Member since
04-03-2019
962
Posts
1743
Kudos Received
146
Solutions
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 15017 | 03-08-2019 06:33 PM | |
| 6180 | 02-15-2019 08:47 PM | |
| 5101 | 09-26-2018 06:02 PM | |
| 12609 | 09-07-2018 10:33 PM | |
| 7448 | 04-25-2018 01:55 AM |
08-12-2016
05:17 AM
@Robert Levas - DEFAULT at the middle worked when I tried this setup. I checked given article and I agree that modifying dfs.namenode.kerberos.principal.pattern was somehow missed while writing this article. I will add that missing step now. Thank you! 🙂
... View more
08-11-2016
07:16 AM
7 Kudos
How to setup cross realm trust between two MIT KDC – In this post, we will see how to setup cross realm trust between two MIT KDC. We can access and copy data from one cluster to another if the cross realm trust is setup correctly. . In our example, we have 2 clusters with same HDP version(2.4.2.0) and Ambari version(2.2.2.0) . Cluster 1: 172.26.68.47 hwx-1.hwx.com hwx-1
172.26.68.46 hwx-2.hwx.com hwx-2
172.26.68.45 hwx-3.hwx.com hwx-3
Cluster 2: 172.26.68.48 support-1.support.com support-1
172.26.68.49 support-2.support.com support-2
172.26.68.50 support-3.support.com support-3 . Below are the steps: . Step 1: Make sure both the clusters are kerberized with MIT KDC. You can use below automated script for configuring Kerberos on HDP. https://community.hortonworks.com/articles/29203/automated-kerberos-installation-and-configuration.html . Step 2: Please configure /etc/hosts file on both the clusters to have Ip <-> hostname mappings. Example: On both clusters /etc/hosts file should look like below: 172.26.68.47 hwx-1.hwx.com hwx-1
172.26.68.46 hwx-2.hwx.com hwx-2
172.26.68.45 hwx-3.hwx.com hwx-3
172.26.68.48 support-1.support.com support-1
172.26.68.49 support-2.support.com support-2
172.26.68.50 support-3.support.com support-3 . Step 3: Configure krb5.conf: . 3.1 Configure [realm] section to add another cluster’s KDC server details – This is required to find KDC to authenticate user which belongs to another cluster. Example on Cluster1: [realms]
HWX.COM = {
admin_server = hwx-1.hwx.com
kdc = hwx-1.hwx.com
}
SUPPORT.COM = {
admin_server = support-1.support.com
kdc = support-1.support.com
}
. 3.2 Configure [domain_realm] section to add another cluster’s domain <-> realm mapping. [domain_realm]
.hwx.com = HWX.COM
hwx.com = HWX.COM
.support.com = SUPPORT.COM
support.com = SUPPORT.COM . 3.3 Configure [capaths] to add another cluster’s realm [capaths]
HWX.COM = {
SUPPORT.COM = .
} On Cluster 1, the krb5.conf should look like below: [libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = HWX.COM
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
HWX.COM = {
admin_server = hwx-1.hwx.com
kdc = hwx-1.hwx.com
}
SUPPORT.COM = {
admin_server = support-1.support.com
kdc = support-1.support.com
}
[domain_realm]
.hwx.com = HWX.COM
hwx.com = HWX.COM
.support.com = SUPPORT.COM
support.com = SUPPORT.COM
[capaths]
HWX.COM = {
SUPPORT.COM = .
} Note – Please copy modified /etc/krb5.conf to all the nodes in Cluster 1 . Similarly on Cluster2, the krb5.conf should look like below: [libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = SUPPORT.COM
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
SUPPORT.COM = {
admin_server = support-1.support.com
kdc = support-1.support.com
}
HWX.COM = {
admin_server = hwx-1.hwx.com
kdc = hwx-1.hwx.com
}
[domain_realm]
.hwx.com = HWX.COM
hwx.com = HWX.COM
.support.com = SUPPORT.COM
support.com = SUPPORT.COM
[capaths]
SUPPORT.COM = {
HWX.COM = .
