sroberts
Guru

Re: Steps to enable SSL for oozie UI

by Guru Guru in Community Articles
‎10-03-2018 03:18 PM
‎10-03-2018 03:18 PM
This would result in the keystore pass being stored in plain-text. Is there a more secure method of storing the keystore pass? ... View more

Re: Issue with Ranger Admin SSL with Internal CA ...

by Guru Guru in Support Questions
‎09-07-2018 09:29 AM
‎09-07-2018 09:29 AM
Pravin - Did you resolve the issue? According to this JIRA, it's been fixed since Ranger 0.5.3. If not we should raise a new bug. https://issues.apache.org/jira/browse/RANGER-746 ... View more

Re: Java/Python Updates and Ambari Agent TLS Setti...

by Guru Guru in Community Articles
‎05-16-2018 07:47 AM
‎05-16-2018 07:47 AM
Is this fixed in Ambari 2.6.2 and Ambari 2.7 (for the CentOS7 and related versions)? ... View more

Re: Difference between "Ranger ranger_audits" and ...

by Guru Guru in Support Questions
‎02-24-2018 11:04 AM
‎02-24-2018 11:04 AM
Logsearch stores logs in the collection "hadoop_logs". What does it store in "audit_logs" and is there an overlap with Ranger? I don't see any documentation for logsearch explaining what is in each collection. And what "solr_audit_logs_use_ranger" means in the logsearch config. ... View more

Difference between "Ranger ranger_audits" and "Log...

by Guru Guru in Support Questions
‎02-23-2018 09:53 AM
‎02-23-2018 09:53 AM
What is the difference between these Solr collections? Ranger: 'ranger_audits' LogSearch: 'audit_logs' ... View more

Re: Setup Ambari Infra Solr to store indices on HD...

by Guru Guru in Community Articles
‎01-02-2018 03:45 PM
‎01-02-2018 03:45 PM
How would this be set when you have multiple solr hosts? <strname="solr.hdfs.security.kerberos.principal">infra-solr/<hostname>@EXAMPLE.COM</str> ... View more

Re: Solr "Request is a replay" (Ambari Infra Solr ...

by Guru Guru in Support Questions
‎10-16-2017 08:22 AM
‎10-16-2017 08:22 AM
Curl shows the same. ... View more

Solr "Request is a replay" (Ambari Infra Solr 2.5)

by Guru Guru in Support Questions
‎10-15-2017 10:21 AM
‎10-15-2017 10:21 AM
We are unable to make queries to collections on Ambari Infra Solr. This same request works on other Ambari 2.5 clusters. # curl -g --negotiate -u : "http://hostname:8886/solr/ranger_audits/query?debug=query&q=*:*"<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))</title> </head> <body><h2>HTTP ERROR 403</h2> <p>Problem accessing /solr/ranger_audits/select. Reason: <pre> GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html> Here is the krb5 debug log showing the duplicate key after setting SOLR_OPTS="$SOLR_OPTS -Dsun.security.krb5.debug=true . >>> KrbApReq: authenticate succeed. Krb5Context setting peerSeqNumber to: 907174024 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType Krb5Context setting mySeqNumber to: 512754846 Found KeyTab /etc/security/keytabs/spnego.service.keytab for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Found KeyTab /etc/security/keytabs/spnego.service.keytab for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Entered Krb5Context.acceptSecContext with state=STATE_NEW Looking for keys for: HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Added key: 17version: 2 Found unsupported keytype (1) for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Found unsupported keytype (3) for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Added key: 18version: 2 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType Using builtin default etypes for permitted_enctypes default etypes for permitted_enctypes: 18 17 16 23. >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType MemoryCache: add 1508065886/914380/B8B23803754E028D7923075AFEB12AAC/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM to infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM|HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM MemoryCache: Existing AuthList: #3: 1508065826/137763/263ACEC1894287E10DE785337DF032E1/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM #2: 1508065868/906511/338AF89A3C5C5E73950D89CD559EBEFD/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM #1: 1508065886/914380/B8B23803754E028D7923075AFEB12AAC/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM But administrative requests work: # sudo curl -g --negotiate -u : "http://hostname:8886/solr/admin/collections?action=LIST" <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"><int name="status">0</int><int name="QTime">0</int></lst><arr name="collections"><str>fulltext_index</str><str>ranger_audits</str><str>edge_index</str><str>vertex_index</str></arr> </response> ... View more

