Cloudera Community
VR46
user rank
user rank
Guru

Re: Sync ldap problem

by Explorer in Support Questions
‎04-02-2020 10:23 PM
‎04-02-2020 10:23 PM
It looks like an  OU issue. OU in AD and ranger should be the same for a group or a user.   ... View more

Re: Truststore Keystore Certificate error when usi...

by Explorer in Support Questions
‎02-06-2020 06:57 PM
‎02-06-2020 06:57 PM
Hi @justin_brock  Believe you were able to fix certificate issue ? I'm have enables ssl for NIFI in CDF but facing "ERR_BAD_SSL_CLIENT_AUTH_CERT" here is link to my question of community    https://community.cloudera.com/t5/Support-Questions/Unable-to-open-NIFI-web-UI-after-TLS/m-p/289190#M214098   could you please help me with steps you followed to resolve issue ? ... View more

Re: "Test Connection" for ranger kms repository fa...

by Community Manager Community Manager in Support Questions
‎09-20-2019 06:28 AM
‎09-20-2019 06:28 AM
I found the Ranger KMS Admin Guide for HDP 2.4.0, hopefully this is what you are looking for. ... View more

Re: Zookeeper Health Checks

by New Member in Community Articles
‎10-08-2018 12:38 PM
‎10-08-2018 12:38 PM
Is there any configuration parameter related to heap configuration for n number of watches and znode count ? ... View more

Re: yarn can read/write to hdfs, but cannot execut...

by Expert Contributor in Support Questions
‎03-16-2018 10:25 AM
‎03-16-2018 10:25 AM
Hi @Jinyu Li your issue is likely produced by Hive Permission Inheritance. After creating the tables, the Sqoop app tries to change the owner/mode of the created HDFS files. Ranger permissions (even rwx) do not give rights to change POSIX owner/mode, which is why the operation fails. Such failure is classified as "EXECUTE" action by Ranger. You can find more details in the HDFS Audit log, stored locally on the NameNode. Solution: Could you please try to set "hive.warehouse.subdir.inherit.perms" to false and re-run the job? This stops Hive Imports from trying to set permissions, which is fine when Ranger is the primary source of authorization. see https://cwiki.apache.org/confluence/display/Hive/Permission+Inheritance+in+Hive for more details. Best, Benjamin ... View more

Re: How to debug Hive2 beeline ?

by Rising Star Rising Star in Support Questions
‎03-13-2018 09:49 PM
5 Kudos
‎03-13-2018 09:49 PM
5 Kudos
For full stack of error message from hive you could look into hiveserver log like @Slim was mentioning. Since hive interactive is enabled I believe you should look into hsihiveserver log on the node where HiveServer2 Interactive is running ... View more

Re: Ranger Knox Plugin is failing in test connecti...

by Guru Guru in Support Questions
‎03-15-2018 09:45 PM
‎03-15-2018 09:45 PM
That's correct @GN_Exp. If you want to do SLA in Knox via Ranger plugin then you'd need kerberos too. ... View more

Re: Apache Knox Ambari Cluster Monitoring

by Guru Guru in Community Articles
‎12-20-2017 06:33 PM
‎12-20-2017 06:33 PM
@Phil Zampino, this is a really informative and valuable article. Thanks for writing. Keep it up ! ... View more

Re: Disabling TLSv1 & TLS1.1 - Enabling TLSv1.2

by New Member in Support Questions
‎06-13-2019 10:13 AM
‎06-13-2019 10:13 AM
Hey @Vipin Rathor I'm running Ambari 2.7.X on my cluster and I want to disable all protocols but TLSv1.2 Following you suggestion, I've added the following to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1.0|TLSv1.1. Yet, after restarting the server and running a SSL scanner tool, it still marks both TLSv1.0 and TLSv1.1 valid. Could you please help? Thanks, Tomer ... View more

Re: KMS throws exceptions

by Guru Guru in Support Questions
‎07-20-2017 10:38 PM
‎07-20-2017 10:38 PM
Hello @mravipati, In order to decrypt an EEK, first you'll need to generate one. Here's what is working for me: 1. Generate EEK # curl --negotiate -u : -iv -X GET "http://<kms-host-fqdn>:9292/kms/v1/key/hr1-ez-key/_eek?eek_op=generate&num_keys=1" 2. Store the EEK data into a json: # cat eek.json { "name" : "hr1-ez-key", "iv" : "38Eb8nTxxxxxUG7Rc6_wrA", "material" : "K8Q0bv8Hxxxxxxn9ByVnT-xxx-Bmwxxxxxy1buCk" } 3. Call decrypt EEK while passing above EEK data: # curl --negotiate -u : -iv -X POST -H "Content-Type: application/json" -d @./eek.json "http://<kms-host-fqdn>:9292/kms/v1/keyversion/hr1-ez-key@0/_eek?eek_op=decrypt" Please note the change in REST URL and keyname while making decrypt request. The error you are getting is because you are trying to do a GET request on a URL which is expecting a POST request. Hope this helps! ... View more
Contact Me
Online
Offline
Last Visited
‎06-24-2022 07:48 AM
Community Statistics
Member Since ‎04-09-2019 11:21 AM
Last Visited ‎06-24-2022 07:48 AM
Posts 254
Kudos received 140