} Note – Please copy modified /etc/krb5.conf to all the nodes in Cluster 2 . Step 4: Modify below property in hdfs-site.xml on a cluster from where you want to execute distcp command ( specifically speaking - client side ) dfs.namenode.kerberos.principal.pattern=* . Step 5: Add a common trust principal in both the KDCs. Please keep same password for both the principals . On Cluster 1 and 2, execute below commands in kadmin utility: addprinc krbtgt/HWX.COM@SUPPORT.COM
addprinc krbtgt/SUPPORT.COM@HWX.COM . Step 6: Configure auth_to_local rules on both the clusters: . On Cluster1, append auth_to_local rules from Cluster2 Example on Cluster 1: RULE:[1:$1@$0](ambari-qa-hadoop@HWX.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs-hadoop@HWX.COM)s/.*/hdfs/
RULE:[1:$1@$0](spark-hadoop@HWX.COM)s/.*/spark/
RULE:[1:$1@$0](.*@HWX.COM)s/@.*//
RULE:[2:$1@$0](dn@HWX.COM)s/.*/hdfs/
RULE:[2:$1@$0](hive@HWX.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@HWX.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@HWX.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@HWX.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@HWX.COM)s/.*/hdfs/
RULE:[2:$1@$0](rm@HWX.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@HWX.COM)s/.*/yarn/
DEFAULT
RULE:[1:$1@$0](ambari-qa-support@SUPPORT.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs-support@SUPPORT.COM)s/.*/hdfs/
RULE:[1:$1@$0](spark-support@SUPPORT.COM)s/.*/spark/
RULE:[1:$1@$0](.*@SUPPORT.COM)s/@.*//
RULE:[2:$1@$0](dn@SUPPORT.COM)s/.*/hdfs/
RULE:[2:$1@$0](hive@SUPPORT.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@SUPPORT.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@SUPPORT.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@SUPPORT.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@SUPPORT.COM)s/.*/hdfs/
RULE:[2:$1@$0](rm@SUPPORT.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@SUPPORT.COM)s/.*/yarn/
. On Cluster2, append auth_to_local rules from Cluster1 Example on Cluster 2: RULE:[1:$1@$0](ambari-qa-support@SUPPORT.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs-support@SUPPORT.COM)s/.*/hdfs/
RULE:[1:$1@$0](spark-support@SUPPORT.COM)s/.*/spark/
RULE:[1:$1@$0](.*@SUPPORT.COM)s/@.*//
RULE:[2:$1@$0](dn@SUPPORT.COM)s/.*/hdfs/
RULE:[2:$1@$0](hive@SUPPORT.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@SUPPORT.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@SUPPORT.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@SUPPORT.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@SUPPORT.COM)s/.*/hdfs/
RULE:[2:$1@$0](rm@SUPPORT.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@SUPPORT.COM)s/.*/yarn/
DEFAULT
RULE:[1:$1@$0](ambari-qa-hadoop@HWX.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs-hadoop@HWX.COM)s/.*/hdfs/
RULE:[1:$1@$0](spark-hadoop@HWX.COM)s/.*/spark/
RULE:[1:$1@$0](.*@HWX.COM)s/@.*//
RULE:[2:$1@$0](dn@HWX.COM)s/.*/hdfs/
RULE:[2:$1@$0](hive@HWX.COM)s/.*/hive/
RULE:[2:$1@$0](jhs@HWX.COM)s/.*/mapred/
RULE:[2:$1@$0](jn@HWX.COM)s/.*/hdfs/
RULE:[2:$1@$0](nm@HWX.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@HWX.COM)s/.*/hdfs/
RULE:[2:$1@$0](rm@HWX.COM)s/.*/yarn/
RULE:[2:$1@$0](yarn@HWX.COM)s/.*/yarn/ . Step 7: Login to Cluster 2, do a kinit by local user and try to access hdfs files of Cluster 1 Example: hdfs dfs -ls hdfs://hwx-2.hwx.com:8020/tmp
Found 8 items
drwx------ - ambari-qa hdfs 0 2016-07-29 23:24 hdfs://hwx-2.hwx.com:8020/tmp/ambari-qa
drwxr-xr-x - hdfs hdfs 0 2016-07-29 22:02 hdfs://hwx-2.hwx.com:8020/tmp/entity-file-history
