Member since
12-11-2015
67
Posts
10
Kudos Received
2
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2328 | 05-11-2016 04:36 PM | |
2974 | 01-28-2016 10:42 PM |
03-14-2019
03:31 PM
Hi Jay Kumar SenSharma , Can you please address my issue with the host recovery from Ambari after OS upgraded from RHEL 6 to RHEL 7. https://community.hortonworks.com/questions/242900/recover-host-on-ambari-26-creating-only-kerberos-r.html
... View more
07-11-2018
07:07 PM
Hi Chen, Can you please share the fulld eck of ansible script? My mail id - gvfriend2003@gmail.com Greatly appreciate your effort in creating teh ansible scripts for cluster automation. Thanks, Venkat
... View more
04-26-2017
06:07 PM
Hey, We are using HDP2.3.6. We are geeting below error when we configured Ranger to store audit on Solr. 2017-04-25 09:16:23,366 WARN [org.apache.ranger.audit.queue.AuditBatchQueue0]: provider.BaseAuditHandler (BaseAuditHandler.java:logFailedEvent(374)) - failed to log audit event: {"repoType":3,"repo":"hdpt01_hive","reqUser":"hadooptest","evtTime":"2017-04-25 09:16:21.124","access":"USE","resType":"@null","action":"SHOWDATABASES","result":1,"policy":6,"enforcer":"ranger-acl","sess":"06802e00-eda7-4bd2-a812-7e2ed2621e24","cliType":"HIVESERVER2","cliIP":"","reqData":"show schemas","agentHost":"hivehost","logType":"RangerAudit","id":"d8b3d307-0035-4613-a7ff-872fa1c46a9e","seq_num":0,"event_count":1,"event_dur_ms":0}
org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://hostname:8886/solr/ranger_audit: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 401 Authentication required</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/ranger_audit/update. Reason:
<pre> Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html> The cluster is kerberized. Below error is seen when accessing teh ambari-infra-solr UI http://hostname:8886/solr/ GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
... View more
04-26-2017
06:07 PM
Hi, I am getting the below error when I configured Ranger to use Solr for audits. We are using HDP-2.3.6 2017-04-26 09:29:22,353 [http-bio-6080-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:79) - Error from Solr server.
org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://hostname:8886/solr/ranger_audit: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 401 Authentication required</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/ranger_audit/select. Reason:
<pre> Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html> I see the below error when I access Solr UI http://hostname:8886/solr/ GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44)) The cluster is kerberized
... View more
06-02-2016
06:40 PM
Any update on the above error?
... View more
05-27-2016
02:33 PM
Hi Sri, Thanks for the response. It did work. Thank you so much for your help. I accept this answer.
... View more
05-26-2016
09:12 PM
Hbase master log lp.bcbsa.com:2181 sessionTimeout=30000 watcher=master:160000x0, quorum=mdcthdpdas10lp.bcbsa.com:2181, baseZNode=/hbase-secure1
2016-05-26 16:11:43,494 WARN [main-SendThread(mdcthdpdas10lp.bcbsa.com:2181)] client.ZooKeeperSaslClient: Could not login: the client is being asked for a password, but the Zookeeper client code does not currently support obtaining a password from the user. Make sure that the client is configured to use a ticket cache (using the JAAS configuration setting 'useTicketCache=true)' and restart the client. If you still get this message after that, the TGT in the ticket cache has expired and must be manually refreshed. To do so, first determine if you are using a password or a keytab. If the former, run kinit in a Unix shell in the environment of the user who is running this Zookeeper client using the command 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal). If the latter, do 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and <keytab> is the location of the keytab file). After manually refreshing your cache, restart this client. If you continue to see this message after manually refreshing your cache, ensure that your KDC host's clock is in sync with this host's clock.
2016-05-26 16:11:43,499 WARN [main-SendThread(mdcthdpdas10lp.bcbsa.com:2181)] zookeeper.ClientCnxn: SASL configuration failed: javax.security.auth.login.LoginException: No password provided Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
2016-05-26 16:11:43,500 INFO [main-SendThread(mdcthdpdas10lp.bcbsa.com:2181)] zookeeper.ClientCnxn: Opening socket connection to server mdcthdpdas10lp.bcbsa.com/10.145.4.30:2181
2016-05-26 16:11:43,503 INFO [main-SendThread(mdcthdpdas10lp.bcbsa.com:2181)] zookeeper.ClientCnxn: Socket connection established to mdcthdpdas10lp.bcbsa.com/10.145.4.30:2181, initiating session
2016-05-26 16:11:43,509 INFO [main-SendThread(mdcthdpdas10lp.bcbsa.com:2181)] zookeeper.ClientCnxn: Session establishment complete on server mdcthdpdas10lp.bcbsa.com/10.145.4.30:2181, sessionid = 0x154a09cb3c7005a, negotiated timeout = 30000
2016-05-26 16:11:43,516 ERROR [main] master.HMasterCommandLine: Master exiting
java.lang.RuntimeException: Failed construction of Master: class org.apache.hadoop.hbase.master.HMaster
at org.apache.hadoop.hbase.master.HMaster.constructMaster(HMaster.java:2290)
at org.apache.hadoop.hbase.master.HMasterCommandLine.startMaster(HMasterCommandLine.java:233)
at org.apache.hadoop.hbase.master.HMasterCommandLine.run(HMasterCommandLine.java:139)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
at org.apache.hadoop.hbase.util.ServerCommandLine.doMain(ServerCommandLine.java:126)
