conf/web.xml [root@labUSbda07 ~]# vi /opt/cloudera/parcels/CDH-5.13.1-1.cdh5.13.1.p0.2/etc/oozie/tomcat-conf.http/conf/web.xml more /opt/cloudera/parcels/CDH-5.13.1-1.cdh5.13.1.p0.2/etc/oozie/tomcat-conf.http/conf/web.xml Servlet content on my Lab server default org.apache.catalina.servlets.DefaultServlet debug 0 listings false 1 Readonly parameter’s default value is picked here
... View more
05-29-2019
01:43 AM
Customer found the tomcat security vulnerability CVE-2017-12615 on the third node of CDH 5.15 cluster . How to fix this CVE-2017-12615 issue?
... View more
Labels:
- Labels:
-
Cloudera Manager
04-24-2019
08:52 AM
Please tell me after the Refresh Dynamic Resource Pools there is an error "Failed to perform refresh of roles in YARN, Impala, and (in CDH 5.8 and later) Hive services." Refresh the ResourceManager's pool ACLs, states, scheduler specific properties, and hosts allow/exclude information. Process yarn-RESOURCEMANAGER-refresh (id=12038) on host bda3node04.vtb24.ru (id=6) exited with 255 and expected 0 Refresh the ResourceManager's pool ACLs, states, scheduler specific properties, and hosts allow/exclude information. Process yarn-RESOURCEMANAGER-refresh (id=12039) on host bda3node03.vtb24.ru (id=5) exited with 255 and expected 0 How to deal with this?
... View more
04-08-2019
07:11 AM
We're using cloudera with anaconda parcel on bda production cluster . I tried to execute pyspark code that imports pyarrow package , then i faced with error below . Traceback (most recent call last): File "/opt/cloudera/parcels/SPARK2-2.3.0.cloudera2-1.cdh5.13.3.p0.316101/lib/spark2/python/lib/pyspark.zip/pyspark/sql/utils.py", line 140, in require_minimum_pyarrow_version File "/opt/cloudera/parcels/Anaconda-3.6.5_2/lib/python3.6/site-packages/pyarrow/__init__.py", line 47, in <module> from pyarrow.lib import cpu_count, set_cpu_count ImportError: libboost_system.so.1.66.0: cannot open shared object file: No such file or directory During handling of the above exception, another exception occurred: Traceback (most recent call last): File "lbf_livArea_scr_2.py", line 51, in <module> @pandas_udf(schema, PandasUDFType.GROUPED_MAP) File "/opt/cloudera/parcels/SPARK2-2.3.0.cloudera2-1.cdh5.13.3.p0.316101/lib/spark2/python/lib/pyspark.zip/pyspark/sql/udf.py", line 45, in _create_udf File "/opt/cloudera/parcels/SPARK2-2.3.0.cloudera2-1.cdh5.13.3.p0.316101/lib/spark2/python/lib/pyspark.zip/pyspark/sql/utils.py", line 143, in require_minimum_pyarrow_version ImportError: PyArrow >= 0.8.0 must be installed; however, it was not found. Also output of conda list is below . [ihsany@gbbdap02 ~]$ dzdo /opt/cloudera/parcels/Anaconda/bin/conda list |grep arrow arrow-cpp 0.9.0 py36h1ae9da6_7 <unknown> pyarrow 0.9.0 py36_1 <unknown> [ihsany@gbbdap02 ~]$ dzdo /opt/cloudera/parcels/Anaconda/bin/conda list |grep boost libboost 1.65.1 habcd387_4 <unknown>
... View more
Labels:
- Labels:
-
Apache Spark
03-07-2019
09:10 AM
Is it possible, an YARN DRP has priority against other pools? ie. If i already have 2 DRP created DRP1 = 500Gb DRP2 = 200Gb and i want to add new one DRP3 = 700Gb that have priority against other pools and use all available resources are directed to DRP3. Is this possible?
... View more
03-07-2019
01:03 AM
Thank you very much Harsh
... View more
02-21-2019
04:04 AM
can we deploy the HttpFS role on more than one node? is it best practice?
we had a problem with one of the namenodes (on node02) in our cluster and it was down for almost 20 hours. once node02 was up, the active namenode ,on node01, started to alert that its not syncronized after restart of the namenode on node02 the alert stopped now active namenode is on node01 standby namenode is on node02 we can see that new logs are created on opt/hadoop/dfs/nn/current on the actine namenode on node01 but no new files . on the standby namenode no node02 - is it OK ??
