About TerryP

TerryP · ‎10-22-2015

Yes, do check ALL the HDP configurations and make sure the physical memory is not overcommitted. The possibility of a rouge process consuming memory on the node is still there but that may not be in your control.

TerryP · ‎10-21-2015

This is prime RunBook material!

TerryP · ‎10-21-2015

paul@hortonworks.com The AD config was a bit tricky at the client site and one of our failed Kerborization attempts created an LDAP entry. The naming convention lined up with the above structure, so we deleted the entry and waited for the deletion to replicate. Then we gave it another shot and were successful.

TerryP · ‎10-21-2015

To follow up, the user was created earlier and once the AD administrator deleted it we were able to proceed. We must have had an earlier failure that did not clean up well. This seems to indicate the Kerberos setup is not; 1) doing a check of existing users first, and 2) not attempting to do a delete existing/create again operation, instead of a create.

TerryP · ‎10-21-2015

If this is for a Kerborized cluster, you can create rules in the auth_to_local setting under the REALMS configuration section of the krb5.conf file. You would have to tinker with the Advanced krb5 configuration settings in Ambari to create and propogate the rules. The rules can use the incoming AD id and manipulate it as you need. The MIT documentation has a few examples at http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html

TerryP · ‎10-20-2015

javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00002071: UpdErr: DSID-0305038D, problem 6005 (ENTRY_EXISTS), data 0 ^@]; remaining name 'cn=prodcluster-102015,ou=Hadoop,dc=corp,dc=ds,dc=client,dc=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3082) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:811) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266) at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:202) at org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandler.createPrincipal(ADKerberosOperationHandler.java:319)

TerryP · ‎10-20-2015

The dependencies on RHEL EPEL have been removed for an HDP install. Back in the old days with HDP 1.x, there was a dependency for some time.

TerryP · ‎10-19-2015

When a cluster is kerborized using Active Directory as the KDC, the service principals are created in the AD OU for the Hadoop realm. If a service, such as Storm, is removed from the cluster will this cause the entry in Active Directory to be removed as well?

TerryP · ‎10-18-2015

A client asks this question "I see objects in AD. These objects are AD user objects with the password set to next expire. Do you know what default password is used on these accounts on the AD side?"

TerryP · ‎10-15-2015

Not the first time, but Oozie was the second time.

Online	Offline
Last Visited	‎12-31-2024 11:10 AM

Member Since	‎06-06-2019 07:42 AM
Last Visited	‎12-31-2024 11:10 AM
Posts	81
Kudos received	58

Cloudera Community

Re: Installing Ambari with zero internet on Ubuntu

Re: HDP Search

Re: How to execute multiple SQL queries with Sqoop...

Re: Ambari Kerberos Wizard: Zookeeper service won'...

Re: Oracle 12c upgrade steps using Ambari 2.1.2.1

Re: One dead big job blocks all jobs

Re: What is the lifecycle of users created with Am...

Re: Why does LDAP think the user already exists? ...

Re: Why does LDAP think the user already exists? ...

Re: With Ambari AD management is it possible to ha...

Why does LDAP think the user already exists? This...

Re: Does the latest HDP installation depends on th...

When a service is removed from a kerborized cluste...

When principals are created in Active Directory du...

Re: How do you cancel the Resource Manager HA wiza...