drwx-wx-wx - ambari-qa hdfs 0 2016-07-29 23:25 hdfs://hwx-2.hwx.com:8020/tmp/hive
-rwxr-xr-x 3 hdfs hdfs 1414 2016-07-29 23:50 hdfs://hwx-2.hwx.com:8020/tmp/id1aac2d44_date502916
-rwxr-xr-x 3 ambari-qa hdfs 1414 2016-07-29 23:26 hdfs://hwx-2.hwx.com:8020/tmp/idtest.ambari-qa.1469834803.19.in
-rwxr-xr-x 3 ambari-qa hdfs 957 2016-07-29 23:26 hdfs://hwx-2.hwx.com:8020/tmp/idtest.ambari-qa.1469834803.19.pig
drwxr-xr-x - ambari-qa hdfs 0 2016-07-29 23:53 hdfs://hwx-2.hwx.com:8020/tmp/tezsmokeinput Note – hwx-2.hwx.com is the Active Namenode of Cluster 1. . You can try copying files from Cluster 2 to Cluster 1 using distcp Example: [kuldeepk@support-1 root]$ hadoop distcp hdfs://hwx-1.hwx.com:8020/tmp/test.txt /tmp/
16/07/30 22:03:27 INFO tools.DistCp: Input Options: DistCpOptions{atomicCommit=false, syncFolder=false, deleteMissing=false, ignoreFailures=false, maxMaps=20, sslConfigurationFile='null', copyStrategy='uniformsize', sourceFileListing=null, sourcePaths=[hdfs://hwx-1.hwx.com:8020/tmp/test.txt], targetPath=/tmp, targetPathExists=true, preserveRawXattrs=false}
16/07/30 22:03:27 INFO impl.TimelineClientImpl: Timeline service address: http://support-3.support.com:8188/ws/v1/timeline/
16/07/30 22:03:27 INFO client.RMProxy: Connecting to ResourceManager at support-3.support.com/172.26.68.50:8050
16/07/30 22:03:28 INFO hdfs.DFSClient: Created HDFS_DELEGATION_TOKEN token 20 for kuldeepk on 172.26.68.47:8020
16/07/30 22:03:28 INFO security.TokenCache: Got dt for hdfs://hwx-1.hwx.com:8020; Kind: HDFS_DELEGATION_TOKEN, Service: 172.26.68.47:8020, Ident: (HDFS_DELEGATION_TOKEN token 20 for kuldeepk)
16/07/30 22:03:29 INFO impl.TimelineClientImpl: Timeline service address: http://support-3.support.com:8188/ws/v1/timeline/
16/07/30 22:03:29 INFO client.RMProxy: Connecting to ResourceManager at support-3.support.com/172.26.68.50:8050
16/07/30 22:03:29 INFO hdfs.DFSClient: Created HDFS_DELEGATION_TOKEN token 24 for kuldeepk on ha-hdfs:support
16/07/30 22:03:29 INFO security.TokenCache: Got dt for hdfs://support; Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:support, Ident: (HDFS_DELEGATION_TOKEN token 24 for kuldeepk)
16/07/30 22:03:29 INFO mapreduce.JobSubmitter: number of splits:1
16/07/30 22:03:29 INFO mapreduce.JobSubmitter: Submitting tokens for job: job_1469916118318_0003
16/07/30 22:03:29 INFO mapreduce.JobSubmitter: Kind: HDFS_DELEGATION_TOKEN, Service: 172.26.68.47:8020, Ident: (HDFS_DELEGATION_TOKEN token 20 for kuldeepk)
16/07/30 22:03:29 INFO mapreduce.JobSubmitter: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:support, Ident: (HDFS_DELEGATION_TOKEN token 24 for kuldeepk)
16/07/30 22:03:30 INFO impl.YarnClientImpl: Submitted application application_1469916118318_0003
16/07/30 22:03:31 INFO mapreduce.Job: The url to track the job: http://support-3.support.com:8088/proxy/application_1469916118318_0003/
16/07/30 22:03:31 INFO tools.DistCp: DistCp job-id: job_1469916118318_0003
16/07/30 22:03:31 INFO mapreduce.Job: Running job: job_1469916118318_0003
16/07/30 22:03:43 INFO mapreduce.Job: Job job_1469916118318_0003 running in uber mode : false
16/07/30 22:03:43 INFO mapreduce.Job: map 0% reduce 0%
16/07/30 22:03:52 INFO mapreduce.Job: map 100% reduce 0%
16/07/30 22:03:53 INFO mapreduce.Job: Job job_1469916118318_0003 completed successfully
16/07/30 22:03:53 INFO mapreduce.Job: Counters: 32
File System Counters
FILE: Number of bytes read=0
FILE: Number of bytes written=142927
FILE: Number of read operations=0
