Also followed https://community.cloudera.com/t5/Support-Questions/SSLError-certificate-verify-failed/td-p/92340/highlight/true but still no luck. According to the solution mentioned in this link, including certificates of two openssl command.    openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software verify error:num=18:self signed certificate verify return:1 depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software verify return:1 139717345220416:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42 Certificate: Data: Version: 3 (0x2) Serial Number: 1521762547 (0x5ab440f3) Signature Algorithm: sha256WithRSAEncryption Issuer: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software Validity Not Before: Oct 15 17:51:15 2020 GMT Not After : Jan 13 17:51:15 2021 GMT Subject: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ad:b7:4d:34:67:0e:7f:48:03:5a:1f:cc:fd:d6: 5b:9b:8a:12:13:3c:03:2b:b8:87:63:de:66:e8:6d: 66:77:e5:8d:66:3b:db:a2:7d:8d:07:21:38:8d:fb: 12:b0:e2:1a:04:9a:50:64:b7:4c:10:7d:69:1c:ce: 7a:26:27:2f:7d:b1:3a:4e:ad:6b:30:33:9b:12:59: 53:b6:08:0a:9b:70:3b:1c:0c:96:42:0e:64:cf:12: 74:fd:3c:ee:a4:25:67:e8:f5:9b:2f:62:bf:97:08: 41:c8:c3:e0:34:2c:39:87:22:02:97:34:c3:a7:ad: 87:57:5b:4f:a4:af:3b:ab:cc:ed:5c:a1:d7:5a:75: d0:0f:ce:4a:7a:2c:d2:2d:75:f5:46:36:e6:c8:72: 9f:15:6f:88:b9:ab:03:9e:4b:27:33:41:9e:1c:09: 52:04:a5:69:81:e5:49:4c:3e:c1:4a:5f:ef:34:0c: c8:0e:8e:5e:94:69:32:c3:26:e6:44:6d:39:1f:1f: 07:8a:fa:6e:6d:4a:29:7e:b1:7d:45:6c:57:22:a3: b6:4e:69:81:f4:1f:49:4a:28:a1:59:2f:e1:cf:5e: 9e:c0:0f:39:ea:4f:1d:7e:27:a4:ed:97:01:16:fe: d9:29:a5:4f:43:9d:f2:8e:7e:6c:af:74:b0:be:a5: c5:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 67:A9:1F:75:3D:C7:30:93:52:B2:89:C6:3B:08:0D:E4:2D:A8:19:D1 Signature Algorithm: sha256WithRSAEncryption 1b:c6:c4:e9:84:63:58:89:17:1f:2b:a5:29:bd:17:02:45:13: 5f:48:dc:81:e2:9b:92:fc:ad:84:84:a5:60:7b:48:80:c9:0a: 46:35:96:24:be:55:fc:ea:5f:e8:74:e3:82:d9:83:07:4b:95: e6:b1:a1:20:8a:53:2e:32:25:51:d2:b5:00:b5:69:de:7f:2c: 3b:40:fe:eb:2b:76:e7:5d:2f:54:b2:c0:22:92:24:3a:ab:46: fd:ce:08:91:4b:89:91:b1:c1:79:a2:f7:b9:d7:bf:ff:f3:47: e7:b6:b2:25:b2:93:42:9a:fc:3f:6d:ca:79:f2:db:e0:59:73: 02:f1:09:8e:d3:f1:79:24:a2:f3:d7:3a:52:11:1c:54:25:e4: c7:c2:ab:17:fa:b7:7c:3a:93:89:10:9a:f1:1f:e5:28:fb:7b: 03:36:21:18:2b:71:35:9b:6e:03:72:83:f1:8e:6c:80:2b:32: f2:fc:81:7c:cd:4b:5a:3c:fa:8a:8d:1a:2b:0b:f5:4f:31:ab: 85:d1:0e:28:86:1e:e6:79:aa:6c:15:fb:e7:7f:41:98:30:1f: 86:54:0c:c8:ca:5a:3c:fa:88:2b:03:be:78:a9:8f:8f:0e:5d: 83:4d:84:71:d2:4b:db:10:07:01:00:0c:84:76:6e:2f:88:e9: aa:8e:06:40 ================================================================================== [root@optim-rhel72-uppu cloudera-scm-agent]# openssl s_client -connect $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//):7182 -CAfile $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "verify_cert_file=" |sed s/verify_cert_file=//) -verify_hostname $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//)</dev/null CONNECTED(00000004) depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software verify return:1 140654616340288:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42 --- Certificate chain 0 s:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software i:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software --- Server certificate -----BEGIN CERTIFICATE----- MIIDvTCCAqWgAwIBAgIEWrRA8zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYD VQQKEwZVTklDT00xDjAMBgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVs NzItdXBwdS5kZXZlbG9wbWVudC51bmljb20uc29mdHdhcmUwHhcNMjAxMDE1MTc1 MTE1WhcNMjEwMTEzMTc1MTE1WjCBjjELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYDVQQKEwZVTklDT00xDjAM BgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVsNzItdXBwdS5kZXZlbG9w bWVudC51bmljb20uc29mdHdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCtt000Zw5/SANaH8z91lubihITPAMruIdj3mbobWZ35Y1mO9uifY0HITiN +xKw4hoEmlBkt0wQfWkcznomJy99sTpOrWswM5sSWVO2CAqbcDscDJZCDmTPEnT9 PO6kJWfo9ZsvYr+XCEHIw+A0LDmHIgKXNMOnrYdXW0+krzurzO1coddaddAPzkp6 LNItdfVGNubIcp8Vb4i5qwOeSyczQZ4cCVIEpWmB5UlMPsFKX+80DMgOjl6UaTLD JuZEbTkfHweK+m5tSil+sX1FbFcio7ZOaYH0H0lKKKFZL+HPXp7ADznqTx1+J6Tt lwEW/tkppU9DnfKOfmyvdLC+pcWxAgMBAAGjITAfMB0GA1UdDgQWBBRnqR91Pccw