Hi @Diego J, I guess thats a bug in Ambari. can you please use this to update the value of dfs.permissions.superusergroup . /var/lib/ambari-server/resources/scripts/configs.py -l <AMBARI_HOSTNAME> -t 8080 -u <USER_NAME> -p <PASSWORD> -a <GET/SET/DELETE> -n <CLUSTER_NAME> -c <CONFIG_TYPE> -k <KEY> -v <VALUE> for ex : [root@asnaik-asnaik1 ~]# /var/lib/ambari-server/resources/scripts/configs.py --help Usage: configs.py [options] Options: -h, --help show this help message and exit -t PORT, --port=PORT Optional port number for Ambari server. Default is '8080'. Provide empty string to not use port. -s PROTOCOL, --protocol=PROTOCOL Optional support of SSL. Default protocol is 'http' -a ACTION, --action=ACTION Script action: <get>, <set>, <delete> -l HOST, --host=HOST Server external host name -n CLUSTER, --cluster=CLUSTER Name given to cluster. Ex: 'c1' -c CONFIG_TYPE, --config-type=CONFIG_TYPE One of the various configuration types in Ambari. Ex: core-site, hdfs-site, mapred-queue-acls, etc. To specify credentials please use "-e" OR "-u" and "-p'": -u USER, --user=USER Optional user ID to use for authentication. Default is 'admin' -p PASSWORD, --password=PASSWORD Optional password to use for authentication. Default is 'admin' -e CREDENTIALS_FILE, --credentials-file=CREDENTIALS_FILE Optional file with user credentials separated by new line. To specify property(s) please use "-f" OR "-k" and "-v'": -f FILE, --file=FILE File where entire configurations are saved to, or read from. Supported extensions (.xml, .json>) [root@asnaik-asnaik1 ~]# /var/lib/ambari-server/resources/scripts/configs.py -l asnaik1 -t 8080 -u admin -p admin -a set -n asnaik -c hdfs-site -k dfs.permissions.superusergroup -v hdfs,operator 2018-12-10 15:19:00,604 INFO ### Performing "set": 2018-12-10 15:19:00,604 INFO ### new property - "dfs.permissions.superusergroup":"hdfs,operator" 2018-12-10 15:19:00,663 INFO ### on (Site:hdfs-site, Tag:version1543379050314) 2018-12-10 15:19:00,675 INFO ### PUTting json into: doSet_version1544455140675467.json 2018-12-10 15:19:00,767 INFO ### NEW Site:hdfs-site, Tag:version1544455140675467 [root@asnaik-asnaik1 ~]# /var/lib/ambari-server/resources/scripts/configs.py -l asnaik1 -t 8080 -u admin -p admin -a get -n asnaik -c hdfs-site -k dfs.permissions.superusergroup |grep -i dfs.permissions.superusergroup "dfs.permissions.superusergroup": "hdfs,operator", Adding to this, If you want to enable it in ambari UI,we can add it by following the steps For Ambari-2.6.x versions : cd /var/lib/ambari-server/resources/common-services/HDFS/2.1.0.2.0/configuration/ vi hdfs-site.xml remove the property as mentioned in : https://github.com/apache/ambari/blob/8e0f782efd4694028b598106e68ebe2a1c7c0a2e/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml#L338 ambari-server restart For Ambari-2.7.x versions : cd /var/lib/ambari-server/resources/stacks/HDP/3.0/services/HDFS/configuration/ vi hdfs-site.xml remove the property as mentioned in : https://github.com/apache/ambari/blob/8e0f782efd4694028b598106e68ebe2a1c7c0a2e/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml#L338 ambari-server restart ... View more

Hi @Daniel Issaharoff , Can you please try the following REST API : curl -u <USERNAME>:<PASSWORD> -H "X-Requested-By:ambari" -i -X POST http://<AMBARIFQDN>:8080/api/v1/views/HIVE/versions/2.0.0/instances/<HIVE_INSTANCE_NAME>/privileges -d '[{ "PrivilegeInfo": { "permission_name": "VIEW.USER", "principal_name": "<YOUR DESIRED GROUP NAME>", "principal_type": "GROUP" } }]' for ex : here qa is the new group privilage i am adding for my AUTO_HIVE20_INSTANCE curl -u admin:admin -H "X-Requested-By:ambari" -i -X POST http://asnaik1.openstacklocal:8080/api/v1/views/HIVE/versions/2.0.0/instances/AUTO_HIVE20_INSTANCE/privileges -d '[{ "PrivilegeInfo": { "permission_name": "VIEW.USER", "principal_name": "qa", "principal_type": "GROUP" } }]' If this is the answer you are looking for please accept my answer. ... View more

