Member since
03-25-2019
37
Posts
0
Kudos Received
0
Solutions
09-04-2019
10:14 PM
@kwabstian53 Yes, I did as you said. telnet gspidn01.gsp.local 636 Able to connect, telnet gspidn01.gsp.local 636 Trying 10.32.83.35... Connected to gspidn01.gsp.local. Escape character is '^]'. As you said I did change ldap.conf, #TLS_CACERTDIR /home/admin/ad-ca.crt TLS_CACERT /etc/ssl/certs/ca-bundle.crt TLS_REQCERT allow Did restart ambari-server. Even after this also I am unable to do ldapsearch with 636 port.
... View more
08-28-2019
09:48 PM
Hi @kwabstian53 , Thank you for the quick response. here are the result for below tests, [root@gspdhd01 admin]# openssl s_client -connect gspidn01.gsp.local:636 CONNECTED(00000003) depth=1 DC = local, DC = gsp, CN = gsp-GSPIDN01-CA verify return:1 depth=0 CN = gspidn01.gsp.local verify return:1 --- Certificate chain 0 s:/CN=gspidn01.gsp.local i:/DC=local/DC=gsp/CN=gsp-GSPIDN01-CA --- Server certificate -----BEGIN CERTIFICATE----- MIIF4TCCBMmgAwIBAgITGAAAAAObh58/1Hp3NQAAAAAAAzANBgkqhkiG9w0BAQUF ADBGMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNnc3Ax GDAWBgNVBAMTD2dzcC1HU1BJRE4wMS1DQTAeFw0xOTA1MTYxMzI2NDdaFw0yMDA1 MTUxMzI2NDdaMB0xGzAZBgNVBAMTEmdzcGlkbjAxLmdzcC5sb2NhbDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0NAv82q4G18yxxAqkIBcN6HF6xfn8o hPyAy0NEg6oN9DYPMZeAbI+M+4PgSFCkahhHq+Cc1hk920wuSkayCbLhGIrbQxk5 t66nYAccquRoUrcZEilIh3dlSFn7jUV5uNd6J4BJWeds7ZTbUWcPUv6LyaqHCYAH zifCQJc72VEZcyrfYHVKCRHFNP/wbc0dmIhsBPlrE8MfCpZmRCGk6dWMnTeQJxjG WEK03GuUohSPAyvRUszvws5ss8nclK0aNc3so3d4ChdHu3ES8LcI/EKX4Q+HZvFm gsIbP+1n82aY7w1ytI3Rr/q2FEfPszWsRFHN0prpUXk6UYDcCWexBXUCAwEAAaOC Au8wggLrMC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8A bABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/ BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3 DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjAL BglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFJBJUps0 1o3qXXNBLI5eB6IZkv/MMB8GA1UdIwQYMBaAFIF0wvRzUzMxfPE1XswM76Z9nrWK MIHMBgNVHR8EgcQwgcEwgb6ggbuggbiGgbVsZGFwOi8vL0NOPWdzcC1HU1BJRE4w MS1DQSxDTj1nc3BpZG4wMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2Vydmlj ZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1nc3AsREM9bG9jYWw/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERp c3RyaWJ1dGlvblBvaW50MIG/BggrBgEFBQcBAQSBsjCBrzCBrAYIKwYBBQUHMAKG gZ9sZGFwOi8vL0NOPWdzcC1HU1BJRE4wMS1DQSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1n c3AsREM9bG9jYWw/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRp ZmljYXRpb25BdXRob3JpdHkwPgYDVR0RBDcwNaAfBgkrBgEEAYI3GQGgEgQQSctt 2ckXq0y5qQCiaAaA34ISZ3NwaWRuMDEuZ3NwLmxvY2FsMA0GCSqGSIb3DQEBBQUA A4IBAQAAW36YLTpHiiRjSWmu6H0/SjCbeLmdKJN5s1XnbXt4kjbbCUYvTMbb/oJ/ h5uf7kIsRdl0zfncGD/JsepLeVLh3GKz1ZDhOWkHQW4VbX0KUW84yqv+irxuKosd KDuhvGpaR2D9KmlYTdfzDF53rzvyBm6hZUQW+au9E/5MQ3Ej8XnjgaEK5GL3UKNE S3uUhqtdK91PcirvpTRVdgGsJb3DkzvxC628d3VQKLKkio4YkXi9rE3/rongu85C ow5WZ4SaPFh63l93Kd+Raa7CNmn1IWA0HXCAmX5kjNrQW9LDtYjTnvcXXfrnwaXd HNApJDvKPHlbqc6UGBU7JoUj6ri8 -----END CERTIFICATE----- subject=/CN=gspidn01.gsp.local issuer=/DC=local/DC=gsp/CN=gsp-GSPIDN01-CA --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1 --- SSL handshake has read 1726 bytes and written 659 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES128-SHA256 Session-ID: 4220000056B7D77DBE11C53E29A71B0E71E06A867EF394A5564B9AE70D546C48 Session-ID-ctx: Master-Key: C2E4A6977EF6CF2B62C396EBF9C49E0DA95035CAA5A08BEC0C23A406F95DBA0C4B16EECC89F5CAEE504A00C597D7ED25 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1567053717 Timeout : 300 (sec) Verify return code: 0 (ok) [root@gspdhd01 admin]# openssl s_client -connect gspidn01.gsp.local:636 -CAfile /home/admin/ad-ca.crt CONNECTED(00000003) depth=1 DC = local, DC = gsp, CN = gsp-GSPIDN01-CA verify return:1 depth=0 CN = gspidn01.gsp.local verify return:1 --- Certificate chain 0 s:/CN=gspidn01.gsp.local i:/DC=local/DC=gsp/CN=gsp-GSPIDN01-CA --- Server certificate -----BEGIN CERTIFICATE----- MIIF4TCCBMmgAwIBAgITGAAAAAObh58/1Hp3NQAAAAAAAzANBgkqhkiG9w0BAQUF ADBGMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNnc3Ax GDAWBgNVBAMTD2dzcC1HU1BJRE4wMS1DQTAeFw0xOTA1MTYxMzI2NDdaFw0yMDA1 MTUxMzI2NDdaMB0xGzAZBgNVBAMTEmdzcGlkbjAxLmdzcC5sb2NhbDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0NAv82q4G18yxxAqkIBcN6HF6xfn8o hPyAy0NEg6oN9DYPMZeAbI+M+4PgSFCkahhHq+Cc1hk920wuSkayCbLhGIrbQxk5 t66nYAccquRoUrcZEilIh3dlSFn7jUV5uNd6J4BJWeds7ZTbUWcPUv6LyaqHCYAH zifCQJc72VEZcyrfYHVKCRHFNP/wbc0dmIhsBPlrE8MfCpZmRCGk6dWMnTeQJxjG WEK03GuUohSPAyvRUszvws5ss8nclK0aNc3so3d4ChdHu3ES8LcI/EKX4Q+HZvFm gsIbP+1n82aY7w1ytI3Rr/q2FEfPszWsRFHN0prpUXk6UYDcCWexBXUCAwEAAaOC Au8wggLrMC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8A bABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/ BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3 DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjAL BglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFJBJUps0 1o3qXXNBLI5eB6IZkv/MMB8GA1UdIwQYMBaAFIF0wvRzUzMxfPE1XswM76Z9nrWK MIHMBgNVHR8EgcQwgcEwgb6ggbuggbiGgbVsZGFwOi8vL0NOPWdzcC1HU1BJRE4w MS1DQSxDTj1nc3BpZG4wMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2Vydmlj ZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1nc3AsREM9bG9jYWw/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERp c3RyaWJ1dGlvblBvaW50MIG/BggrBgEFBQcBAQSBsjCBrzCBrAYIKwYBBQUHMAKG gZ9sZGFwOi8vL0NOPWdzcC1HU1BJRE4wMS1DQSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1n c3AsREM9bG9jYWw/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRp ZmljYXRpb25BdXRob3JpdHkwPgYDVR0RBDcwNaAfBgkrBgEEAYI3GQGgEgQQSctt 2ckXq0y5qQCiaAaA34ISZ3NwaWRuMDEuZ3NwLmxvY2FsMA0GCSqGSIb3DQEBBQUA A4IBAQAAW36YLTpHiiRjSWmu6H0/SjCbeLmdKJN5s1XnbXt4kjbbCUYvTMbb/oJ/ h5uf7kIsRdl0zfncGD/JsepLeVLh3GKz1ZDhOWkHQW4VbX0KUW84yqv+irxuKosd KDuhvGpaR2D9KmlYTdfzDF53rzvyBm6hZUQW+au9E/5MQ3Ej8XnjgaEK5GL3UKNE S3uUhqtdK91PcirvpTRVdgGsJb3DkzvxC628d3VQKLKkio4YkXi9rE3/rongu85C ow5WZ4SaPFh63l93Kd+Raa7CNmn1IWA0HXCAmX5kjNrQW9LDtYjTnvcXXfrnwaXd HNApJDvKPHlbqc6UGBU7JoUj6ri8 -----END CERTIFICATE----- subject=/CN=gspidn01.gsp.local issuer=/DC=local/DC=gsp/CN=gsp-GSPIDN01-CA --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1 --- SSL