FILE: Number of large read operations=0
FILE: Number of write operations=0
HDFS: Number of bytes read=346
HDFS: Number of bytes written=45
HDFS: Number of read operations=12
HDFS: Number of large read operations=0
HDFS: Number of write operations=2
Job Counters
Launched map tasks=1
Other local map tasks=1
Total time spent by all maps in occupied slots (ms)=14324
Total time spent by all reduces in occupied slots (ms)=0
Total time spent by all map tasks (ms)=7162
Total vcore-seconds taken by all map tasks=7162
Total megabyte-seconds taken by all map tasks=7333888
Map-Reduce Framework
Map input records=1
Map output records=1
Input split bytes=118
Spilled Records=0
Failed Shuffles=0
Merged Map outputs=0
GC time elapsed (ms)=77
CPU time spent (ms)=1210
Physical memory (bytes) snapshot=169885696
Virtual memory (bytes) snapshot=2337554432
Total committed heap usage (bytes)=66584576
File Input Format Counters
Bytes Read=228
File Output Format Counters
Bytes Written=45
org.apache.hadoop.tools.mapred.CopyMapper$Counter
BYTESSKIPPED=0
SKIP=1 Note – hwx-1.hwx.com is the Active Namenode of Cluster 1. . Please comment if you have any feedback/questions/suggestions. Happy Hadooping!! 🙂 References: http://crazyadmins.com https://community.hortonworks.com/articles/18686/kerberos-cross-realm-trust-for-distcp.html
... View more
Labels:
08-11-2016
06:29 AM
5 Kudos
@zkfs What version of HDP are you using? NN on older HDP versions has some issues while rendering blockstate related stuff in logs. Please have a look at your hdfs-audit logs to see number of operations per second. Also, please check below documentation to set recommended heap size according to total number of files: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_installing_manually_book/content/ref-80953924-1cbf-4655-9953-1e744290a6c3.1.html
... View more
08-10-2016
08:35 PM
4 Kudos
@Husnain Bustam It is safe to run the balancer while other jobs are running if you have default value of dfs.datanode.balance.bandwidthPerSec=1048576 Bytes per second. It is recommended that run the balancer periodically ( may be once per week ) when there is less load on your cluster ( preferably on Weekends ). It is also safe to kill running balancer anytime if it is causing any impact on running jobs etc. Below are some helpful links: https://community.hortonworks.com/articles/43849/hdfs-balancer-2-configurations-cli-options.html https://community.hortonworks.com/articles/26518/hadoop-cluster-maintenance.html https://community.hortonworks.com/articles/43615/hdfs-balancer-1-100x-performance-improvement.html
... View more
08-10-2016
04:31 AM
@Nikolai Grigoriev Glad to see that it worked! Please let us know in case of any further issues. HCC is always there for you! 🙂
... View more
08-10-2016
12:28 AM
3 Kudos
@Nikolai Grigoriev Can you please let us know if you are using same workflow.xml for this coordinator, I see that you have set below property in your coorinator.xml <property>
<name>oozie.action.sharelib.for.map-reduce</name>
<value>zookeeper,hbase,myapp</value>
</property> This property will work for your workflow.xml as you have 'map-reduce' action in it ( notice action name after for in your property ) e.g. - oozie.action.sharelib.for.<action-name> Also please add below property in your job.propeties oozie.use.system.libpath=true Other alternative way is to place required jars in ${applicationPath}/lib directory. those jars will get picked up by Oozie automatically. Please do let us know if it still fails with provided info.
