The openweathermap example in the Knox Dev Guide looks great as a reference for extending Knox yourself. Do you know where some existing community extensions, like the Falcon or NN/RM UIs, can be found? I checked the Hortonworks Gallery with no luck. ... View more

I figured something like haproxy or nginx would work. Preferably looking for an example config, or if anyone has extended Knox with a custom provider then even better. ... View more

I was mistakenly using the HDP 2.3.0 Sandbox, which uses Ambari 2.1.0. Your advice worked perfectly in the latest version. Thanks! ... View more

Ambari attempts to determine whether the demo LDAP server supports paged results, which it does not, so it responds with UNAVAILABLE_CRITICAL_EXTENSION. The demo LDAP server in Knox 0.6.0 (HDP 2.3.0) is based on ApacheDS 2.0.0-M15. Support for paged results was added in version 2.0.0-M13 (DIRSERVER-434), so I'm not sure why this wouldn't work. It's unlikely to be solved by configuration though. ... View more

Here's a complete guide, thanks to @Paul Codding's advice to disable pagination. Requires HDP Sandbox 2.3.2 or later (Ambari 2.1.1+) 1. In Ambari, start the demo LDAP server (Knox gateway is not required): Knox > Service Actions > Start Demo LDAP 2. Follow the Ambari Security Guide to enable LDAP (press Enter for blank values)... [root@sandbox ~]# ambari-server setup-ldap Using python /usr/bin/python2.6 Setting up LDAP properties... Primary URL* {host:port} : sandbox.hortonworks.com:33389 Secondary URL {host:port} : Use SSL* [true/false] (false): false User object class* (posixAccount): person User name attribute* (uid): uid Group object class* (posixGroup): groupofnames Group name attribute* (cn): cn Group member attribute* (memberUid): member Distinguished name attribute* (dn): dn Base DN* : dc=hadoop,dc=apache,dc=org Referral method [follow/ignore] : Bind anonymously* [true/false] (false): false Manager DN* : uid=guest,ou=people,dc=hadoop,dc=apache,dc=org Enter Manager Password* : guest-password Re-enter password: guest-password ==================== Review Settings ==================== authentication.ldap.managerDn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org authentication.ldap.managerPassword: ***** Save settings [y/n] (y)? y Saving...done Ambari Server 'setup-ldap' completed successfully. 3. Configure Ambari to disable pagination, and restart Ambari Server: [root@sandbox ~]# echo "authentication.ldap.pagination.enabled=false" >> /etc/ambari-server/conf/ambari.properties [root@sandbox ~]# ambari-server restart 4. When Ambari startup completes, the objects in /etc/knox/conf/users.ldif are available in Ambari. Here’s a quick reference: admin / admin-password guest / guest-password sam / sam-password tom / tom-password Note: LDAP accounts with the same names as local accounts will replace the local accounts. The admin password will now be 'admin-password' instead of 'admin' 5. To customize the demo LDAP directory: In Ambari: Knox > Service Actions > Stop Demo LDAP Edit /etc/knox/conf/users.ldif Start the LDAP server manually (Ambari will overwrite users.ldif) nohup su - knox -c 'java -jar /usr/hdp/current/knox-server/bin/ldap.jar /usr/hdp/current/knox-server/conf' & Synchronize LDAP Users & Groups (see console output below)... [root@sandbox ~]# ambari-server sync-ldap --all Using python /usr/bin/python2.6 Syncing with LDAP... Enter Ambari Admin login: admin Enter Ambari Admin password: admin-password Syncing all... Completed LDAP Sync. Summary: memberships: removed = 0 created = 2 users: updated = 0 removed = 1 created = 3 groups: updated = 2 removed = 0 created = 0 Ambari Server 'sync-ldap' completed successfully. ... View more

Unfortunately config groups are only applicable when the HS2 instances are on different hosts. ... View more

You can manually startup the second HS2 instance and use --hiveconf to override some of the properties from the standard config. ... View more

@Kent Baxley did you have a chance to try using screen before uninstalling Accumulo client? Based on your discovery that redirecting output (sqoop.sh &> /dev/null &) was successful, I would think using screen would also work. ... View more

Wow, good catch. Unfortunately I'm still getting the same error with pagination disabled, so maybe it's a different feature that ApacheDS doesn't support: REASON: Caught exception running LDAP sync. [LDAP: error code 12 - Unsupport critical control: 1.2.840.113556.1.4.319]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unsupport critical control: 1.2.840.113556.1.4.319]; remaining name 'dc=hadoop,dc=apache,dc=org' ... View more

Are the Tez jobs submitting to the same queue as MR jobs? (hive.server2.tez.default.queues, hive.server2.tez.sessions.per.default.queue) How do Tez container settings compare with general YARN container settings?(tez.am.resource.memory.mb, tez.am.java.opts, hive.tez.container.size, hive.tez.java.opts) ... View more

Ok, across AWS Regions I understand, but it seems like AZs should have minimal performance impacts (latency isn't much higher) and would provide redundancy for HA. Either way, I'm glad to hear feedback from what is seen in the field and from other providers. ... View more

Excellent tips, thank you. Is there a guideline for when to add another pair of ZK servers? Cluster size, number of services that use ZK, any services that are particularly demanding, etc? ... View more

No worries, we're all learning it as we go ... View more

Thanks, hopefully it will save someone the hassle in the future. In the future, please leave this as a comment rather than a separate answer. ... View more

Fixed, thank you ... View more

Now that you mention my omission of HIVE_CONF_DIR, I realize it's simpler to override the hive.server2 properties rather than duplicate the entire configs. "Two HS2 instances on a single host" has been updated with this change. ... View more

Good catch, thanks. It's corrected now. ... View more

This bug is fixed in all HDP releases after (but not including) HDP 2.2.8. It is fixed in 2.3.0+ ... View more