k1KyicY7CA3kLagZ0TANBgkqhkiG9w0BAQsFAAOCAQEAG8bE6YRjWIkXHyulKb0X AkUTX0jcgeKbkvythISlYHtIgMkKRjWWJL5V/Opf6HTjgtmDB0uV5rGhIIpTLjIl UdK1ALVp3n8sO0D+6yt2510vVLLAIpIkOqtG/c4IkUuJkbHBeaL3ude///NH57ay JbKTQpr8P23KefLb4FlzAvEJjtPxeSSi89c6UhEcVCXkx8KrF/q3fDqTiRCa8R/l KPt7AzYhGCtxNZtuA3KD8Y5sgCsy8vyBfM1LWjz6io0aKwv1TzGrhdEOKIYe5nmq bBX7539BmDAfhlQMyMpaPPqIKwO+eKmPjw5dg02EcdJL2xAHAQAMhHZuL4jpqo4G QA== -----END CERTIFICATE----- subject=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software issuer=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software --- Acceptable client certificate CA names C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1 C = US, O = SecureTrust Corporation, CN = SecureTrust CA C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4 C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority C = US, O = AffirmTrust, CN = AffirmTrust Commercial C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority C = FI, O = Sonera, CN = Sonera Class2 CA C = US, O = America Online Inc., CN = America Online Root Certification Authority 1 C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2 C = US, O = Equifax, OU = Equifax Secure Certificate Authority C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority C = US, O = Internet Security Research Group, CN = ISRG Root X1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root C = ZA, ST = Western Cape, L = Durbanville, O = Thawte, OU = Thawte Certification, CN = Thawte Timestamping CA C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Object C = US, O = AffirmTrust, CN = AffirmTrust Networking C = US, O = AffirmTrust, CN = AffirmTrust Premium C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Code Signing Root C = US, O = America Online Inc., CN = America Online Root Certification Authority 2 C = LU, O = LuxTrust s.a., CN = LuxTrust Global Root C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3 C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008 C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email C = FR, O = Certplus, CN = Class 2 Primary CA C = US, O = GeoTrust Inc., CN = GeoTrust Global CA C = CH, O = SwissSign AG, CN = SwissSign Platinum CA - G2 OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 2 Public Primary Certification Authority - G3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2 C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) O = TeliaSonera, CN = TeliaSonera Root CA v1 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 1 Public Primary Certification Authority - G3 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4 C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2 C = PL, O = Unizeto Sp. z o.o., CN = Certum CA C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root O = Digital Signature Trust Co., CN = DST Root CA X3 C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3 C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2 C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3 C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority C = US, O = "VeriSign, Inc.", OU = Class 2 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 2 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3 C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority C = FR, O = Certplus, CN = Class 3P Primary CA C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication EV RootCA1 C = US, O = Equifax Secure Inc., CN = Equifax Secure eBusiness CA-1 C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server@thawte.com C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2 C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network C = FR, O = KEYNECTIS, OU = ROOT, CN = KEYNECTIS ROOT CA C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 13893 bytes and written 485 bytes Verification: OK Verified peername: optim-rhel72-uppu.development.unicom.software --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5F9166CED3FCFA9FCB45E702D4D6F2431A88DE484A55569FE07F85A3875A4C10 Session-ID-ctx: Master-Key: CF878F2D7C39306F3FD3F68E821AF532EAE002246903528EAC043A8B8BEBF4CB99DAADE2876BB71F14B330254DDDDEF8 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1603364558 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- ... View more

