Do you have any reference on how to enable ranger for kafka sitting in a separate cluster in CDP? ... View more

Hi @Jonas Straub,do as your article ,i create collection by curl command,and got the 401 error: curl –negotiate –u :  ‘http://myhost:8983/solr/admin/collections?action=CREATE&name=col&numShards=1&replicationFactor=1&collection.configName=_default&wt=json’ {   “responseHeader”:{ “status”:0, “QTime”:31818},   “failure”:{     “myhost:8983_solr”:”org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:Error from server at http://myhost:8983/solr:Excepted mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv=\”Content-Type\” content=\”text/html;charset=utf-8\”/>” <title> Error 401 Authentication required </title>   </head>   <body> <h2>HTTP ERROR 401</h2> <p> Problem accessing /solr/admin/cores.Reason:   <pre> Authentication required</pre> </p>   </body> </html> } }   When I debug the solr source code, found this exception is returned by “coreContainer.getZKController().getOverseerCollectionQueue().offer(Utils.toJson(m), timeout)”,so I doubt maybe the solr don’t authenticate zookeeper info and I use a no-kerberos zookeeper to replace the Kerberos zookeeper, solr collection can be created successfully. How to solve the problem with Kerberos ZK? ... View more

@Jonas Straub has this been resolved? Can you post your solution or accept best answer :)? ... View more

I am having similar issue We have non Kerberiozed Hadoop Kafka environment . I am testing integrating Ranger Kafak to secure the environment. HDP Version: HDP-2.3.4.0-3485 This is what I did. -- Enables Kafka plugin in Ranger. -- Restarted Ranger -- Create following policies in Ranger ( see the image ) ( Important : Added group Public left policy condition blank ) -- Logged in to server 21 to Produce and consume message's -- I was able to produce and consume messages from any server . What we want is to secure our Kafka environment through ranger by ip address. I understand that the identity of client user over a non-secure channel is not possible. I followed the following article to secure or Kafka environment. https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-WhydowehavetospecifypublicusergrouponallpoliciesitemscreatedforauthorizingKafkaaccessovernon-securechannel Please let me know what I am missing. ... View more

I know this is an old post. However, I did send out a support inquiry as to WHEN 5.7 will be supported and got the response that it was being tested for Ambari v2.5. That was very early this year. There are various vulnerabilities identified by Oracle related to not running higher than 5.7.11. In particular, the vulnerabilities cover: MySQL Server 5.6.29 and earlier, 5.7.11 and earlier. There are no workarounds or alternatives for this issue...Not good. I am referring to Oracle Support Note 2120034.1 for the preferred solution. This issue was identified by our security team in May 2016. So, my question is this. WHEN will 5.7.11+ be supported? ... View more

hello Neerraj, i'm looking for integrating LDAP server with hortonworks sandbox Ambari (HDP 2.5) and ambari-server --version 2.4.0.0-1225 i have tried twice to run "ambari-server setup-ldap" and "ambari-server sync-ldap –all" twice, but i'm keeping having error 403 at the beginning of LDAP Sync. when this error come up, i'm not able anymore to logging into Ambari UI with my Ambari credentials (admin/password). even after reseting my password with "ambari-admin-password-reset". but what i've observed so far is that i could in logging with "maria_dev/maria_dev" credential and also with some new user i have added during LDAP setup server. i was wondering if this could be a password migration tools that is doing the wrong password migration? i have checked the user "admin" in my LDAP database, and i can observe that it's not encrypted in the same way as user like maria_dev or raj_ops!! (see below): can this cause trouble during my ambari-server and LDAP synchronization? or it is due to my ambari-server LDAP setup settings? ==> MARIA_DEV INFORMATIONS [root@sandbox ~]# ldapsearch -x cn=maria_dev -b dc=hortonworks,dc=com # extended LDIF # # LDAPv3 # base with scope subtree # filter: cn=maria_dev # requesting: ALL # # maria_dev, People, hortonworks.com dn: uid=maria_dev,ou=People,dc=hortonworks,dc=com uid: maria_dev cn: maria_dev sn: maria_dev mail: maria_dev@hortonworks.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSQ2JC94YTFDb0dTMnAvOC4yRCQ3MDkuL1pYRHpnV01vVGIzeWdnNnd HNUNuM2ZXck82QTBzUGhOZzVFZEpodjF2LmRTQnBEelJUMHpPaFBUdmxZSzhGU3NVZEppS1M2QUFo OXpqLld1MQ== shadowLastChange: 17099 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1023 gidNumber: 1023 homeDirectory: /home/maria_dev # maria_dev, Group, hortonworks.com dn: cn=maria_dev,ou=Group,dc=hortonworks,dc=com objectClass: posixGroup objectClass: top cn: maria_dev userPassword:: e2NyeXB0fXg= gidNumber: 1023 =======> ADMIN INFORMATION: [root@sandbox ~]# ldapsearch -x cn=admin -b dc=hortonworks,dc=com # extended LDIF # # LDAPv3 # base with scope subtree # filter: cn=admin # requesting: ALL # # admin, People, hortonworks.com dn: uid=admin,ou=People,dc=hortonworks,dc=com uid: admin cn: admin sn: admin mail: admin@hortonworks.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSEh shadowLastChange: 17099 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1005 gidNumber: 1005 homeDirectory: /home/admin # admin, Group, hortonworks.com dn: cn=admin,ou=Group,dc=hortonworks,dc=com objectClass: posixGroup objectClass: top cn: admin userPassword:: e2NyeXB0fXg= gidNumber: 1005 # search result search: 2 result: 0 Success thanks a lot for your help. regards. sidoine. ... View more