Member since
06-06-2019
81
Posts
58
Kudos Received
11
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1478 | 10-04-2019 07:24 AM | |
1783 | 12-12-2016 03:07 PM | |
3927 | 12-07-2016 03:41 PM | |
4048 | 07-12-2016 02:49 PM | |
1427 | 03-04-2016 02:35 PM |
10-22-2015
01:40 PM
Yes, do check ALL the HDP configurations and make sure the physical memory is not overcommitted. The possibility of a rouge process consuming memory on the node is still there but that may not be in your control.
... View more
10-21-2015
03:02 PM
This is prime RunBook material!
... View more
10-21-2015
03:01 PM
paul@hortonworks.com The AD config was a bit tricky at the client site and one of our failed Kerborization attempts created an LDAP entry. The naming convention lined up with the above structure, so we deleted the entry and waited for the deletion to replicate. Then we gave it another shot and were successful.
... View more
10-21-2015
02:38 PM
1 Kudo
To follow up, the user was created earlier and once the AD administrator deleted it we were able to proceed. We must have had an earlier failure that did not clean up well. This seems to indicate the Kerberos setup is not; 1) doing a check of existing users first, and 2) not attempting to do a delete existing/create again operation, instead of a create.
... View more
10-21-2015
01:30 PM
If this is for a Kerborized cluster, you can create rules in the auth_to_local setting under the REALMS configuration section of the krb5.conf file. You would have to tinker with the Advanced krb5 configuration settings in Ambari to create and propogate the rules. The rules can use the incoming AD id and manipulate it as you need. The MIT documentation has a few examples at http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
... View more
10-20-2015
08:13 PM
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00002071: UpdErr: DSID-0305038D, problem 6005 (ENTRY_EXISTS), data 0
^@]; remaining name 'cn=prodcluster-102015,ou=Hadoop,dc=corp,dc=ds,dc=client,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:811)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:202)
at org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandler.createPrincipal(ADKerberosOperationHandler.java:319)
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Hadoop
-
Kerberos
10-20-2015
05:01 PM
1 Kudo
The dependencies on RHEL EPEL have been removed for an HDP install. Back in the old days with HDP 1.x, there was a dependency for some time.
... View more
10-19-2015
07:01 PM
When a cluster is kerborized using Active Directory as the KDC, the service principals are created in the AD OU for the Hadoop realm. If a service, such as Storm, is removed from the cluster will this cause the entry in Active Directory to be removed as well?
... View more
Labels:
- Labels:
-
Apache Hadoop
-
Apache Storm
10-18-2015
02:47 PM
1 Kudo
A client asks this question "I see objects in AD. These objects are AD user objects with the password set to next expire. Do you know what default password is used on these accounts on the AD side?"
... View more
Labels:
- Labels:
-
Kerberos
10-15-2015
07:17 PM
Not the first time, but Oozie was the second time.
... View more
- « Previous
- Next »