mkataria
Rising Star

Re: how to create a new kafka cluster using ambari...

by Rising Star in Support Questions
‎09-26-2017 04:02 AM
‎09-26-2017 04:02 AM
If you just need a Kafka cluster, try doing a manual installation of Kafka and Zookeeper on nodes or user HDF instead of HDP. We have multiple HDP clusters running alongside manual Kafka Clusters. ... View more

Upgrade question - lucidworks-hdpsearch/

by Rising Star in Support Questions
‎07-27-2017 04:06 PM
‎07-27-2017 04:06 PM
We are on 2.5.3 and moving to 2.6.1 - this cluster also hosts lucidworks-hdpsearch Solr cloud - rather than installing the packages manually we added them to Ambari for easy start/stop, Should we remove them before the upgrade or leave them as it is - These nodes are also running ambari-metrics monitor - ambari and HST agents too. If I put the host itself on maintenance mode the above components will be left out. Any suggestions? Thanks in advance. ... View more
Labels:

Re: Kafa fails to start - Ranger Issue

by Rising Star in Support Questions
‎07-12-2017 03:20 PM
1 Kudo
‎07-12-2017 03:20 PM
1 Kudo
Thanks vperiasamy for Suggestion - I was not able to respond timely - I use the same trick to remove/add Ranger Plugins to chk on false artifacts/cache causing issues. The problem here was, when we deleted Kafka via Ambari and reinstalled it - it never created the links to ranger_*-kafka-plugin*, although the service was showing as installed. So i removed ranger_*-kafka-plugin* via yum and reinstalled it - and the links got created. And its working fine now. Thanks Mayank ... View more

Kafa fails to start - Ranger Issue

by Rising Star in Support Questions
‎07-11-2017 08:38 PM
‎07-11-2017 08:38 PM
Hello gurus, We were facing issue with Kafka and decided to re-installed service (removed via Ambari) Now the kafka brokers refuse to start with following errors. FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable) java.lang.ClassNotFoundException: org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer I'm out of ideas on where to look and what jars. my /etc/kafka and /usr/hdp/current paths are good. Thanks in advance. Mayank ... View more
Labels:

Yarn RM Web UI blocked

by Rising Star in Support Questions
‎10-14-2016 07:46 PM
‎10-14-2016 07:46 PM
Hello experts, For no reason after a restart all the users can't see each others job view info from the RM UI. Each user can ONLY see the application info on RM UI running under their ID. RM HA Kerberized below is the error - 2016-10-14 14:27:42,109 ERROR webapp.AppBlock (AppBlock.java:render(233)) - Failed to read the attempts of the application application_1476471035662_0002. java.lang.reflect.UndeclaredThrowableException at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1727) at org.apache.hadoop.yarn.server.webapp.AppBlock.render(AppBlock.java:221) at org.apache.hadoop.yarn.server.resourcemanager.webapp.RMAppBlock.render(RMAppBlock.java:65) at org.apache.hadoop.yarn.webapp.view.HtmlBlock.render(HtmlBlock.java:69) at org.apache.hadoop.yarn.webapp.view.HtmlBlock.renderPartial(HtmlBlock.java:79) at org.apache.hadoop.yarn.webapp.View.render(View.java:235) at org.apache.hadoop.yarn.webapp.view.HtmlPage$Page.subView(HtmlPage.java:49) Caused by: org.apache.hadoop.yarn.exceptions.YarnException: User mayank does not have privilage to see this aplication application_1473331035333_09 Thanks in advance Mayank ... View more
Labels:

Ranger HBase Plugin with SSL- AccessDeniedExceptio...