at org.apache.hadoop.hbase.master.HMaster.main(HMaster.java:2304)
Caused by: org.apache.zookeeper.KeeperException$InvalidACLException: KeeperErrorCode = InvalidACL for /hbase-secure1
at org.apache.zookeeper.KeeperException.create(KeeperException.java:121)
... View more
05-26-2016
07:37 PM
Hi, I created a hive view instance but when I try to run a query it gives below error Caused by: org.apache.thrift.protocol.TProtocolException: Required field 'serverProtocolVersion' is unset! Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to validate proxy privilege of ambari-qa for gv07680:33:32, org.apache.hive.service.auth.HiveAuthFactory:verifyProxyAccess:HiveAuthFactory.java:359, org.apache.hive.service.cli.thrift.ThriftCLIService:getProxyUser:ThriftCLIService.java:731, org.apache.hive.service.cli.thrift.ThriftCLIService:getUserName:ThriftCLIService.java:367, org.apache.hive.service.cli.thrift.ThriftCLIService:getSessionHandle:ThriftCLIService.java:394, org.apache.hive.service.cli.thrift.ThriftCLIService:OpenSession:ThriftCLIService.java:297, org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1253, org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1238, org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39, org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39, org.apache.thrift.server.TServlet:doPost:TServlet.java:83, org.apache.hive.service.cli.thrift.ThriftHttpServlet:doPost:ThriftHttpServlet.java:171, javax.servlet.http.HttpServlet:service:HttpServlet.java:727, javax.servlet.http.HttpServlet:service:HttpServlet.java:820, org.eclipse.jetty.servlet.ServletHolder:handle:ServletHolder.java:565, org.eclipse.jetty.servlet.ServletHandler:doHandle:ServletHandler.java:479, org.eclipse.jetty.server.session.SessionHandler:doHandle:SessionHandler.java:225, org.eclipse.jetty.server.handler.ContextHandler:doHandle:ContextHandler.java:1031, org.eclipse.jetty.servlet.ServletHandler:doScope:ServletHandler.java:406, org.eclipse.jetty.server.session.SessionHandler:doScope:SessionHandler.java:186, org.eclipse.jetty.server.handler.ContextHandler:doScope:ContextHandler.java:965, org.eclipse.jetty.server.handler.ScopedHandler:handle:ScopedHandler.java:117, org.eclipse.jetty.server.handler.HandlerWrapper:handle:HandlerWrapper.java:111, org.eclipse.jetty.server.Server:handle:Server.java:349, org.eclipse.jetty.server.AbstractHttpConnection:handleRequest:AbstractHttpConnection.java:449, org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler:content:AbstractHttpConnection.java:925, org.eclipse.jetty.http.HttpParser:parseNext:HttpParser.java:857, org.eclipse.jetty.http.HttpParser:parseAvailable:HttpParser.java:235, org.eclipse.jetty.server.AsyncHttpConnection:handle:AsyncHttpConnection.java:76, org.eclipse.jetty.io.nio.SelectChannelEndPoint:handle:SelectChannelEndPoint.java:609, org.eclipse.jetty.io.nio.SelectChannelEndPoint$1:run:SelectChannelEndPoint.java:45, java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145, java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615, java.lang.Thread:run:Thread.java:745, *org.apache.hadoop.security.authorize.AuthorizationException:User: ambari-qa is not allowed to impersonate gv07680:0:-1], sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of ambari-qa for gv07680), serverProtocolVersion:null) I did kerberos setup for ambari user using ambari-server setup-security with ambari-qa as the ambari user. I did set up proxyuser settings in core-site.xml file using below configs hadoop.proxyuser.ambari-server.groups: * hadoop.proxyuser.ambari-server.hosts: *
We are using ambari-2.2.2 and HDP-2.3.0. Below are the configs for Hiev view instance Hive Authentication: auth=KERBEROS;principal=hive/_HOST@HADOOP.COM;hive.server2.proxy.user=gv07680 WebHDFS Username: gv07680 WebHDFS Authentication: auth=KERBEROS;proxyuser=ambari-qa@HADOOP.COM Scripts HDFS Directory*: /user/gv07680/hive/scripts HiveServer2 Thrift port*: 10001 HiveServer2 Http port*: 10001HiveServer2 Http path*: cliserviceHiveServer2 Transport Mode*: http WebHDFS FileSystem URI*: webhdfs://hostname:50070 There is no HA, so no HA related configs. But still I see the Failed to validate proxy privilege of ambari-qa for gv07680 error Below is the config for /etc/ambari-server/conf/krb5JAASLogin.conf com.sun.security.jgss.krb5.initiate { com.sun.security.auth.module.Krb5LoginModule required renewTGT=false doNotPrompt=true useKeyTab=true keyTab="/etc/security/keytabs/smokeuser.headless.keytab" principal="ambari-qa@BCBSA.COM"
storeKey=true
useTicketCache=false; };
Please advise.
... View more
Labels:
- Labels:
-
Apache Ambari
05-11-2016
04:36 PM
I restarted all services from Ambari and Hbase came up successfully without any problem. So, it clearly shows teh problem was because of not follwoing the order while restarting the services. But it would be great if someone let know the root cause for the above problem. Thanks in advance
... View more
05-11-2016
03:50 PM
Hi, I have upgraded Ambari recently to 2.2.2. After upgrade, Ambarai asked for restart of most of the components. I have restarted them but Hbase is restarted ahead of Zookeeper. Now, Hbase master fails to start with below error ERROR [main] master.HMasterCommandLine: Master exiting
java.lang.RuntimeException: Failed construction of Master: class org.apache.hadoop.hbase.master.HMaster Caused by: org.apache.zookeeper.KeeperException$InvalidACLException: KeeperErrorCode = InvalidACL for /hbase-secure Please help me on this. Thanks, Venkat
... View more
Labels:
- Labels:
-
Apache HBase