Member since
04-09-2019
254
Posts
140
Kudos Received
34
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1536 | 05-22-2018 08:32 PM | |
10678 | 03-15-2018 02:28 AM | |
2837 | 08-07-2017 07:23 PM | |
3702 | 07-27-2017 05:22 PM | |
2003 | 07-27-2017 05:16 PM |
08-14-2017
09:49 PM
@Chaithanya Mahasamudram, The Knox HBase doc link in my answer above has the examples that you are looking for. Thanks.
... View more
08-07-2017
07:23 PM
@suresh krish, The error is because there is no attribute by name 'policyName'. Moreover, the policies are exported / imported at service repository level, not at an individual policy level. For your reference, I'm attaching two exported service repo json - HDFS and Hive. Hope this helps !
... View more
07-31-2017
05:08 AM
@Mazin Mohammed Great to hear that your problem has been resolved. If you find my reply useful, please accept it as answer, so that other facing similar issue can know what to look for. Thanks.
... View more
07-27-2017
05:22 PM
Hello @Mazin Mohammed, Thanks for taking time to write a detailed question. It looks like that the problem is not with Oozie keytab but spnego (HTTP) keytab. Please see if you can run this and share output here: kinit <end-user>
kvno HTTP/oozie1001.example.com@EXAMPLE.COM
klist -eaf
klist -kte /etc/security/keytabs/spnego.service.keytab
getprinc HTTP/oozie1001.example.com@EXAMPLE.COM Regards.
... View more
07-27-2017
05:16 PM
Hello @Chaithanya Mahasamudram, Not clear on how do you intend to use this in Python, but HBase via Knox can be accessed via HBase DSL, Client DSL and REST APIs (cURL). Please check this Knox HBase doc if that helps you out. Thanks.
... View more
07-26-2017
10:03 PM
8 Kudos
Hello @Ifat Syed, In the context of Hortonworks universe, here are some good resources: 1. Short video explaining the concept 2. Full blown tutorial Hope this helps !
... View more
07-24-2017
09:47 PM
1 Kudo
Hello @Uday Pai, Knox does not provide any REST interface to modify the LDAP objects. You will need to use LDAP APIs and contact LDAP server directly. Hope this helps!
... View more
07-22-2017
05:55 PM
1 Kudo
Hello @Mazin Mohammed, Yes, this looks like to be related to TGT renewal for NameNode credential. That's why it starts working when you restart (forces to get new NN credential). The quickest way to check would be to get a ticket for nn/<host> principal and do klist like this: # kinit -kt <nn.service.keytab> nn/<host>
# klist -eaf The output above should give us some pointers. Please post the output here for all of us to see. Hope this helps!
... View more
07-22-2017
12:42 AM
@Vishwanath Voruganti, If the RC4-HMAC encryption type was present in keytab then the other reason could be stale keytab. That should get resolved once you regenerate the keytab. Other than these two, I don't see any reasons to get this specific error: Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC Hope this helps!
... View more
07-20-2017
10:38 PM
Hello @mravipati, In order to decrypt an EEK, first you'll need to generate one. Here's what is working for me: 1. Generate EEK # curl --negotiate -u : -iv -X GET "http://<kms-host-fqdn>:9292/kms/v1/key/hr1-ez-key/_eek?eek_op=generate&num_keys=1" 2. Store the EEK data into a json: # cat eek.json
{
"name" : "hr1-ez-key",
"iv" : "38Eb8nTxxxxxUG7Rc6_wrA",
"material" : "K8Q0bv8Hxxxxxxn9ByVnT-xxx-Bmwxxxxxy1buCk"
} 3. Call decrypt EEK while passing above EEK data: # curl --negotiate -u : -iv -X POST -H "Content-Type: application/json" -d @./eek.json "http://<kms-host-fqdn>:9292/kms/v1/keyversion/hr1-ez-key@0/_eek?eek_op=decrypt" Please note the change in REST URL and keyname while making decrypt request. The error you are getting is because you are trying to do a GET request on a URL which is expecting a POST request. Hope this helps!
... View more