by Rising Star in Community Articles
‎10-05-2016 07:46 PM
2 Kudos
‎10-05-2016 07:46 PM
2 Kudos
We tried 3 scenarios and all failed. 1) Creating Hive Table on HBase. (proper hive/hbase polices for user) hive> CREATE TABLE hbase_table_1(key int, value string) STORED BY 'org.apache.hadoop.hive.hbase.HBaseStorageHandler' WITH SERDEPROPERTIES ("hbase.columns.mapping" = ":key,cf1:val") TBLPROPERTIES ("hbase.table.name" = "xyz", "hbase.mapred.output.outputtable" = "xyz"); FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'abc@ABC.COM' (action=create) at org.apache.ranger.authorization.hbase.AuthorizationSession.publishResults(AuthorizationSession.java:254) at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.authorizeAccess(RangerAuthorizationCoprocessor.java:595) at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.requirePermission(RangerAuthorizationCoprocessor.java:664) at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preCreateTable(RangerAuthorizationCoprocessor.java:769) at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preCreateTable(RangerAuthorizationCoprocessor.java:496) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$11.call(MasterCoprocessorHost.java:216) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1140) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preCreateTable(MasterCoprocessorHost.java:212) at org.apache.hadoop.hbase.master.HMaster.createTable(HMaster.java:1533) at org.apache.hadoop.hbase.master.MasterRpcServices.createTable(MasterRpcServices.java:454) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:55401) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) 2) Create Table directly on Hbase hbase(main):001:0> create 'emp', 'personal', 'professional' ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'abc@ABC.COM' (action=create) 3) Using Grant from HBase Shell hbase(main):001:0> grant 'abc', 'RWCA' ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: SSLContext must not be null at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.grant(RangerAuthorizationCoprocessor.java:1171) at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.grant(AccessControlProtos.java:9933) at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10097) at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:7553) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:1878) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:1860) at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:32209) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) The easy solution we tried is to disable SSL and it worked. We also tried creating different policies and policy on namespace 'default:*' worked and users were ONLY able to create the TABLE. They were NOT able to scan the table and issue (3) still had same problem. " ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user abc@ABC.COM',action: scannerOpen, tableName:hello1, family:col1. " Regional Servers were playing a important role here on Ranger Policies. While HBase Master was able to wirte to Policy Cache the cache for Regional Servers was 0 bytes.(communication blocked) We distributed the keystore and truststore from HBase Master to all the worker nodes running Regional Server and restarted Hbase and this solved the issue. How to do? Ambari-Hbase-Config- Filter "SSL" 1) xasecure.policymgr.clientssl.keystore - Find the /path/keystore.file.name and distribute it to all the machines (keep the path/file name same) 2) xasecure.policymgr.clientssl.truststore - - Find the /path/truststore.file.name and distribute it to all the machines (keep the path/file name same) Hope this will help. Thanks Mayank ... View more
Labels:

Re: Ambari Https (Broken HTTPS)

by Rising Star in Support Questions
‎09-29-2016 02:09 PM
‎09-29-2016 02:09 PM
Figured it out, I generated a new cert and used Signature Algorithm as sha256RSA (signature hash algorithm as sha256) however the ones I had earlier were SHA1RSA and SHA1 respectively. Seems like ShA1 is week but IE doesn't seem to care, Chrome was not happy about it. If it's a internal ONLY cluster and you are using a local CA authority (internal or self sign) you can still live with Sha1. You will still achieve Secure TLS connection and Secure Resources however with a warning This page is insecure (broken HTTPS). Hope this helps and thanks community to think. Regards Mayank ... View more

Re: Working one way trust broken - Kerberos

by Rising Star in Support Questions
‎09-28-2016 12:32 AM
‎09-28-2016 12:32 AM
Fixed ... a cron job was the culprit.. Thanks ... View more

Working one way trust broken - Kerberos

by Rising Star in Support Questions
‎09-27-2016 11:16 PM
‎09-27-2016 11:16 PM
We have set a Once way trust from AD to KDC and validated that we were able to get tickets from AD. Kerberos Realm - ABC.NET AD Domain - XZY.COM Validation kinit ad_user@XYZ.COM List Showed the valid ticket. Now in just few hrs the trust is broken the same command, kinit ad_user@XYZ.COM, gives kinit: Cannot find KDC for realm "XYZ.COM" while getting initial credentials. Thanks in advance. Just want to hit myself on the face. ... View more

Re: Ambari Https (Broken HTTPS)

by Rising Star in Support Questions
‎09-23-2016 03:21 PM
‎09-23-2016 03:21 PM
Works for IE, however still broken for Chrome. Any advices/help is appreciated. ... View more

Re: NN / Hive Audit Error - Ranger DB on Oracle

by Rising Star in Support Questions
‎09-13-2016 02:47 PM
‎09-13-2016 02:47 PM
Ranger 0.5.0.2.4 Will try your suggestion, however since the org error was ((actual: 2465, maximum:2000), do we still need to take it to 4000 thanks ... View more