... View more
Labels:
- Labels:
-
Cloudera Manager
-
HDFS
-
Security
02-13-2019
06:27 AM
Below issue can happen if certifcate is expired? I see in some logs that certificates are expired. Please send documentation for certification renewal. 2019-02-13 23:31:58,038 WARN 1168879507@agentServer-54778:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_expired 2019-02-13 23:31:58,703 WARN 1168879507@agentServer-54778:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_expired 2019-02-13 23:32:01,494 INFO 1645307921@scm-web-99151:com.cloudera.server.web.cmf.AuthenticationSuccessEventListener: Authentication success for user: 'admin' from 192.168.10.51 2019-02-13 23:32:03,490 WARN 1168879507@agentServer-54778:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_expired
... View more
01-28-2019
03:25 AM
We see the same issue on out node05 28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin navigator_plugin_pipeline INFO Stopping Navigator Plugin Pipeline '' for yarn-RESOURCEMANAGER (log dir: None) [28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin navigator_plugin INFO Refreshing Metadata Plugin for hive-WEBHCAT with pipelines [] [28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin navigator_plugin_pipeline INFO Stopping Navigator Plugin Pipeline '' for hive-WEBHCAT (log dir: None) [28/Jan/2019 11:00:36 +0000] 62064 Audit-Plugin throttling_logger INFO Unable to communicate with audit server (host: nlbv015c060605.em2.oraclecloud.com, port: 7186): [Errno 111] Connection refused [28/Jan/2019 11:00:36 +0000] 62064 Audit-Plugin throttling_logger INFO Unable to send data to nav server. Will try again. [28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin throttling_logger ERROR Unable to send message to metadata server. Traceback (most recent call last): File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.13.1-py2.6.egg/cmf/audit/navigator_sender.py", line 162, in _send_json_data elif isinstance(getattr(e, 'reason'), socket.timeout): AttributeError: 'HTTPError' object has no attribute 'reason' [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HUE-KT_RENEWER for None',) [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HIVE-HIVESERVER2 for None',) [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HIVE-HIVEMETASTORE for None',) [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HIVE-WEBHCAT for None',) [28/Jan/2019 11:00:57 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HUE-HUE_SERVER for None',) -bash-4.1# dcli -C cat /etc/cloudera-scm-agent/config.ini | grep server_host 10.196.64.68: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.44: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.86: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.104: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.8: server_host=nlbv015c060605.em2.oraclecloud.com -bash-4.1# hostname -f nlbv012c060605.em2.oraclecloud.com -bash-4.1# -bash-4.1# dcli -C cat /etc/cloudera-scm-agent/config.ini | grep server_port 10.196.64.68: server_port=7182 10.196.64.44: server_port=7182 10.196.64.86: server_port=7182 10.196.64.104: server_port=7182 10.196.64.8: server_port=7182 -bash-4.1#
... View more
01-22-2019
03:33 AM
Remove the dead host/decommissioned host from mammoth -c output or CM. We have already deleted the host. As we are about to start the upgrade process from 5.14.2 to 6.0. So as a prerequisites, When running ./mammoth -c it is giving information about the hosts which is not part of cluster. We are also thinking to remove it from scm database table hosts On mysql, under scm database, also I am able to see : mysql> mysql> select * from HOSTS; +---------+-------------------------+--------------------------------------+-----------------------------+---------------+----------+--------+- | HOST_ID | OPTIMISTIC_LOCK_VERSION | HOST_IDENTIFIER | NAME | IP_ADDRESS | RACK_ID | STATUS | +---------+-------------------------+--------------------------------------+-----------------------------+---------------+----------+--------+- | 1 | 248 | 260772a1-a89a-42b8-af4c-0406ac0c21bd | bdk1n07.bnet.luxds.net | 192.168.11.16 | /default | NA | | 2 | 251 | 19103582-a94d-4961-aeb8-5a2023480fa5 | bdk1n09.bnet.luxds.net | 192.168.11.18 | /default | NA | | 3 | 254 | e57f3aa9-ab4f-4b3c-925d-2be272237928 | bdk1n08.bnet.luxds.net | 192.168.11.17 | /default | NA | | 4 | 89 | 0317c86d-b693-4280-ba25-0bbcc46e567c | xl11lsrv0428.bnet.luxds.net | 10.178.65.98 | /default | NA | +---------+-------------------------+--------------------------------------+-----------------------------+---------------+----------+--------+- One with hostId "0317c86d-b693-4280-ba25-0bbcc46e567c"(which was edge node before) is removed from cloudera, so is there anyway to clean this node from CM, because on the screen of cloudera - hosts I am just able to see 3 nodes. Is that server xl11lsrv0428.bnet.luxds.net | 10.178.65.98 still running separately? it is running seperately and even re-imaged. Is CM agent still running /stopped on the server xl11lsrv0428.bnet.luxds.net | 10.178.65.98? No CM agent is working on it currently Is it showing in CM portal? Ans. on the CM, no entry as xl11lsrv0428.
... View more
01-09-2019
03:51 AM
Same issue in my environment. Error: flush failed for required journal (JournalAndStream(mgr=QJM to [10.196.64.44:8485, 10.196.64.68:8485, 10.196.64.86:8485], stream=QuorumOutputStream starting at txid 434560443)) We are running cloudera on VM machine (cloud)
... View more
01-04-2019
05:55 AM
we config the core-site.xml with the credentials (Account + key) and restart What do you mean by restart, Is it HDFS service restart across cluster
... View more
01-04-2019
04:19 AM
i have used the below command to copy 36TB to blob using snaoshot. HADOOP_CLIENT_OPTS="-Xmx40G" hadoop distcp -update -delete $SNAPSHOT_PATH wasbs://buclusterbackup@blobplatformdataxe265ecb.blob.core.windows.net/sep_backup/application_data getting Azure exception errors and Java IO error. i re ran with -skipcrccheck still the same error.
