Kindly correct if wrong 1) If Active NameNode1 crashes, then after ha.health-monitor.rpc-timeout.ms seconds, NameNode2 will try to become Active. No, Every 2000ms zookeeper "ticktime" setting to do heartbeats and the minimum session timeout will be twice the tickTime. The new entry, initLimit is timeouts ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader. The entry syncLimit limits how far out of date a server can be from a leader. Failover controller running on namenode1 and namenode2 check/does  the health monitoing and ZKFC property for monitorHealth RPC timeouts are set by parameter ha.health-monitor.rpc-timeout.ms(Timeout for the actual monitorHealth() calls) ha.health-monitor.rpc-timeout.ms parameter means Timeout for the actual monitorHealth() calls. Kindly remember this setting is for timeout of health monitor calls 2) If active node crashes, then after dfs.ha.fencing.ssh.connect-timeout seconds NameNode2 will try to become Active.   Answer - The above statement is incorrect dfs.ha.fencing.ssh.connect-timeout is only applicable when dfs.ha.fencing.methods is selected or mentioned as "sshfence" But in cloudera default dfs.ha.fencing.methods is mentioned as shell(true) The transition from the active namenode to the standby is managed by a new entity in the system called the failover controller. Failover controllers are pluggable, but the first implementation uses ZooKeeper to ensure that only one namenode is active. Each namenode runs a lightweight failover controller process whose job it is to monitor its namenode for failures (using a simple heartbeating mechanism) and trigger a failover on namenode failure. Failover may also be initiated manually by an administrator, in the case of routine maintenance, for example. This is known as a graceful failover, since the failover controller arranges an orderly transition for both namenodes to switch roles. In the case of an ungraceful failover, however, it is impossible to be sure that the failed namenode has stopped running. For example, a slow network or a network partition can trigger a failover transition, even though the previously active namenode is still running, and thinks it is still the active namenode. The HA implementation goes to great lengths to ensure that the previously active namenode is prevented from doing any damage and causing corruption—a method known as fencing. The system employs a range of fencing mechanisms, including killing the namenode’s process, revoking its access to the shared storage directory (typically by using a vendor-specific NFS command), and disabling its network port via a remote management command. As a last resort, the previously active namenode can be fenced with a technique rather graphi- cally known as STONITH, or “shoot the other node in the head”, which uses a specialized power distribution unit to forcibly power down the host machine. Client failover is handled transparently by the client library. The simplest implementation uses client-side configuration to control failover. The HDFS URI uses a logical hostname which is mapped to a pair of namenode addresses (in the configuration file), and the client library tries each namenode address until the operation succeeds. Let's take an example - I have configured Hadoop HA cluster. If I kill Namenode process with command "kill -9 NameNodeProcessId" my standby node changes its state to active. But if I power off active node then standby node can't change its state to active because it trys to connect to the crashed node by using SSH. This parameter doesn't work: dfs.ha.fencing.ssh.connect-timeout 3000 It is 5 second by default. But even after 5 minutes standby node continue try to connect to crashed node. I set it manually for 3 second but it still doesn't work. So, if we just kill namenode process our cluster works but if we crash active node our cluster become unavailable. Since you powered off the Active NN machine, during fail-over SNN(Standby Namenode)  timed out to connect to this machine and fencing is failed. Typically fencing methods should be configured to not to allow multiple writers to same shared storage. It looks like you are using 'QJM' and it supports the fencing feature on its own. i.e. it wont allow multiple writers at a time. So I think external fencing methods can be skipped. AFAIK, to improve the availability of the system in the event the fencing mechanisms fail, it is advisable to configure a fencing method which is guaranteed to return success. You can remove the SSH fencing method from both machines configuration. Please try the below shell based fence method just to skip SSH fence and restart the cluster. Then fail over will happen successfully. <property>  <name>dfs.ha.fencing.methods</name>  <value>shell(/bin/true)</value> </property> ... View more