handshake has read 1726 bytes and written 659 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES128-SHA256 Session-ID: 1D230000F115D38D94169A6DBA55FE2062091ADD61B826DCF01BBC3AA9289224 Session-ID-ctx: Master-Key: 934F0B8AEF0695606BEF9BF0112F889E7E0499D15DED3744963307CC84BC2C4058E903136ABF1CC4274D820C4063D571 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1567053874 Timeout : 300 (sec) Verify return code: 0 (ok) [root@gspdhd01 admin]# ldapsearch -h gspidn02.gsp.local -p 636 -x -D "uid=HDP_Service,ou=ServiceAccounts,dc=gsp,dc=local" -b "dc=gsp,dc=local" -W Enter LDAP Password: ldap_result: Can't contact LDAP server (-1) [root@gspdhd01 admin]# ldapsearch -h gspidn01.gsp.local -p 636 -x -D "uid=HDP_Service,ou=ServiceAccounts,dc=gsp,dc=local" -b "dc=gsp,dc=local" -W Enter LDAP Password: ldap_result: Can't contact LDAP server (-1) May I know where is the problem? Regards, Manjunath P N
... View more
08-28-2019
05:10 AM
Hi All,
I have a problem related to Enabling LDAP with SSL. Here is the situation, I have received a self-signed SSL certificate from Window Active Directory Team. We have 2 Window AD server primary and secondary gspdidn01.gsp.local and gspdidn02.gsp.local and certificate is valid. Now I am following HDP 3.1 official documentation for enabling, installed the certificate using steps mentioned in the below link. (https://docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.1.0/ambari-authentication-ldap-ad/content/authe_ldapad_configure_ambari_to_use_ldap_server.html)
==================== Review Settings ==================== Primary LDAP Host (10.32.83.35): gspidn01.gsp.local Primary LDAP Port (636): 636 Secondary LDAP Host <Optional> (10.32.83.36): gspidn02.gsp.local Secondary LDAP Port <Optional> (636): 636 Use SSL [true/false] (true): true User object class (user): user User ID attribute (sAMAccountName): sAMAccountName Group object class (group): group Group name attribute (cn): cn Group member attribute (member): member Distinguished name attribute (distinguishedName): distinguishedName Search Base (dc=gsp,dc=local): dc=gsp,dc=local Referral method [follow/ignore] (follow): follow Bind anonymously [true/false] (false): false Handling behavior for username collisions [convert/skip] for LDAP sync (skip): skip Force lower-case user names [true/false] (false): false Results from LDAP are paginated when requested [true/false] (false): false ambari.ldap.connectivity.bind_dn: CN=HDP_Service,OU=Service Accounts,dc=gsp,dc=local ambari.ldap.connectivity.bind_password: ***** ambari.ldap.advanced.disable_endpoint_identification: true ssl.trustStore.type: jks ssl.trustStore.path: /etc/security/ldaps-truststore.jks ssl.trustStore.password: ***** Save settings [y/n] (y)? y
-> ambari-server restart
Whenever I do curl ldap://gspidn01.gsp.local:389 Gives the expected results but when I do isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 6
forestFunctionality: 6
domainControllerFunctionality: 6
[root@gspdhd01 admin]# curl ldaps://gspidn01.gsp.local:636 ##Just black nothing will be displayed.