Hi @Jay Coder, Please refer to automatic failover section in this blog : https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithQJM.html#Automatic_Failover also you can refer this jira which explains how HDFS handles the failover and choose the Namenode to be active. : https://issues.apache.org/jira/browse/HDFS-2185 Please accept this answer if it clarifies your doubt. ... View more

Hi @lei lin, Can you do following steps and see if this helps you ? cd /etc/ambari-server/conf/ cp ambari.properties ambari_backup.properties_backup vi ambari.properties find the line: security.server.disabled.ciphers : comment it with # it should look like : #security.server.disabled.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|TLS_RSA_WITH_AES_256_CBC_SHA256|TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384|TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384|TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|TLS_DHE_DSS_WITH_AES_256_CBC_SHA256|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA|TLS_RSA_WITH_AES_256_CBC_SHA|TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA|TLS_ECDH_RSA_WITH_AES_256_CBC_SHA|TLS_DHE_RSA_WITH_AES_256_CBC_SHA|TLS_DHE_DSS_WITH_AES_256_CBC_SHA|TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|TLS_RSA_WITH_AES_128_CBC_SHA256|TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256|TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256|TLS_DHE_RSA_WITH_AES_128_CBC_SHA256|TLS_DHE_DSS_WITH_AES_128_CBC_SHA256|TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA|TLS_RSA_WITH_AES_128_CBC_SHA|TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA|TLS_ECDH_RSA_WITH_AES_128_CBC_SHA|TLS_DHE_RSA_WITH_AES_128_CBC_SHA|TLS_DHE_DSS_WITH_AES_128_CBC_SHA|TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA|TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA|TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA|TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA|SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA|SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA|TLS_EMPTY_RENEGOTIATION_INFO_SCSV|TLS_DH_anon_WITH_AES_256_CBC_SHA256|TLS_ECDH_anon_WITH_AES_256_CBC_SHA|TLS_DH_anon_WITH_AES_256_CBC_SHA|TLS_DH_anon_WITH_AES_128_CBC_SHA256|TLS_ECDH_anon_WITH_AES_128_CBC_SHA|TLS_DH_anon_WITH_AES_128_CBC_SHA|TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA|SSL_DH_anon_WITH_3DES_EDE_CBC_SHA|SSL_RSA_WITH_DES_CBC_SHA|SSL_DHE_RSA_WITH_DES_CBC_SHA|SSL_DHE_DSS_WITH_DES_CBC_SHA|SSL_DH_anon_WITH_DES_CBC_SHA|SSL_RSA_EXPORT_WITH_DES40_CBC_SHA|SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA|SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA|SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA|TLS_RSA_WITH_NULL_SHA256|TLS_ECDHE_ECDSA_WITH_NULL_SHA|TLS_ECDHE_RSA_WITH_NULL_SHA|SSL_RSA_WITH_NULL_SHA|TLS_ECDH_ECDSA_WITH_NULL_SHA|TLS_ECDH_RSA_WITH_NULL_SHA|TLS_ECDH_anon_WITH_NULL_SHA|SSL_RSA_WITH_NULL_MD5|TLS_KRB5_WITH_3DES_EDE_CBC_SHA|TLS_KRB5_WITH_3DES_EDE_CBC_MD5|TLS_KRB5_WITH_DES_CBC_SHA|TLS_KRB5_WITH_DES_CBC_MD5|TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA|TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 restart ambari server see if your ambari-agent is able to connect with ambari-server. if you dont want to comment every cipher , just want to comment only the specific one. enable -Djavax.net.debug=all to start up the Ambari Server, look out for ambari-server.out log and find the cipher ambari agent is sending and only remove that cipher from ambari.properties from disabled list. Please accept this answer if this worked for you. ... View more

Hi @Shraddha Singh, It looks like your ambari-agent is running but its nota ble to contact the Ambari-server to TLS issue. Can you carefully read this article and see if it helps you ? https://community.hortonworks.com/articles/188269/javapython-updates-and-ambari-agent-tls-settings.html additionaly try disable Cert verification in python refering to :https://access.redhat.com/articles/2039753#controlling-certificate-verification-7 sed -i 's/verify=platform_default/verify=disable/'/etc/python/cert-verification.cfg Please accept this answer if it helps you ... View more