I have the same set of questions 1. How do I take znode back ups? is there a way ? 2. rmr /hbase-secure from zkcli and restarting hbase services , should essentially built me all the znode tree structure back. is my assumption right? ... View more

This flaw affects Tomcat on oracle Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected. Ensure that readonly is set to true (by default, it is true even not mentioned in web.xml) for the DefaultServlet, WebDAV servlet or application context. Example – Depending upon what version you are, there are many web.xml for each service. [root@labUSbda07 ~]# vi /opt/cloudera/parcels/CDH-5.10.0-1.cdh5.10.0.p0.41/etc/oozie/tomcat-conf.http/conf/web.xml [root@labUSbda07 ~]# vi /opt/cloudera/parcels/CDH-5.13.1-1.cdh5.13.1.p0.2/etc/oozie/tomcat-conf.http/conf/web.xml more /opt/cloudera/parcels/CDH-5.13.1-1.cdh5.13.1.p0.2/etc/oozie/tomcat-conf.http/conf/web.xml Servlet content on my Lab server                                         default org.apache.catalina.servlets.DefaultServlet debug 0 listings false 1 Readonly parameter’s default value is picked here ... View more

Please tell me after the Refresh Dynamic Resource Pools there is an error "Failed to perform refresh of roles in YARN, Impala, and (in CDH 5.8 and later) Hive services." Refresh the ResourceManager's pool ACLs, states, scheduler specific properties, and hosts allow/exclude information. Process yarn-RESOURCEMANAGER-refresh (id=12038) on host bda3node04.vtb24.ru (id=6) exited with 255 and expected 0 Refresh the ResourceManager's pool ACLs, states, scheduler specific properties, and hosts allow/exclude information. Process yarn-RESOURCEMANAGER-refresh (id=12039) on host bda3node03.vtb24.ru (id=5) exited with 255 and expected 0 How to deal with this? ... View more

Thanks Gentleman, Let me re-install. I hope it works ... View more

Is it possible, an YARN DRP has priority against other pools? ie. If i already have 2 DRP created DRP1 = 500Gb DRP2 = 200Gb and i want to add new one DRP3 = 700Gb that have priority against other pools and use all available resources are directed to DRP3. Is this possible? ... View more

Thank you very much Harsh ... View more

Below issue can happen if certifcate is expired? I see in some logs that certificates are expired. Please send documentation for certification renewal. 2019-02-13 23:31:58,038 WARN 1168879507@agentServer-54778:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_expired 2019-02-13 23:31:58,703 WARN 1168879507@agentServer-54778:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_expired 2019-02-13 23:32:01,494 INFO 1645307921@scm-web-99151:com.cloudera.server.web.cmf.AuthenticationSuccessEventListener: Authentication success for user: 'admin' from 192.168.10.51 2019-02-13 23:32:03,490 WARN 1168879507@agentServer-54778:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_expired ... View more

We see the same issue on out node05 28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin navigator_plugin_pipeline INFO Stopping Navigator Plugin Pipeline '' for yarn-RESOURCEMANAGER (log dir: None) [28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin navigator_plugin INFO Refreshing Metadata Plugin for hive-WEBHCAT with pipelines [] [28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin navigator_plugin_pipeline INFO Stopping Navigator Plugin Pipeline '' for hive-WEBHCAT (log dir: None) [28/Jan/2019 11:00:36 +0000] 62064 Audit-Plugin throttling_logger INFO Unable to communicate with audit server (host: nlbv015c060605.em2.oraclecloud.com, port: 7186): [Errno 111] Connection refused [28/Jan/2019 11:00:36 +0000] 62064 Audit-Plugin throttling_logger INFO Unable to send data to nav server. Will try again. [28/Jan/2019 11:00:36 +0000] 62064 Metadata-Plugin throttling_logger ERROR Unable to send message to metadata server. Traceback (most recent call last): File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.13.1-py2.6.egg/cmf/audit/navigator_sender.py", line 162, in _send_json_data elif isinstance(getattr(e, 'reason'), socket.timeout): AttributeError: 'HTTPError' object has no attribute 'reason' [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HUE-KT_RENEWER for None',) [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HIVE-HIVESERVER2 for None',) [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HIVE-HIVEMETASTORE for None',) [28/Jan/2019 11:00:55 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HIVE-WEBHCAT for None',) [28/Jan/2019 11:00:57 +0000] 62064 MonitorDaemon-Scheduler __init__ INFO Monitor ready to report: ('GenericMonitor HUE-HUE_SERVER for None',) -bash-4.1# dcli -C cat /etc/cloudera-scm-agent/config.ini | grep server_host 10.196.64.68: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.44: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.86: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.104: server_host=nlbv015c060605.em2.oraclecloud.com 10.196.64.8: server_host=nlbv015c060605.em2.oraclecloud.com -bash-4.1# hostname -f nlbv012c060605.em2.oraclecloud.com -bash-4.1# -bash-4.1# dcli -C cat /etc/cloudera-scm-agent/config.ini | grep server_port 10.196.64.68: server_port=7182 10.196.64.44: server_port=7182 10.196.64.86: server_port=7182 10.196.64.104: server_port=7182 10.196.64.8: server_port=7182 -bash-4.1# ... View more