... View more
12-29-2018
03:15 AM
Where i should add ha.zookeeper.session-timeout.ms and what is the correct setting? Should I add the property in hdfs-site.xml
... View more
12-13-2018
06:25 AM
Same problem happened with me [root@ukfhbda1-db01 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: oracle@GDC.LOCAL Valid starting Expires Service principal 12/13/18 12:39:27 12/14/18 12:39:27 krbtgt/GDC.LOCAL@GDC.LOCAL renew until 12/20/18 12:39:27 [root@ukfhbda1-db01 ~]# [root@ukfhbda1-db01 ~]# beeline Beeline version 1.1.0-cdh5.14.2 by Apache Hive beeline> !connect 'jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL' scan complete in 2ms Connecting to jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL Connected to: Apache Hive (version 1.1.0-cdh5.14.2) Driver: Hive JDBC (version 1.1.0-cdh5.14.2) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> oracle . . . . . . . . . . . . . . . . . . . . . . .> Experian123 . . . . . . . . . . . . . . . . . . . . . . .> create role admin_role; Error: Error while compiling statement: FAILED: ParseException line 1:0 cannot recognize input near 'oracle' 'Experian123' 'create' (state=42000,code=40000) 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> Closing: 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL [root@ukfhbda1-db01 ~]# su - oracle [oracle@ukfhbda1-db01 ~]$ beeline Beeline version 1.1.0-cdh5.14.2 by Apache Hive beeline> !connect 'jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL' scan complete in 2ms Connecting to jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL Connected to: Apache Hive (version 1.1.0-cdh5.14.2) Driver: Hive JDBC (version 1.1.0-cdh5.14.2) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> create role admin_role; INFO : Compiling command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34): create role admin_role INFO : Semantic Analysis Completed INFO : Returning Hive schema: Schema(fieldSchemas:null, properties:null) INFO : Completed compiling command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34); Time taken: 0.115 seconds INFO : Executing command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34): create role admin_role INFO : Starting task [Stage-0:DDL] in serial mode ERROR : Error processing Sentry command: java.net.ConnectException: Connection refused (Connection refused). ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) INFO : Completed executing command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34); Time taken: 15.015 seconds Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) (state=08S01,code=1) 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> grant role admin_role to group hive; INFO : Compiling command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138): grant role admin_role to group hive INFO : Semantic Analysis Completed INFO : Returning Hive schema: Schema(fieldSchemas:null, properties:null) INFO : Completed compiling command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138); Time taken: 0.172 seconds INFO : Executing command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138): grant role admin_role to group hive INFO : Starting task [Stage-0:DDL] in serial mode ERROR : Error processing Sentry command: java.net.ConnectException: Connection refused (Connection refused). ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) INFO : Completed executing command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138); Time taken: 15.014 seconds Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) (state=08S01,code=1) 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> grant all on server server1 to role admin_role; INFO : Compiling command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130): grant all on server server1 to role admin_role INFO : Semantic Analysis Completed INFO : Returning Hive schema: Schema(fieldSchemas:null, properties:null) INFO : Completed compiling command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130); Time taken: 0.079 seconds INFO : Executing command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130): grant all on server server1 to role admin_role INFO : Starting task [Stage-0:DDL] in serial mode ERROR : Error processing Sentry command: java.net.ConnectException: Connection refused (Connection refused). ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) INFO : Completed executing command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130); Time taken: 15.014 seconds Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) (state=08S01,code=1)
... View more
12-07-2018
02:42 AM
We are getting below alerts. Ki ndly guide on how to troubleshoot T h e h e a l t h t e s t r e s u l t f o r C A T A L O G S E R V E R _ H O S T _ H E A L T H h a s b e c o m e b a d. T h e h e a l t h o f t h i s r o l e ' s h o s t i s b a d T h e h e a l t h t e s t r e s u l t f o r S T A T E S T O R E _ H O S T _ H E A L T H h a s b e c o m e b a d : T h e h e a l t h o f t h i s r o l e ' s h o s t i s b a d . T h e h e a l t h t e s t r e s u l t f o r I M P A L A D _ H O S T _ H E A L T H h a s b e c o m e b a d : T h e h e a l t h o f t h i s r o l e ' s h o s t i s b a d T h e h e a l t h t e s t r e s u l t f o r I M P A L A _ S T A T E S T O R E _ H E A L T H h a s b e c o m e b ad T h e h e a l t h t e s t r e s u l t f o r I M P A L A _ C A T A L O G S E R V E R _ H E A L T H h a s b e c o m e b a d
... View more
Labels:
- Labels:
-
Apache Impala