Member since
09-21-2015
85
Posts
75
Kudos Received
7
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1868 | 04-21-2016 12:22 PM | |
4681 | 03-12-2016 02:19 PM | |
1601 | 10-29-2015 07:50 PM | |
1962 | 10-02-2015 04:21 PM | |
5535 | 09-29-2015 03:08 PM |
10-03-2018
03:18 PM
This would result in the keystore pass being stored in plain-text. Is there a more secure method of storing the keystore pass?
... View more
05-16-2018
07:47 AM
Is this fixed in Ambari 2.6.2 and Ambari 2.7 (for the CentOS7 and related versions)?
... View more
01-02-2018
03:45 PM
How would this be set when you have multiple solr hosts? <strname="solr.hdfs.security.kerberos.principal">infra-solr/<hostname>@EXAMPLE.COM</str>
... View more
10-16-2017
08:22 AM
Curl shows the same.
... View more
10-15-2017
10:21 AM
We are unable to make queries to collections on Ambari Infra Solr. This same request works on other Ambari 2.5 clusters.
# curl -g --negotiate -u : "http://hostname:8886/solr/ranger_audits/query?debug=query&q=*:*"<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /solr/ranger_audits/select. Reason:
<pre> GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html>
Here is the krb5 debug log showing the duplicate key after setting SOLR_OPTS="$SOLR_OPTS -Dsun.security.krb5.debug=true . >>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 907174024
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
Krb5Context setting mySeqNumber to: 512754846
Found KeyTab /etc/security/keytabs/spnego.service.keytab for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM
Found KeyTab /etc/security/keytabs/spnego.service.keytab for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM
Entered Krb5Context.acceptSecContext with state=STATE_NEW
Looking for keys for: HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM
Added key: 17version: 2
Found unsupported keytype (1) for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM
Found unsupported keytype (3) for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM
Added key: 18version: 2
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 18 17 16 23.
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
MemoryCache: add 1508065886/914380/B8B23803754E028D7923075AFEB12AAC/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM to infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM|HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM
MemoryCache: Existing AuthList:
#3: 1508065826/137763/263ACEC1894287E10DE785337DF032E1/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM
#2: 1508065868/906511/338AF89A3C5C5E73950D89CD559EBEFD/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM
#1: 1508065886/914380/B8B23803754E028D7923075AFEB12AAC/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM
But administrative requests work:
# sudo curl -g --negotiate -u : "http://hostname:8886/solr/admin/collections?action=LIST"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<lst name="responseHeader"><int name="status">0</int><int name="QTime">0</int></lst><arr name="collections"><str>fulltext_index</str><str>ranger_audits</str><str>edge_index</str><str>vertex_index</str></arr>
</response>
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Ranger
-
Apache Solr
05-23-2017
11:10 AM
The docs say "MariaDB 10" but RHEL7 comes with "MariaDB 5".
... View more
05-19-2017
04:12 PM
6 Kudos
Note: HDP 2.5 is used, but can be updated for HDP 2.6 and beyond. Boot an Amazon Linux instance with at least 16GB of RAM Execute the following. It will take a while
## install docker
sudo yum update -y
sudo yum install -y docker
## fix docker for importing the large sandbox image
sed -i.backup 's/\(^OPTIONS=.*\)"$/\1 --storage-opt=dm.basesize=20G"/' /etc/sysconfig/docker
## start docker
sudo service docker start
## confirm docker is working
sudo usermod -a -G docker ec2-user
docker info
## download docker image
curl -O http://hortonassets.s3.amazonaws.com/2.5/HDP_2.5_docker.tar.gz
## load docker image
docker load -i HDP_2.5_docker.tar.gz
## confirm image is available
docker images
## get sandbox docker startup script
curl -O https://raw.githubusercontent.com/hortonworks/tutorials/hdp-2.5/tutorials/hortonworks/hortonworks-sandbox-hdp2.5-guide/start_sandbox.sh
## start sandbox
bash start_sandbox.sh
## configure to start at boot
echo "bash /root/start_sandbox.sh" >> /etc/rc.local
## Print the URL for accessing the Sandbox
echo -e "##\nAccess the Sandbox at:\nhttp://$(curl -sS4 icanhazip.com):8888\n##"
... View more
Labels:
01-23-2017
09:39 PM
1 Kudo
Try point to the library provided by the system package as described in the docs? https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-reference/content/using_hive_with_mysql.html
... View more
12-21-2016
09:39 AM
@Matt Foley - Does HDFS have home references such as ~ or ${HOME} ?
... View more
12-13-2016
05:56 PM
Labels:
- Labels:
-
Apache Hadoop