Remove the dead host/decommissioned host from mammoth -c output or CM.   We have already deleted the host. As we are about to start the upgrade process from 5.14.2 to 6.0. So as a prerequisites, When running ./mammoth -c it is giving information about the hosts which is not part of cluster. We are also thinking to remove it from scm database table hosts On mysql, under scm database, also I am able to see :   mysql> mysql> select * from HOSTS; +---------+-------------------------+--------------------------------------+-----------------------------+---------------+----------+--------+- | HOST_ID | OPTIMISTIC_LOCK_VERSION | HOST_IDENTIFIER | NAME | IP_ADDRESS | RACK_ID | STATUS | +---------+-------------------------+--------------------------------------+-----------------------------+---------------+----------+--------+- | 1 | 248 | 260772a1-a89a-42b8-af4c-0406ac0c21bd | bdk1n07.bnet.luxds.net | 192.168.11.16 | /default | NA | | 2 | 251 | 19103582-a94d-4961-aeb8-5a2023480fa5 | bdk1n09.bnet.luxds.net | 192.168.11.18 | /default | NA | | 3 | 254 | e57f3aa9-ab4f-4b3c-925d-2be272237928 | bdk1n08.bnet.luxds.net | 192.168.11.17 | /default | NA | | 4 | 89 | 0317c86d-b693-4280-ba25-0bbcc46e567c | xl11lsrv0428.bnet.luxds.net | 10.178.65.98 | /default | NA | +---------+-------------------------+--------------------------------------+-----------------------------+---------------+----------+--------+- One with hostId "0317c86d-b693-4280-ba25-0bbcc46e567c"(which was edge node before) is removed from cloudera, so is there anyway to clean this node from CM, because on the screen of cloudera - hosts I am just able to see 3 nodes.   Is that server xl11lsrv0428.bnet.luxds.net | 10.178.65.98 still running separately?  it is running seperately and even re-imaged. Is CM agent still running /stopped on the server xl11lsrv0428.bnet.luxds.net | 10.178.65.98?  No CM agent is working on it currently Is it showing in CM portal?  Ans. on the CM, no entry as xl11lsrv0428. ... View more

Same issue in my environment. Error: flush failed for required journal (JournalAndStream(mgr=QJM to [10.196.64.44:8485, 10.196.64.68:8485, 10.196.64.86:8485], stream=QuorumOutputStream starting at txid 434560443)) We are running cloudera on VM machine (cloud) ... View more

we config the core-site.xml with the credentials (Account + key) and restart What do you mean by restart, Is it HDFS service restart across cluster ... View more

i have used the below command to copy 36TB to blob using snaoshot. HADOOP_CLIENT_OPTS="-Xmx40G" hadoop distcp -update -delete $SNAPSHOT_PATH wasbs://buclusterbackup@blobplatformdataxe265ecb.blob.core.windows.net/sep_backup/application_data getting Azure exception errors and Java IO error. i re ran with -skipcrccheck still the same error. ... View more