Re: Name UI showing incorrect file count

by Guru Guru in Support Questions
‎08-31-2017 12:39 PM
‎08-31-2017 12:39 PM
This is expected if looking at the "standby" namenode in an HA NameNode environment. Only the active NameNode will have an accurate count. If the standby becomes active it's count will be correct. Hadoop >2.8 will report accurately. Read more here: https://issues.apache.org/jira/browse/HDFS-9396 ... View more

Re: Knox: Lower case users & groups

by Guru Guru in Support Questions
‎06-28-2017 04:57 PM
‎06-28-2017 04:57 PM
Answering my own question. Credit to @lmccay. RTFM: http://knox.apache.org/books/knox-0-9-0/user-guide.html#SwitchCase+Identity+Assertion+Provider http://knox.apache.org/books/knox-0-12-0/user-guide.html#SwitchCase+Identity+Assertion+Provider ... View more

Knox: Lower case users & groups

by Guru Guru in Support Questions
‎06-28-2017 04:24 PM
‎06-28-2017 04:24 PM
Are there options to lower the case of users & groups within Knox? (In my case is with ldapRealm). Throughout HDP we often lower the case of users/groups. Such as in Ranger where these are typically set: ranger.usersync.ldap.username.caseconversion=local ranger.usersync.ldap.groupname.caseconversion=local This results in Knox polices in Ranger not functioning. For example: - Group in Knox (from AD): HDP_access - Group in HDFS & Ranger: hdp_access ... View more
Labels:

HA (High Availability) of the database? (MySQL, Ma...

by Guru Guru in Support Questions
‎05-24-2017 11:16 AM
‎05-24-2017 11:16 AM
Which HA (High Availability) mechanisms does HDP (Ambari, Hive, Ranger, Oozie) support for the database which the services are backed by (MySQL, MariaDB & PostgreSQL)? I've heard that MySQL HA & PostgreSQL HA are not supported, but not seen anything official. What about Galera, Percona XtraDB Cluster, MySQL MHA, ... and/or proxy mechanisms such as ProxySQL? ... View more

Re: Can MariaDB be used with Hive, on HDP 2.5.3?

by Guru Guru in Support Questions
‎05-23-2017 11:10 AM
‎05-23-2017 11:10 AM
The docs say "MariaDB 10" but RHEL7 comes with "MariaDB 5". ... View more

Deploy HDP Sandbox on AWS

by Guru Guru in Community Articles
‎05-19-2017 04:12 PM
6 Kudos
‎05-19-2017 04:12 PM
6 Kudos
Note: HDP 2.5 is used, but can be updated for HDP 2.6 and beyond. Boot an Amazon Linux instance with at least 16GB of RAM Execute the following. It will take a while ## install docker sudo yum update -y sudo yum install -y docker ## fix docker for importing the large sandbox image sed -i.backup 's/\(^OPTIONS=.*\)"$/\1 --storage-opt=dm.basesize=20G"/' /etc/sysconfig/docker ## start docker sudo service docker start ## confirm docker is working sudo usermod -a -G docker ec2-user docker info ## download docker image curl -O http://hortonassets.s3.amazonaws.com/2.5/HDP_2.5_docker.tar.gz ## load docker image docker load -i HDP_2.5_docker.tar.gz ## confirm image is available docker images ## get sandbox docker startup script curl -O https://raw.githubusercontent.com/hortonworks/tutorials/hdp-2.5/tutorials/hortonworks/hortonworks-sandbox-hdp2.5-guide/start_sandbox.sh ## start sandbox bash start_sandbox.sh ## configure to start at boot echo "bash /root/start_sandbox.sh" >> /etc/rc.local ## Print the URL for accessing the Sandbox echo -e "##\nAccess the Sandbox at:\nhttp://$(curl -sS4 icanhazip.com):8888\n##" ... View more
Labels:

Re: Hive Metastore database driver configuration

by Guru Guru in Support Questions
‎01-23-2017 09:39 PM
1 Kudo
‎01-23-2017 09:39 PM
1 Kudo
Try point to the library provided by the system package as described in the docs? https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-reference/content/using_hive_with_mysql.html ... View more

Re: Is it possible to change the default "home" di...

by Guru Guru in Support Questions
‎12-21-2016 09:39 AM
‎12-21-2016 09:39 AM
@Matt Foley - Does HDFS have home references such as ~ or ${HOME} ? ... View more

Re: Hive Ambari View coniguration for Hive SSL

by Guru Guru in Support Questions
‎06-02-2016 06:03 PM
‎06-02-2016 06:03 PM
As far as I know Kerberos is for authentication. Not the encryption of Hive communication. ... View more