This has blocked me totally by enabling Kerberos as that needs an LDAP with secured SSL.
Please, can somebody let me know where the things are wrong or any suggestion?
... View more
Labels:
08-20-2019
02:32 AM
Hi, This gave some hope that we are in proper direction, [root@10 security]# curl "ldaps://10.32.83.35:636/DC=gsp.local?cn,objectClass?sub?(objectClass=)" -u "cn=HDP_Service,OU=Service Accounts,DC=gsp,DC=local" --cacert /etc/pki/ca-trust/source/anchors/activedirectory.pem -v Enter host password for user 'cn=HDP_Service,OU=Service Accounts,DC=gsp,DC=local': * About to connect() to 10.32.83.35 port 636 (#0) * Trying 10.32.83.35... * Connected to 10.32.83.35 (10.32.83.35) port 636 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Closing connection 0 curl: (77) Problem with the SSL CA cert (path? access rights?) How can I change .pem file path?
... View more
08-20-2019
01:53 AM
Here in this step one of the team members did follow some different steps and installed a certificate but now we are unable to remove that whenever I key tool its saying key tool already present <ambari-server> can it be removed completely so that I can start the fresh installation? If yes could please let me know the steps to completely remove the existing certificate.
... View more
08-20-2019
01:50 AM
curl "ldaps://10.32.83.35:636/DC=gsp.local?cn,objectClass?sub?(objectClass=)" -u "cn=HDP_Service,OU=Service Accounts,DC=gsp,DC=local" --insecure -v Enter host password for user 'cn=HDP_Service,OU=Service Accounts,DC=gsp,DC=local': * About to connect() to 10.32.83.35 port 636 (#0) * Trying 10.32.83.35... * Connected to 10.32.83.35 (10.32.83.35) port 636 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * NSS: client certificate not found (nickname not specified) * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: * subject: CN=gspidn01.gsp.local * start date: May 16 13:26:47 2019 GMT * expire date: May 15 13:26:47 2020 GMT * common name: gspidn01.gsp.local * issuer: CN=gsp-GSPIDN01-CA,DC=gsp,DC=local * LDAP local: ldaps://10.32.83.35:636/DC=gsp.local?cn,objectClass?sub?(objectClass=) * LDAP remote: search failed Success 0000202B: RefErr: DSID-0310082F, data 0, 1 access points ref 1: 'gsp.local' * Closing connection 0 curl: (39) NSS: client certificate not found (nickname not specified) Output for the 1st command shared. Not able to access the AD certificate using OpenSSL. Regards,
... View more
08-20-2019
01:39 AM
Hi, The document is really handy but for me, the issue has been resolved after moving the Ambari metrics to different node initially it was in data node now moved to Namenode and I am still finding the reason how it works here. Regards, Manjunath P N
... View more
08-20-2019
01:39 AM
Hi ngarg, The document is really handy but for me the issue has been resolved after moving the ambari metrics to different node initially it was in datanode now moved to Namenode and I am still finding the reason how it works here. Regards, Manjunath P N
... View more
08-20-2019
12:18 AM
Hi All,
Can somebody let me know why Ambari Metrics Collector is not starting every time I start it fails.
