@adhishankarit  @VR46  @zaun : i think this is also relevant to previous issue. After getting valid kerberos ticket for the user still facing the same , Knox SSO is enforced here. When using: # curl -k -u "k164prda:ep8gv=rG" https://sitlxdvdlap099.saibsit.com:8443/gateway/knoxsso/api/v1/websso -> Gives no result # curl -k -u k164prda https://sitlxdvdlap099.saibsit.com:8443/gateway/knoxsso/api/v1/token -> Gives no result # curl -k -v --negotiate -u : https://sitlxdvdlap099.saibsit.com:8443/gateway/cdp-proxy/oozie/v2/admin/status HTTP/1.1 302 Found 1-What exact Cloudera Manager configurations are required to enable Kerberos (SPNEGO) authentication for Knox API access (non-browser) or browser , so that curl --negotiate is honored instead of redirecting to KnoxSSO? 2-What are the exact prerequisites for enabling /gateway/knoxsso/api/v1/token in CDP? not able to generate token please share specific commands if you want me to try. For our use case triggering oozie workflow using REST API from within cluster and from  Informatica DEI server , or which method is supported when Knox SSO is enabled? ... View more

With these haproxy parameters, HA doesn't actually work. It shows the active nn, then the standby ... View more

Hi team, I want to configuration "yarn-user/hdp01-node.lab.contoso.com@LAB.CONTOSO.COM" to "yarn-user" "yarn-user/hdp02-node.lab.contoso.com@LAB.CONTOSO.COM" to "yarn-user" "yarn-user/hdp03-node.lab.contoso.com@LAB.CONTOSO.COM" to "yarn-user" Please given a rule advidor. Thanks ... View more

@kpalanisamy  ➤ We also have a alternate hbase shell native approach through which we can determine the RegionName and RegionServer from the rowkey $ locate_region 'namespace:tablename','rowkey'  HOST                             REGION Regionserver-name:16 {ENCODED => regionName, NAME => 'namespace:tablename,rowkey.regionName.', STARTKEY => 'f0046', ENDKEY => 'f0245cf'}  1 row(s)  Took 0.6760 seconds  => #<Java::OrgApacheHadoopHbase::HRegionLocation:0x4070c4ff>   ... View more

Please try the below steps, this can happen if /tmp mount point is mounted with noexec option... - Create a new directory under any directory(ex /data/tmp) with exec permission and to test provide 777 permissions for newly created dir. - Update the config in zeppelin config as below and restart the zeppelin. CM UI --> Zeppelin --> Config --> "Zeppelin Server Advanced Configuration Snippet (Safety Valve) for zeppelin-conf/zeppelin-env.sh" --> Add export ZEPPELIN_JAVA_OPTS="-Djava.io.tmpdir=<directory name>" example: export ZEPPELIN_JAVA_OPTS="-Djava.io.tmpdir=/data/tmp" - Save changes and restart zeppelin server and verify the login   ... View more

Do you know what encryption algorithm the Hadoop Credential Store uses? I need to encrypt the LDAP password with AES-256 algorithm. ... View more

@VidyaSargur Thanks, will open a new thread.  ... View more

Hello  @jstraub , Can you please share the script? Many thanks in advance!. ... View more

Hi,    has anyone get this running and can post an running example ?    thx marcel      ... View more