Re: Hive Ambari View coniguration for Hive SSL

by Guru Guru in Support Questions
‎06-02-2016 05:07 PM
‎06-02-2016 05:07 PM
@Sri Bandaru- No. That's for Ambari HTTPS. I'm referring to SSL of HiveServer2 connections. ... View more

Hive Ambari View coniguration for Hive SSL

by Guru Guru in Support Questions
‎06-02-2016 02:57 PM
1 Kudo
‎06-02-2016 02:57 PM
1 Kudo
What configuration is required in the Hive Ambari View for supporting Hive SSL? ... View more
Labels:

Re: Deploy HDP 2.3.x cluster with Zeppelin 0.5.5 u...

by Guru Guru in Community Articles
‎04-21-2016 12:43 PM
‎04-21-2016 12:43 PM
@Ali Bajwa A simplified approach: On the Ambari Server: yum -y install git git clone https://github.com/seanorama/ambari-bootstrap cd ambari-bootstrap export ambari_server_custom_script=${ambari_server_custom_script:-~/ambari-bootstrap/ambari-extras.sh} export install_ambari_server=true ./ambari-bootstrap.sh Then deploy the cluster. The "extras" script above takes care of all the tedious stuff automatically (cloning Zeppelin, the blueprint defaults, the role command order, ...). yum -y install python-argparse cd deploy export ambari_services="HDFS MAPREDUCE2 YARN ZOOKEEPER HIVE SPARK ZEPPELIN" bash ./deploy-recommended-cluster.bash ... View more

Re: Google Storage and Kerberos integration

by Guru Guru in Support Questions
‎04-21-2016 12:22 PM
1 Kudo
‎04-21-2016 12:22 PM
1 Kudo
The Google Cloud Storage Connector for Hadoop is configured at the cluster level without any knowledge of Kerberos. So the output you showed is what I would expect. But some thoughts: In secure environments, ideally a user can never even reach Hadoop without authentication against the Kerberos or Directory. With that assumed, you would never get the chance to run 'hadoop fs -ls ...' anyway. So lock down all access to the environment & network so only authorized users can even run the commands. It couldn't hurt to submit a feature request for a configuration option that disables 'gs' unless the user is authenticated to Hadoop. Personally I see this as a bug report, but technically it's a feature request. You would have to raise it with Google since the Connector is not currently a part of Apache Hadoop. Google maintains it separately. Why it's not a bug: Kerberos governs communications between services, not the executions of commands. Since GS doesn't do Kerberos, it works as intended since it already has it's authentication done separately. I've not done it, but you could check if individual users/applications can pass the GCS token. If possible then you would remove it from the cluster-wide configuration and the users would be required to do this themselves. It would still not be using Kerberos but would be another layer of security. s3a://, swift://, and wasb:// support this method. ... View more

Azure Sandbox prep for Twitter/HDP/HDF demo

by Guru Guru in Community Articles
‎04-04-2016 03:06 PM
2 Kudos
‎04-04-2016 03:06 PM
2 Kudos
Prerequisites: Launch Sandbox on Azure VM Size: Minimum of A4 or A5 A Twitter App You'll use the API credentials The "Application Details" don't matter Prepare the Sandbox Connect to SSH & Ambari Connect to the Sandbox using SSH or web console: http://<<ip>>:4200/ Become root: sudo su - Reset the Ambari password: ambari-admin-password-reset Login to Ambari: http://<<ip>>:8080 User: admin Before moving to the next steps, ensure all services on the left are started (green) or in maintenance mode (black). Install NiFi In Ambari, Click "Actions" (bottom left) -> Add Service Choose NiFi and continue through the dialogs. You shouldn't need to change anything NiFi should now be accessible at http:<<ip>>:9090/nifi/ Tune Sandbox The Sandbox is tuned to run on minimal hardware. We need to update the Hive, Tez & YARN configuration for our use case. This could take up to 15 minutes to complete: bash <(curl -sSL https://git.io/vVRPs) Solr & Banana Solr enables the ability to search across large corpuses of information through specialized indexing techniques. Banana is a dashboard visualization tool for Solr. Download the Banana Dashboard curl -L https://git.io/vVRP3 -o /opt/hostname-hdpsearch/solr/server/solr-webapp/webapp/banana/app/dashboards/default.json Update Solr to support Twitter's timestamp format curl -L https://git.io/vVRPz -o /opt/hostname-hdpsearch/solr/server/solr/configsets/data_driven_schema_configs/conf/solrconfig.xml Start Solr JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64 /opt/hostname-hdpsearch/solr/bin/solr start -c -z localhost:2181 Create Solr collection for tweets /opt/hostname-hdpsearch/solr/bin/solr create -c tweets -d data_driven_schema_configs -s 1 -rf 1 ... View more