Log file says:
2019-08-20 09:13:25,420 INFO [agent-report-processor-1] ServiceComponentHostImpl:1054 - Host role transitioned to a new state, serviceComponentName=METRICS_COLLECTOR, hostName=gspdhd04.gsp.local, oldState=STARTING, currentState=STARTED 2019-08-20 09:13:28,379 ERROR [ambari-client-thread-116] MetricsRequestHelper:112 - Error getting timeline metrics : Connection refused (Connection refused) 2019-08-20 09:13:28,379 ERROR [ambari-client-thread-116] MetricsRequestHelper:119 - Cannot connect to collector: SocketTimeoutException for gspdhd04.gsp.local 2019-08-20 09:13:30,370 ERROR [ambari-client-thread-115] MetricsRequestHelper:112 - Error getting timeline metrics : Connection refused (Connection refused) 2019-08-20 09:13:30,370 ERROR [ambari-client-thread-115] MetricsRequestHelper:119 - Cannot connect to collector: SocketTimeoutException for gspdhd04.gsp.local 2019-08-20 09:13:44,388 ERROR [ambari-client-thread-34] MetricsRequestHelper:112 - Error getting timeline metrics : Connection refused (Connection refused) 2019-08-20 09:13:44,388 ERROR [ambari-client-thread-34] MetricsRequestHelper:119 - Cannot connect to collector: SocketTimeoutException for gspdhd04.gsp.local 2019-08-20 09:13:45,373 ERROR [ambari-client-thread-162] MetricsRequestHelper:112 - Error getting timeline metrics : Connection refused (Connection refused) 2019-08-20 09:13:45,374 ERROR [ambari-client-thread-162] MetricsRequestHelper:119 - Cannot connect to collector: SocketTimeoutException for gspdhd04.gsp.local 2019-08-20 09:14:00,384 ERROR [ambari-client-thread-162] MetricsRequestHelper:112 - Error getting timeline metrics : Connection refused (Connection refused) 2019-08-20 09:14:00,385 ERROR [ambari-client-thread-162] MetricsRequestHelper:119 - Cannot connect to collector: SocketTimeoutException for gspdhd04.gsp.local 2019-08-20 09:14:00,387 ERROR [ambari-client-thread-35] MetricsRequestHelper:112 - Error getting timeline metrics : Connection refused (Connection refused) 2019-08-20 09:14:00,387 ERROR [ambari-client-thread-35] MetricsRequestHelper:119 - Cannot connect to collector: SocketTimeoutException for gspdhd04.gsp.local 2019-08-20 09:14:07,703 INFO [agent-report-processor-1] HeartbeatProcessor:647 - State of service component METRICS_COLLECTOR of service AMBARI_METRICS of cluster 2 has changed from STARTED to INSTALLED at host gspdhd04.gsp.local according to STATUS_COMMAND report 2019-08-20 09:14:15,370 INFO [ambari-client-thread-162] AMSPropertyProvider:626 - METRICS_COLLECTOR host is not live. Skip populating resources with metrics, next message will be logged after 1000 attempts.
I am not able to understand this.
... View more
Labels:
- Labels:
-
Apache Ambari
08-19-2019
10:53 PM
Thank you Jsen, I would also like to know once after the installation of the certificate will I be able to use curl command example: curl ldaps://exmaple.com:636 because currently i get error like curl ldaps://example.com:636 curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate. But it works well with ldap://example.com:389. This means the installation of SSL is not done in the proper way right. Regards, Manjunath
... View more
08-19-2019
10:35 PM
Hi All,
I have .cer certificate with me generated by AD and this is a private one.
We are using this to integrate Ambari with AD as a pre-requisites we need to enable LDAPS I have installed LDAP but wanted to know how to install this certificate, I would like to know the steps to install the certificate in Ambari server.
cluster details:
1 Namenode
2 Datanode
HDP 3.1
Ambari 2.7.3
Regards,
Manjunath P N
... View more
Labels:
- Labels:
-
Apache Ambari
05-16-2019
06:46 AM
@Geoffrey Shelton Okot Please find the link for new thread https://community.hortonworks.com/questions/246319/failed-to-connect-to-kdc-failed-to-communicate-wit.html Please guide me on this its really critical for me.