NN / Hive Audit Error - Ranger DB on Oracle

by Rising Star in Support Questions
‎09-13-2016 02:24 PM
1 Kudo
‎09-13-2016 02:24 PM
1 Kudo
We are running Ranger on Oracle. Faced a common error (NN logs and Hive logs) ORA-12899: Value too large for column "RANGERDBA"."XA.AUDIT"."REQUEST.DATA" (actual: 2465, maximum:2000) We changed the REQUEST_DATA to VARCHAR2(3000) from VARCHAR2(2000) Now the new error is ORA-12899: Value too large for column "RANGERDBA"."XA.AUDIT"."REQUEST.DATA" (actual: 3465, maximum:3000) This a a fresh Installation on Oracle only and not migrated from MySql. In my past exp we had the same issue where the DB was migrated from MySql and there were some NON ASCII chars .. we fixed it by changing to VARCHAR2 (2000 CHAR) from VARCHAR2(2000). Will the same solution be able to fix this. What can cause this issue. Thanks Mayank ... View more
Labels:

Re: Ambari Https (Broken HTTPS)

by Rising Star in Support Questions
‎09-08-2016 06:29 PM
‎09-08-2016 06:29 PM
We are using a single wildcard cert provided by enterprise CA. Thanks Mayank ... View more

Ambari Https (Broken HTTPS)

by Rising Star in Support Questions
‎09-08-2016 06:08 PM
‎09-08-2016 06:08 PM
While securing Ambari Sever for Https, we can successfully login to https and default port 8443, however the https is stoked out and says This page is insecure (broken HTTPS). We are using wildcard certs initially in .cer format however have to convert it to .pem format using openssl. What is the preferred format and encryption for the Certs. The current error says 1) SHA-1 Certificate The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1. 2) Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID). Thanks Mayank ... View more
Labels:

Re: HDFS Balancer - Access denied for user hdfs-p...

by Rising Star in Support Questions
‎08-30-2016 09:56 PM
‎08-30-2016 09:56 PM
Found it. I would have left it like that however since it in Production and sometimes you just need to know. For replication, we Falcon needs to be aware of local and remote Cluster ID via below property. dfs.nameservices mine has value like "prodID, devID" What balancer does is it tries to reach both the nameservices and if I'm running the command in prod cluster as hdfs with proper ticket, it will throw a errror "hdfs-prod" (which is my principal w/o REALM) however it is still balancing the prod cluster, so the error although not clear is actually permission denied on remote name service (which makes sense) as the user still is "hdfs" however the principal is different "hdfs-dev" in my case. I ran the same command in Dev and cluster wwas rebalanced however I got the same error, this time Access denied for user hdfs-dev. Superuser privilege is required. Thanks for support @emaxwell, @mqureshi, @Kuldeep Kulkarni. I hope above answer will help others. (few of other hdfs commands have no effect/errors) Thanks Mayank ... View more

Re: HDFS Balancer - Access denied for user hdfs-p...

by Rising Star in Support Questions
‎08-30-2016 08:30 PM
‎08-30-2016 08:30 PM
thanks @mqureshi , As stated above I'm running the command as "hdfs" , "hdfs-prod" is my principal name w/o the realm name. This user is a part od superusergroup and all the mapping are showing ryt. I'm sure its something which misses the eye. Regards Mayank ... View more

Re: HDFS Balancer - Access denied for user hdfs-p...

by Rising Star in Support Questions
‎08-30-2016 07:39 PM
‎08-30-2016 07:39 PM
Thanks @emaxwell, I'm running those commands as HDFS user, the 'hdfs dfsadmin -safemode' works fine. I can preety much use the balancer from Ambari but super curious to know what went wrong here. Thanks Mayank ... View more

Re: HDFS Balancer - Access denied for user hdfs-p...

by Rising Star in Support Questions
‎08-30-2016 06:48 PM
‎08-30-2016 06:48 PM
thanks for pointer @Kuldeep Kulkarni however the rules are set properly. I'm pretty much able to do everything with the key tab but the balancer command. Thanks Mayank ... View more

HDFS Balancer - Access denied for user hdfs-prod....

by Rising Star in Support Questions
‎08-30-2016 06:38 PM
1 Kudo
‎08-30-2016 06:38 PM
1 Kudo
Hello experts, While running balancer utility as HDFS user i'm getting below error. HDFS Balancer - Access denied for user hdfs-prod. Superuser privilege is required Note - I'm running as user hdfs against a kerberized cluster. My principal name is hdfs-prod@ABC.NET dfs.permissions.superusergroup = hdfs and hdfs groups hdfs shows hdfs : hadoop hdfs I'm sure I'm missing something here. Thanks Mayank ... View more
Labels:

Re: Zepplin Kerberos Support

by Rising Star in Support Questions
‎08-15-2016 03:14 PM
‎08-15-2016 03:14 PM
thanks @emaxwell ... View more

Zepplin Kerberos Support

by Rising Star in Support Questions
‎08-15-2016 02:12 PM
1 Kudo
‎08-15-2016 02:12 PM
1 Kudo
Hello Gurus, One of our clients is asking for Zepplin and Kerberized the cluster. Below are my doubts (I have searched the forums however not found anything solid) 1) What is the current state of security around Zeppelin 2) Can we run Zellpin in a Kerberized environment. Thanks Mayank ... View more
Labels:

HDFS Snapshot - Size

by Rising Star in Support Questions
‎07-20-2016 06:22 PM
1 Kudo
‎07-20-2016 06:22 PM
1 Kudo
Hello experts, I'm trying to understand the total size / block size used by HDFS Snapshot. I have a dir like /user/x/data and a hdfs ls tells me it has 1.1 TB So If I take a snapshot of /user/x/data will the snapshot consumes same space and how much block size is used by it. My earlier output from hdfs dfsadmin -report was 19.6 TB and after taking snapshot it was still same. If snapshots takes same space as of the source why the report does't changes. Thanks Mayank ... View more

Re: PySpark pointing to old version when run on Ya...

by Rising Star in Support Questions
‎07-05-2016 03:20 AM
‎07-05-2016 03:20 AM
Thanks @Sunile Manjee, tried that multiple times however no luck, we have been suggested to reinstall Spark Clients. ... View more

PySpark pointing to old version when run on Yarn.

by Rising Star in Support Questions
‎06-29-2016 08:38 PM
‎06-29-2016 08:38 PM
Strangely, we have a client script which is working fine on "pyspark/default" mode however fails on "pyspark --master yarn" mode. This client has 3 environments and the script is failing on one of the environment only, all the configs are same across the environments and they were upgraded recently. The log from RM shows below.(see bold for 2 versions) CLASSPATH -> {{PWD}}<CPS>{{PWD}}/__spark__.jar<CPS>$HADOOP_CONF_DIR<CPS>/usr/hdp/current/hadoop-client/*<CPS>/usr/hdp/current/hadoop-client/lib/*<CPS>/usr/hdp/current/hadoop-hdfs-client/*<CPS>/usr/hdp/current/hadoop-hdfs-client/lib/*<CPS>/usr/hdp/current/hadoop-yarn-client/*<CPS>/usr/hdp/current/hadoop-yarn-client/lib/*<CPS>$PWD/mr-framework/hadoop/share/hadoop/mapreduce/*:$PWD/mr-framework/hadoop/share/hadoop/mapreduce/lib/*:$PWD/mr-framework/hadoop/share/hadoop/common/*:$PWD/mr-framework/hadoop/share/hadoop/common/lib/*:$PWD/mr-framework/hadoop/share/hadoop/yarn/*:$PWD/mr-framework/hadoop/share/hadoop/yarn/lib/*:$PWD/mr-framework/hadoop/share/hadoop/hdfs/*:$PWD/mr-framework/hadoop/share/hadoop/hdfs/lib/*:$PWD/mr-framework/hadoop/share/hadoop/tools/lib/*:/usr/hdp/2.3.4.31-2/hadoop/lib/hadoop-lzo-0.6.0.2.3.4.31-2.jar:/etc/hadoop/conf/secure SPARK_LOG_URL_STDERR -> http://bvlhdppdn05.conocophillips.net:8042/node/containerlogs/container_e1394_1466953988053_3651_01_000003/katarm/stderr?start=-4096 SPARK_YARN_STAGING_DIR -> .sparkStaging/application_1466953988053_3651 SPARK_YARN_CACHE_FILES_FILE_SIZES -> 188131242,335155,37562 SPARK_USER -> mayank SPARK_YARN_CACHE_FILES_VISIBILITIES -> PRIVATE,PRIVATE,PRIVATE SPARK_YARN_MODE -> true SPARK_YARN_CACHE_FILES_TIME_STAMPS -> 1467231616831,1467231616933,1467231616967 SPARK_HOME -> /usr/hdp/2.3.2.0-2950/spark/ PYTHONPATH -> /usr/hdp/2.3.4.31-2/spark/python/lib/py4j-0.8.2.1-src.zip:/usr/hdp/2.3.4.31-2/spark/python/:<CPS>{{PWD}}/pyspark.zip<CPS>{{PWD}}/py4j-0.8.2.1-src.zip SPARK_LOG_URL_STDOUT -> http://client.net:8042/node/containerlogs/container_e1394_1466953988053_3651_01_000003/mayank/stdout?start=-4096 SPARK_YARN_CACHE_FILES -> hdfs://clustername/user/mayank/.sparkStaging/application_1466953988053_3651/spark-assembly-1.5.2.2.3.4.31-2-hadoop2.7.1.2.3.4.31-2.jar#__spark__.jar,hdfs://clustername/user/mayank/.sparkStaging/application_1466953988053_3651/pyspark.zip#pyspark.zip,hdfs://clutername/user/mayank/.sparkStaging/application_1466953988053_3651/py4j-0.8.2.1-src.zip#py4j-0.8.2.1-src.zip Also the CLI throws below error, SPARK_HOME is pointing to old version for serializer however using right python libs from new version. File "/usr/hdp/2.3.4.31-2/spark/python/pyspark/rdd.py", line 1295, in takeUpToNumLeft yield next(iterator) File "/usr/hdp/2.3.2.0-2950/spark/python/lib/pyspark.zip/pyspark/serializers.py", line 139, in load_stream yield self._read_with_length(stream) File "/usr/hdp/2.3.2.0-2950/spark/python/lib/pyspark.zip/pyspark/serializers.py", line 164, in _read_with_length I have set the right path for $SPARK_USER under my .bashrc. Thanks Mayank ... View more
Labels:

Re: Kerberos - Potential Security Threat

by Rising Star in Support Questions
‎06-08-2016 02:58 PM
‎06-08-2016 02:58 PM
Thanks @emaxwell I hope this will help most of us, specially the ones using MS AD KDC. Regards Mayank ... View more

Kerberos - Potential Security Threat

by Rising Star in Support Questions
‎06-08-2016 02:21 PM
‎06-08-2016 02:21 PM
Hello experts, I feel confident with Kerberos Authentication, however a recent article has created a panic among few customers, I would like to understand if there is a real threat and how others are thinking through it. http://news4security.com/posts/2015/12/old-microsoft-kerberos-vulnerability-gets-new-spotlight/ The article talks about various ways to attack Kerberos and obtain or pass forged tickets. Would be real helpful if security experts can clear the air, specially what these threat means in hadoop world (if any) Thanks Mayank ... View more

Re: Hive Vectorization error/doubt

by Rising Star in Support Questions
‎06-01-2016 03:00 PM
‎06-01-2016 03:00 PM
@Sunile Manjee I will reproduce the error and will revert with logs. ... View more

Hive Vectorization error/doubt

by Rising Star in Support Questions
‎06-01-2016 02:10 PM
‎06-01-2016 02:10 PM
Hello experts, One of our client was facing below error while doing a left outer join (scope was to flatten the data) error "Vertex did not succeed due to OWN_TASK_FAILURE, failedTasks:1 killedTasks:193, Vertex vertex_1461710542055_2118_9_00 [Map 3] killed/failed due to:OWN_TASK_FAILURE]Vertex killed, vertexName=Reducer 2," We suggested a work around to set below to false since in certain cases where a partitioned table has a DDL change. Vectorization has a problem. "set hive.vectorized.execution.enabled=false" And the above solved the issue. My Question : What is the benefit of having the parameter? My understanding is vectorization minimizes high CPU use, so a 'false' value mean we lose performance? How can we add a new attributes on a Large Partition table without performance degradation or getting queries to fail as it did earlier? Suggestions for best practices. Thanks Mayank ... View more
Labels:

Re: I am creating a policy in ranger which blocks ...

by Rising Star in Support Questions
‎05-04-2016 02:16 AM
‎05-04-2016 02:16 AM
@khushi kalra 'Ranger will check all or give permission', you cannot block a user in Ranger but give access. If you want to block a file from user, lock it via acl and give rest the access via Ranger. Thanks ... View more

Re: Address already in use when deploying a cluste...

by Rising Star in Support Questions
‎04-07-2016 07:56 PM
‎04-07-2016 07:56 PM
Yes, and restart it. Should be fine. Thanks! ... View more
Contact Me
Online
Offline
Last Visited
‎09-26-2017 04:08 AM
Public Statistics
Date Registered ‎10-01-2015 02:34 PM
Last Visited ‎09-26-2017 04:08 AM
Total Messages Posted 52
Total Kudos Received 25