Yes, it’s possible to use a single SSL certificate across all hosts in your cluster, but it depends on how your domains are set up. If all hosts share the same base domain (like host1.example.com, host2.example.com), you can use a wildcard SSL or a multi-domain (SAN) SSL certificate that covers all hostnames. Install the same cert and key on each node. This avoids creating separate CSRs and renewals for every host. Just note that sharing one private key across multiple servers can be a small security risk if one host is compromised. Hope it helps! ... View more

Default Page Size seems to be 200 on most APIs. Use query parameters pageSize and startIndex to page through the results ... View more

I believe that in Ranger 1.2.0 the property xasecure.audit.provider.summary.enabled is called Audit provider summary enabled (checkbox to tick) in Advanced ranger-hdfs-audit in HDFS service in Ambari. ... View more

In my case I had to restart HiveServer2 services on nodes after I had connected the hosts to the domain (using sssd service). ... View more

@Terry Stebbens Thanksa lot again for all ur help . In HDP sandbox 2.5 , while testing ranger functionalities, I got I need hive user access.but am not sure what is default hive user credentials. Can yo help me in this please. I am trying to achieve BEST PRACTICES FOR HDFS AUTHORIZATION Having a federated authorization model may create a challenge for security administrators looking to plan a security model for HDFS. After Apache Ranger and Hadoop have been installed, we recommend administrators to implement the following steps: Change HDFS umask to 077 Identify directory which can be managed by Ranger policies Identify the directories that can be managed by Ranger policies We recommend that permission for application data folders (/apps/hive, /apps/Hbase) as well as any custom data folders be managed through Apache Ranger. The HDFS native permissions for these directories need to be restrictive. This can be done through changing permissions in HDFS using chmod. Example: $ hdfs dfs -chmod -R 000 /apps/hive $ hdfs dfs -chown -R hdfs:hdfs /apps/hive $ hdfs dfs -ls /apps/hive Found 1 items d——— – hdfs hdfs 0 2015-11-30 08:01 /apps/hive/warehouse After changing umask value 077. Its not allow me to do any operation as root user. its looking for hive user. can u guide me please Error: at org.apache.hadoop.fs.shell.Command.run(Command.java:165) at org.apache.hadoop.fs.FsShell.run(FsShell.java:297) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:90) at org.apache.hadoop.fs.FsShell.main(FsShell.java:350) chmod: changing permissions of '/apps/hive': Permission denied. user=root is not the owner of inode=hive http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/ ... View more

Thanks @Terry Stebbens and @Ian Roberts, I have changed to yarn.scheduler.capacity.maximum-am-resource-percent=0.4 and its working fine. ... View more

Hi, you need to give your Ubuntu host a domain name which you then add as the FQDN. For the second part, you need to copy your id_rsa file you created and paste it into the SSh private key box. (It is either the id_rsa or id_rsa.pub, i cant remember), as shown in the image above. ... View more

yes it will not work at all with hive cli , better you use beeline, thanks! ... View more

Okay.. Was hoping this feature could be or will be avalible in Resource Based. One case could be data in HDFS which only should be allowed to acces data based on location or a time perioed. ... View more