Re: What is the Hortonworks recommendation on Swap...

by Guru Guru in Support Questions
‎03-12-2016 02:19 PM
17 Kudos
‎03-12-2016 02:19 PM
17 Kudos
As with many topics, "it depends". For slave/worker/data hosts which only have distributed services you can likely disable swap. With distributed services it's preferred to let the process/host be killed rather than swap. The killing of that process or host shouldn't affect cluster availability. Said another way: you want to "fail fast" not to "slowly degrade". Just 1 bad process/host can greatly degrade performance of the whole cluster. For example, in a 350 host cluster removal of 2 bad nodes improved throughput by ~2x: http://www.slideshare.net/t3rmin4t0r/tez8-ui-walkthrough/23 http://pages.cs.wisc.edu/~thanhdo/pdf/talk-socc-limplock.pdf For masters, swap is also often disabled though it's not a set rule from Hortonworks and I assume there will be some discussion/disagreement. Masters can be treated somewhat like you'd treat masters in other, non-Hadoop, environments. The fear with disabling swap on masters is that an OOM (out of memory) event could affect cluster availability. But that will still happen even with swap configured, it just will take slightly longer. Good administrator/operator practices would be to monitor RAM availability, then fix any issues before running out of memory. Thus maintaining availability without affecting performance. No swap is needed then. Scenarios where you might want swap: playing/testing functionality, not performance, on hosts with very little RAM so will likely need to swap. if you have the need to use more memory, or expect to need more, than the amount of RAM which has been purchased. And can accept severe degradation in failure. In this case you would need a lot of swap configured. Your better off buying the right amount of memory. Extra thoughts: if you want to disable swap, but your organization require their to be a swap partition, set swappiness=0 if you choose to have swap, set swappiness=1 to avoid swapping until all physical memory has been used. most Cloud/Virtualization providers disable swap by default. Don't change that. some advise to avoid swap on SSDs due to reducing their lifespan ... View more

Re: What is the Hortonworks recommendation on Swap...

by Guru Guru in Support Questions
‎03-11-2016 08:38 PM
3 Kudos
‎03-11-2016 08:38 PM
3 Kudos
The questions will be: - 1. Should there be a swap partition at all (i.e. swappiness=0)? - 2. Do recommendations vary between masters, workers or certain components? - 3. If swappiness>=1, what should the amount be? ... View more

Re: What is the Hortonworks recommendation on Swap...

by Guru Guru in Support Questions
‎03-11-2016 08:36 PM
2 Kudos
‎03-11-2016 08:36 PM
2 Kudos
David - Thanks for posting. As discussed separately, the 2xRAM recommendation is definitely out of date. I'm working on some consensus with my team on their recommendations, and look forward to others comments coming in below. ... View more

Re: Recommendations for Microsoft Azure HDP Deploy...

by Guru Guru in Support Questions
‎01-12-2016 06:53 PM
1 Kudo
‎01-12-2016 06:53 PM
1 Kudo
Mind if we convert this to an Article and update together since no answer will be correct for more than a couple months? ... View more

Re: Recommendations for Microsoft Azure HDP Deploy...

by Guru Guru in Support Questions
‎01-12-2016 03:41 PM
2 Kudos
‎01-12-2016 03:41 PM
2 Kudos
I've been told that the DV2 series is now recommended over the A series. Shall we update this? https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/#standard-tier-dv2-series ... View more

Re: How to read from a Kafka topic using Spark (st...

by Guru Guru in Support Questions
‎12-18-2015 01:18 PM
‎12-18-2015 01:18 PM
@schintalapani - Do you have more details? Such as if there are JIRA issues or dev email threads tracking this? ... View more

YARN&MR Configuration: "HDP Configuration Utils" o...

by Guru Guru in Support Questions
‎12-10-2015 02:25 PM
2 Kudos
‎12-10-2015 02:25 PM
2 Kudos
For configuring/tuning YARN & MR memory settings: the HDP Configuration Utility is referenced in the HDP documentation. and the Ambari "Stack Advisor" provides similar configuration. Which is preferred? Do they overlap? Are they maintained similarly (such that they don't conflict)? And so on ... ... View more
Contact Me
Online
Offline
Last Visited
‎05-01-2020 01:20 PM
Public Statistics
Date Registered ‎09-21-2015 02:23 PM
Last Visited ‎05-01-2020 01:20 PM
Total Messages Posted 85
Total Kudos Received 74