... View more
05-16-2019
05:15 AM
Hi @Robert Levas I have confirmed the SSL path password type and even I did set. kerberos.operation.verify.kdc.trust = false but still I am receiving an error like Failed to connect to KDC - Failed to communicate with the Active Directory at ldaps://hostip:636: hostip:636 Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue. Please guide me on this Regards, Manjunath P N
... View more
04-25-2019
06:09 AM
Hi @Geoffrey Shelton Okot I have a quick question while configuring Kerberos with AD in Ambari wizard we have some prerequisites one of them is AD's SSL, is it really mandatory? If yes can we add the certificate later once after enabling Kerberos? Regards, Manjunath P N
... View more
04-22-2019
10:18 AM
Hi @Hamid Zorgani, Thanks a lot for the detailed information. It's really helpful. I have couple of doubts could you please clarify, 1. Do we need to execute all steps in Ambari server? especially from step 1 to 10? 2. I have OpenLDAP installed already in my in cluster, even are also all steps mandatory? Please let me know if you need any more information. Regards, Manjunath P N
... View more
04-17-2019
03:23 PM
Traceback (most recent call last): File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py", line 73, in <module> HdfsClient().execute() File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 367, in execute method(env) File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py", line 35, in install import params File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/params.py", line 25, in <module> from params_linux import * File "/var/lib/ambari-agent/cache/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py", line 343, in <module> dn_principal_name = dn_principal_name.replace('_HOST',hostname.lower()) File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py", line 73, in __getattr__ raise Fail("Configuration parameter '" + self.name + "' was not found in configurations dictionary!") resource_management.core.exceptions.Fail: Configuration parameter 'dfs.datanode.kerberos.principal' was not found in configurations dictionary
... View more
04-17-2019
10:27 AM
@Rishi, @Gaurav Sharma @Jay Kumar SenSharma Please guide me on the similar issue. resource_management.core.exceptions.ExecutionFailed: Execution of 'kinit -kt /etc/security/keytabs/hdfs.headless.keytab ' returned 127. -bash: kinit: command not found raise Fail("Configuration parameter '" + self.name + "' was not found in configurations dictionary!") resource_management.core.exceptions.Fail: Configuration parameter 'dfs.datanode.kerberos.principal' was not found in configurations dictionary! I am getting these error when i restart Hadoop services. I disabled Kerberos and removed and manually removed these files : rm -rf /var/kerberos/ rm /etc/krb5.conf rm -rf /usr/lib64/krb5 Now i dont know whats causing this issue please guide me on this. Regards, Manjunath P N
... View more
04-10-2019
04:03 AM
same issue with me please suggest some solution. @benoit moisan did you find any solution??? Please guide me.
... View more
04-08-2019
09:29 AM
Hi Robert, Could you please clarify me some doubts. I have installed kerberos in my cluster and its working fine. Now i have to enable HA for Kerberos so as per my understanding I should install KDC in another server which acts as Standby and then I should update krb5.conf file on both servers as mentioned above. Is my understanding correct? if not could you please guide me through the steps to enable HA. Kind Regards, Manjunath P N
... View more
03-07-2019
02:29 PM
@Geoffrey Shelton Okot @Jay Kumar SenSharma When I am trying to enable the Kerberos after all the back end setup, i am getting warning as "YARN log and local dir will be deleted and ResourceManager state will be formatted as part of Enabling/Disabling Kerberos. " what does it mean local dir and what all will be deleted and how does it related because YARN log will be deletion is acceptable but why local dir? Can you please provide some detailed clarification on this?
