Member since
12-18-2018
11
Posts
3
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1653 | 07-24-2019 11:02 AM |
12-26-2023
01:02 AM
Hi @Abdul @lwang @rar59b We have a know issue with the javax.security.sasl.SaslException: DIGEST-MD5: IO error acquiring password. Which is not yet fixed in any current CDP versions. https://issues.apache.org/jira/browse/HDFS-16332 Are we seeing any jobs failures when we have this issue? What values we set for the below parameters. dfs.data.transfer.protection = hadoop.rpc.protection = dfs.encrypt.data.transfer =
... View more
05-12-2020
08:11 AM
Check out our series of SDX videos on our youtube channel for some examples of Atlas + Ranger in action as part of the CDP Shared Data Experience (SDX): https://www.youtube.com/playlist?list=PLe-h9HrA9qfCj2SI5BrvCdQOEOjHUWMBB
... View more
04-24-2020
02:30 PM
@bgooley In CDH 6.3.x, this appears to have changed and the "https.py" file is slightly different now. It accepts the cipher_list as a configuration item. The way we secured Port 900 is by doing these steps: 1) Check to see if RC4 (and other weak ciphers) are open on Port 9000: openssl s_client -cipher RC4 -connect <server>:9000 -msg 2) Edit the "/etc/cloudera-scm-agent/config.ini" file 3) Under the "[Security]" section of the config.ini file, we added these lines: # Custom Cipher List to close vulnerabilities for port 9000 cipher_list=HIGH:!DSS:!DH:!ADH:!DES:!3DES:!SHA1:!RC4:!aNULL:!eNULL:!EXPORT:!SSLv2:!SSLv3:!TLSv1 4) Restart the Cloudera CM-Agent: sudo service cloudera-scm-agent restart 5) Wait a minute or so and then rerun the OpenSSL command and RC4 (and other weak ciphers, if you test them) are closed: openssl s_client -cipher RC4 -connect <server>:9000 -msg It would be great if Cloudera could add this to their documentation on how to add this additional security to the CM Agent.
... View more
10-05-2019
12:43 AM
The original issue described here is not applicable to your version. In your case it could simply be a misconfiguration that's causing oozie to not load the right hive configuration required to talk to the hive service. Try enabling debug logging on the oozie server if you are unable to find an error in it. Also try to locate files or jars in your workflow that may be supplying an invalid hive client XML.
... View more
07-24-2019
11:02 AM
https://community.cloudera.com/t5/Cloudera-Manager-Installation/How-can-we-disable-TLSv1-cipher-for-the-Cloudera-Platform/td-p/25706
... View more