Where i should add ha.zookeeper.session-timeout.ms and what is the correct setting? Should I add the property in hdfs-site.xml ... View more

Same problem happened with me [root@ukfhbda1-db01 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: oracle@GDC.LOCAL Valid starting Expires Service principal 12/13/18 12:39:27 12/14/18 12:39:27 krbtgt/GDC.LOCAL@GDC.LOCAL renew until 12/20/18 12:39:27 [root@ukfhbda1-db01 ~]# [root@ukfhbda1-db01 ~]# beeline Beeline version 1.1.0-cdh5.14.2 by Apache Hive beeline> !connect 'jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL' scan complete in 2ms Connecting to jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL Connected to: Apache Hive (version 1.1.0-cdh5.14.2) Driver: Hive JDBC (version 1.1.0-cdh5.14.2) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> oracle . . . . . . . . . . . . . . . . . . . . . . .> Experian123 . . . . . . . . . . . . . . . . . . . . . . .> create role admin_role; Error: Error while compiling statement: FAILED: ParseException line 1:0 cannot recognize input near 'oracle' 'Experian123' 'create' (state=42000,code=40000) 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> Closing: 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL [root@ukfhbda1-db01 ~]# su - oracle [oracle@ukfhbda1-db01 ~]$ beeline Beeline version 1.1.0-cdh5.14.2 by Apache Hive beeline> !connect 'jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL' scan complete in 2ms Connecting to jdbc:hive2://ukfhbda1-db04.gdc.local:10000/default;principal=hive/_HOST@GDC.LOCAL Connected to: Apache Hive (version 1.1.0-cdh5.14.2) Driver: Hive JDBC (version 1.1.0-cdh5.14.2) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> create role admin_role; INFO : Compiling command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34): create role admin_role INFO : Semantic Analysis Completed INFO : Returning Hive schema: Schema(fieldSchemas:null, properties:null) INFO : Completed compiling command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34); Time taken: 0.115 seconds INFO : Executing command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34): create role admin_role INFO : Starting task [Stage-0:DDL] in serial mode ERROR : Error processing Sentry command: java.net.ConnectException: Connection refused (Connection refused). ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) INFO : Completed executing command(queryId=hive_20181213140707_3023a4fb-b861-469a-b271-f69482c8dd34); Time taken: 15.015 seconds Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) (state=08S01,code=1) 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> grant role admin_role to group hive; INFO : Compiling command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138): grant role admin_role to group hive INFO : Semantic Analysis Completed INFO : Returning Hive schema: Schema(fieldSchemas:null, properties:null) INFO : Completed compiling command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138); Time taken: 0.172 seconds INFO : Executing command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138): grant role admin_role to group hive INFO : Starting task [Stage-0:DDL] in serial mode ERROR : Error processing Sentry command: java.net.ConnectException: Connection refused (Connection refused). ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) INFO : Completed executing command(queryId=hive_20181213141212_24f592d7-adcf-4a91-8d15-aa46a7220138); Time taken: 15.014 seconds Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) (state=08S01,code=1) 0: jdbc:hive2://ukfhbda1-db04.gdc.local:10000> grant all on server server1 to role admin_role; INFO : Compiling command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130): grant all on server server1 to role admin_role INFO : Semantic Analysis Completed INFO : Returning Hive schema: Schema(fieldSchemas:null, properties:null) INFO : Completed compiling command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130); Time taken: 0.079 seconds INFO : Executing command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130): grant all on server server1 to role admin_role INFO : Starting task [Stage-0:DDL] in serial mode ERROR : Error processing Sentry command: java.net.ConnectException: Connection refused (Connection refused). ERROR : FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) INFO : Completed executing command(queryId=hive_20181213141212_08a3e86b-4c85-4ed5-ae99-9c22ca937130); Time taken: 15.014 seconds Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. SentryUserException: java.net.ConnectException: Connection refused (Connection refused) (state=08S01,code=1)     ... View more