... View more
08-08-2016
05:24 AM
4 Kudos
@zkfs
In addition to answers given. 1) During Installation of Ambari WI it has asked for packages Ambari is completely different RPM in different repo. If you want to check dependency for any rpm then you can run below commands: example: [root@kknode3 ~]# rpm -qR hadoop_2_4_2_0_258-hdfs-2.7.1.2.4.2.0-258.el6.x86_64
hadoop_2_4_2_0_258 = 2.7.1.2.4.2.0-258.el6
bigtop-jsvc
/bin/sh
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <= 3.0.4-1
/bin/bash
/bin/sh
/usr/bin/env
rpmlib(PayloadIsXz) <= 5.2-1 example 2: [root@kknode3 ~]# rpm -qR hadoop_2_4_2_0_258-client-2.7.1.2.4.2.0-258.el6.x86_64
hadoop_2_4_2_0_258 = 2.7.1.2.4.2.0-258.el6
hadoop_2_4_2_0_258-hdfs = 2.7.1.2.4.2.0-258.el6
hadoop_2_4_2_0_258-yarn = 2.7.1.2.4.2.0-258.el6
hadoop_2_4_2_0_258-mapreduce = 2.7.1.2.4.2.0-258.el6
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadIsXz) <= 5.2-1 Same thing using yum command: [root@kknode3 ~]# yum deplist hadoop_2_4_2_0_258-client-2.7.1.2.4.2.0-258.el6.x86_64
Loaded plugins: fastestmirror
Finding dependencies:
Loading mirror speeds from cached hostfile
HDP-2.4 | 2.9 kB 00:00
HDP-UTILS-1.1.0.20 | 2.9 kB 00:00
Updates-ambari-2.2.2.0 | 2.9 kB 00:00
base | 3.7 kB 00:00
epel | 4.3 kB 00:00
epel/primary_db | 5.9 MB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
package: hadoop_2_4_2_0_258-client.x86_64 2.7.1.2.4.2.0-258.el6
dependency: hadoop_2_4_2_0_258 = 2.7.1.2.4.2.0-258.el6
provider: hadoop_2_4_2_0_258.x86_64 2.7.1.2.4.2.0-258.el6
dependency: hadoop_2_4_2_0_258-hdfs = 2.7.1.2.4.2.0-258.el6
provider: hadoop_2_4_2_0_258-hdfs.x86_64 2.7.1.2.4.2.0-258.el6
dependency: hadoop_2_4_2_0_258-yarn = 2.7.1.2.4.2.0-258.el6
provider: hadoop_2_4_2_0_258-yarn.x86_64 2.7.1.2.4.2.0-258.el6
dependency: hadoop_2_4_2_0_258-mapreduce = 2.7.1.2.4.2.0-258.el6
provider: hadoop_2_4_2_0_258-mapreduce.x86_64 2.7.1.2.4.2.0-258.el6
[root@kknode3 ~]# Hope this information helps. Please do let us know if anything is un-clear. HCC is always there for you 🙂
... View more
08-08-2016
05:03 AM
3 Kudos
@vijay kadel
looks like your Datanode is not at all responding. Close wait connections indicates that client side has initiated connection close(FIN M signal) however Datanode is still trying to close it or its unresponsive hence those will stay in close_wait state for infinite time(never initiate ACK M+1). Please check carefully if Datanode process has become zombie ( if netstat shows '-' instead of process ID ) Below is the sample diagram for how 4 way TCP close works( image reference - http://jason4zhu.blogspot.com 😞 @Arpit Agarwal - Please feel free to correct me if anything is missed.
... View more
08-08-2016
03:24 AM
4 Kudos
@Zach Kirsch You can get Ambari server hostname from ambari-agent.ini file. example: [root@kknode3 ~]# cat /etc/ambari-agent/conf/ambari-agent.ini |grep -i host
hostname = kknode1.openstacklocal
... View more