... View more
03-05-2019
04:45 AM
@Jay Kumar SenSharma, Thank you for your inputs. After running yum install commands the outcome will be krb5.conf file and i am already having the same file structure in my repository so can I directly go ahead with enabling Kerberos via Ambari and does the conf file will accept this? Regards, Manjunath P N
... View more
03-04-2019
07:54 PM
Hi @Jay Kumar SenSharma, Thank you for your inputs. When I am trying to install Kerberos using "yum install krb5-server krb5-libs krb5-workstation" it is failing to install with below error messages. https://fedora-mirror.zerocopy.io/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed connect to fedora-mirror.zerocopy.io:443; Connection refused" Trying other mirror. http://mirror.de.leaseweb.net/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2a00:c98:2030:a034::21: Network is unreachable" Trying other mirror. http://ftp.uni-stuttgart.de/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2001:7c0:2041:8::112: Network is unreachable" Trying other mirror. http://mirror.23media.de/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2a00:f48:1007::80: Network is unreachable" Trying other mirror. https://mirror.imt-systems.com/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2a01:7e0:0:201::10:20: Network is unreachable" Trying other mirror. ^Chttp://fedora.tu-chemnitz.de/pub/linux/fedora-epel/7/x86_64/repodata/repomd.xml: [Errno -1] Error importing repomd.xml for epel: Damaged repomd.xml file Trying other mirror. Error list keeps on increasing what could be the reason for this? Regards, Manjunath P N
... View more
02-28-2019
09:05 AM
@Geoffrey Shelton Okot, @mthiele, I want to install Kerberos on Hadoop cluster, i have seen the article Configuring Ambari and Hadoop for Kerberos using AD as the KDC - Video https://community.hortonworks.com/questions/103945/kerberos-setup-on-hdp-26.html and this is really helpful. I have couple of questions on this, 1.Do I need to install Kerberos via command line before starting this task? 2. Because i see krb5.conf file exists in my cluster and kerberos is not enabled, do I need to delete the conf files in all nodes and run"yum install -y krb5-server krb5-libs krb5-workstation" command then carry on the steps provided in the aboe article or i don't need to bother to about and straightaway start from Ambari for enabling process. 3. As per the official doc. https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/configuring_amb_hdp_for_kerberos.html we need to enable Kerberos from Ambari, Now i need a clear idea 1st do I need to install kerberos using yum command and then start enabling from Ambari.?? Best Regards and Thanks in advance, Manjunath P N
... View more
Labels:
02-28-2019
05:05 AM
Hi @mthiele, One quick question: Does ambari server and all other datanodes will have krb5.conf file by default? or it will be available under /etc folder only after we enabling kerberos via ambari? Because when I see in our prod env. krb5.file is available even though we did not enable. If yes, after Configuring KDC in Ambari does it change the conf for all nodes? Regards, Manjunath P N
... View more
02-11-2019
08:28 AM
@Geoffrey Shelton Okot, Could you please share the link for screenshot which you have attached. Regards, Manjunath P N
... View more
02-07-2019
03:07 PM
HI All, can somebody let me know which version of HDP supports Spark 2.4? and is that good idea to go to Spark 2.4 instead of 2.3? My Current versions:
HDP 2.6.3.0 Apache Ambari 2.6.0.0
HDFS 2.7.3 YARN 2.7.3 MapReduce2 2.7.3 Spark2 2.2.0 Any suggestions are welcome. Regards, Manjunath P N
... View more
Labels:
02-07-2019
07:22 AM
Same question from my side.
... View more
02-07-2019
06:56 AM
Hi @Geoffrey Shelton Okot, I too have the same question but if we are upgrading Spark 2.4 manually does it supports HDP with all other dependencies? Because as you have mentioned it has its own spark with version 2.3.2. Regards, Manjunath P N
... View more
01-29-2019
05:50 AM
Hi All, I need to setup SMTP server to enable Email notification via Ambari in my project. It's entirely a new project, can somebody let me know how to get a SMTP server and set it for further notifications. Any document which gives clear basics on SMTP and its pre-requisites for Ambari will be really helpful. Kind Regards, Manjunath P N
... View more
Labels:
- Labels:
-
Apache Ambari
01-02-2019
05:32 AM
Thank you very much for the detailed suggestions. I will keep you updated on the results, this is really useful.
... View more