Hi Li,   Thanks for being on top of it and helping me in solving the problem.   usermod -g yarn yarn usermod -a -G hadoop yarn   Above two commands fixed my problem. [root@optim-rhel72-uppu meta]# id yarn uid=1007(yarn) gid=1008(yarn) groups=1008(yarn),1010(hadoop)   I have no idea how yarn user permissions are changed, all that I am following is that what have been suggested in cloudera instructions to enable encryption.   Thanks to all of the folks for providing suggestions.   Problems like this sucks lot of time in identifying where to fix and I would request cloudera to improve such situations.   Thanks, Tulasi     ... View more

This is the content of my /etc/fstab file ----------------------------------- /dev/mapper/rhel_rhel72-root /                       xfs     defaults        0 0 UUID=d762b842-5c87-4e4d-bc0e-7a6bad357604 /boot                   xfs     defaults        0 0 /dev/mapper/rhel_rhel72-home /home                   xfs     defaults        0 0 /dev/mapper/rhel_rhel72-swap swap                    swap    defaults        0 0    ----------------------------------- Do I need to change anything?   Thanks. ... View more

Hi Li,   This is what I am getting:   [root@optim-rhel72-uppu ~]# id yarn uid=1007(yarn) gid=1010(hadoop) groups=1010(hadoop)   Thanks, Tulasi ... View more

Hi Li,   Everything on a single node.   /opt/cloudera/parcels/CDH/lib/hadoop-yarn/bin [root@optim-rhel72-uppu bin]# ls -lrt total 80 -rwxr-xr-x 1 root root 12476 May 24  2018 yarn -rwxr-xr-x 1 root root  5463 May 24  2018 mapred ---Sr-s--- 1 root yarn 53712 May 24  2018 container-executor   This is the error from /var/log/hadoop-yarn/hadoop-cmf-yarn-NODEMANAGER-optim-rhel72-uppu.development.unicomglobal.software.log.out   2019-01-30 23:42:45,872 INFO org.apache.hadoop.service.AbstractService: Service NodeManager failed in state INITED; cause: org.apache.hadoop.yarn.exceptions.YarnRuntimeException: Failed to initialize container executor org.apache.hadoop.yarn.exceptions.YarnRuntimeException: Failed to initialize container executor         at org.apache.hadoop.yarn.server.nodemanager.NodeManager.serviceInit(NodeManager.java:269)         at org.apache.hadoop.service.AbstractService.init(AbstractService.java:163)         at org.apache.hadoop.yarn.server.nodemanager.NodeManager.initAndStartNodeManager(NodeManager.java:562)         at org.apache.hadoop.yarn.server.nodemanager.NodeManager.main(NodeManager.java:609) Caused by: java.io.IOException: Cannot run program "/opt/cloudera/parcels/CDH-5.15.0-1.cdh5.15.0.p0.21/lib/hadoop-yarn/bin/container-executor": error=13, Permission denied   Thanks, Tulasi ... View more

Hi Li,   I changed the permission, still it didn't fix the problem.   [root@optim-rhel72-uppu bin]# ls -alt /opt/cloudera/parcels/CDH/lib/hadoop-yarn/bin/container-executor ---Sr-s--- 1 root yarn 53712 May 24  2018 /opt/cloudera/parcels/CDH/lib/hadoop-yarn/bin/container-executor   In this below, is it something to do with banned.users?    [root@optim-rhel72-uppu conf.cloudera.yarn]# cat /etc/hadoop/conf.cloudera.yarn/container-executor.cfg yarn.nodemanager.linux-container-executor.group=yarn min.user.id=1000 allowed.system.users=nobody,impala,hive,llama,hbase banned.users=hdfs,yarn,mapred,bin   Thanks, Tulasi ... View more

Hi Jerry, Yes, the value of "Container Executor Group" property is matching with CM, see below: [root@optim-rhel72-uppu conf.cloudera.yarn]# cat container-executor.cfg yarn.nodemanager.linux-container-executor.group=yarn min.user.id=1000 allowed.system.users=nobody,impala,hive,llama,hbase banned.users=hdfs,yarn,mapred,bin Thanks, Tulasi ... View more

Hi Manu, I tried your suggestion and it didn't work. Thanks, Tulasi ... View more