Hi All, I am trying to run a saprk job which create hive context and triggered through ooize using shell action.When i run this job standalone without oozie,it works fine.With oozie it gives below error.Any help please: 9/07/29 10:56:07 INFO hive.HiveContext: Initializing HiveMetastoreConnection version 1.2.1 using Spark classes. 19/07/29 10:56:07 INFO client.ClientWrapper: Inspected Hadoop version: 2.7.3.2.6.4.0-91 19/07/29 10:56:07 INFO client.ClientWrapper: Loaded org.apache.hadoop.hive.shims.Hadoop23Shims for Hadoop version 2.7.3.2.6.4.0-91 19/07/29 10:56:07 INFO client.ClientWrapper: Attempting to login to Kerberos using principal: user@HDP.COM and keytab: user.keytab-f5b06c50-7f5f-4ba4-985c-74c4c2c98f74 19/07/29 10:56:07 INFO security.UserGroupInformation: Login successful for user user@HDP.COM using keytab file user.keytab-f5b06c50-7f5f-4ba4-985c-74c4c2c98f74 19/07/29 10:56:07 INFO hive.metastore: Trying to connect to metastore with URI thrift://<masternode>:9083 19/07/29 10:56:07 ERROR transport.TSaslTransport: SASL negotiation failure javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]   at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)   at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)   at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)   at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)   at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)   at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)   at java.security.AccessController.doPrivileged(Native Method)   at javax.security.auth.Subject.doAs(Subject.java:422)   at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1869)   at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)   at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:420)   at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:236)   at org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient.<init>(SessionHiveMetaStoreClient.java:74)   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)   at java.lang.reflect.Constructor.newInstance(Constructor.java:423)   at org.apache.hadoop.hive.metastore.MetaStoreUtils.newInstance(MetaStoreUtils.java:1521)   at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.<init>(RetryingMetaStoreClient.java:86)   at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:132)   at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:104)   at org.apache.hadoop.hive.ql.metadata.Hive.createMetaStoreClient(Hive.java:3005)   at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:3024) ... View more

Hi, I have kerberos and HA enabled on my hadoop cluster.Now to enable HA over the webhdfs i did the following configuration: <provider> <role>ha</role> <name>HaProvider</name> <enabled>true</enabled> <param> <name>WEBHDFS</name> <value>maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000;enabled=true</value> </param> </provider> <service> <role>WEBHDFS</role> <url>http://<nn1>:50070/webhdfs</url> <url>http://<nn2>:50070/webhdfs</url> </service> But the curl command is still failing. I am not using SSL. Can someone point to correct curl command i should use assuming knox1 is my hostname of knox gateway. I have used below command $ curl -k -i -vvvv --negotiate -u : "http://<knox1>:50070/gateway/<cluster_name>/webhdfs/v1/user?=op=LISTSTATUS" I have followed below tutorials but they cannot help: https://community.hortonworks.com/questions/35125/knox-error-after-configuring-namenode-ha.html https://community.hortonworks.com/content/supportkb/150585/how-to-configure-a-knox-topology-for-namenode-ha-1.html ... View more

Hi, I am running service checks before upgrading my HDP cluster from 2.5.3 to 2.6.4 and only hive service check is failing. My cluster is kerberised. resource_management.core.exceptions.ExecutionFailed: Execution of '/var/lib/ambari-agent/tmp/templetonSmoke.sh dev-hdp-11.example.com ambari-qa 50111 idtest.ambari-qa.1537543727.36.pig /etc/security/keytabs/smokeuser.headless.keytab true /usr/bin/kinit ambari-qa@HDP.EXAMPLE.COM /var/lib/ambari-agent/tmp' returned 1. Templeton Smoke Test (status cmd): Failed. : <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 Authentication required</title> </head> <body> <h2>HTTP ERROR: 401</h2> <p>Problem accessing /templeton/v1/status. Reason: <pre> Authentication required</pre></p> <hr /><i><small>Powered by Jetty://</small></i> My systems are on EXAMPLE.COM and i have setup a different HDP.EXAMPLE.COM relam. When i run the above curl command manually in verbose mode i get error like krbgt/EXAMPLE.COM@HDP.EXAMPLE.COM not in kerberos database. Do i need to setup this principal in kdc ? ... View more

Hi, Enabled kerberos on AMbari 2.5 .Seeing below error while starting YARN/HIVE/HBASE services. Traceback (most recent call last): File "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py", line 157, in <module> HbaseMaster().execute() File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 280, in execute method(env) File "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py", line 84, in start self.configure(env) # for security File "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py", line 39, in configure hbase(name='master') File "/usr/lib/python2.6/site-packages/ambari_commons/os_family_impl.py", line 89, in thunk return fn(*args, **kwargs) File "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase.py", line 199, in hbase owner=params.hbase_user File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 155, in __init__ self.env.run() File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 160, in run self.run_action(resource, action) File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 124, in run_action provider_action() File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 459, in action_create_on_execute self.action_delayed("create") File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 456, in action_delayed self.get_hdfs_resource_executor().action_delayed(action_name, self) File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 247, in action_delayed self._assert_valid() File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 231, in _assert_valid self.target_status = self._get_file_status(target) File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 292, in _get_file_status list_status = self.util.run_command(target, 'GETFILESTATUS', method='GET', ignore_status_codes=['404'], assertable_result=False) File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 192, in run_command raise Fail(err_msg) resource_management.core.exceptions.Fail: Execution of 'curl -sS -L -w '%{http_code}' -X GET --negotiate -u : 'http://<hostname>:50070/webhdfs/v1/apps/hbase/data?op=GETFILESTATUS&user.name=hdfs'' returned status_code=401. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /webhdfs/v1/apps/hbase/data. Reason: <pre> Authentication required</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> ANy help @Geoffrey Shelton Okot ... View more

Hi, I have to upgrade my Dev,QA,Preprod,Prod HDP clusters from 2.5.3.16 to 2.6.4 one by one.All the cluster are kerberos enabled and using full stack.Can you please share a link which i can read about to have details of upgrade process. Any link where issues faced during upgrade are discussed? TIA ... View more

Hi,I have a Kerberized cluster.I want to run webhdfs/REST call from my laptop. I donot have knox as of now.How can i do that? ... View more

Hi,I have to turn on the HDP security using AD first time on my cluster.Can some provide me step by step documentation and prerequisite for same what i need handy? Can my AD be my KDC?or do i need to have KDC installed within Hadoop cluster ideally with same realm as of KDC? While working on enabling Kerberos using existing AD,what will be kadmin host and KDC host? TIA @Geoffrey Shelton Okot ... View more

Hi, How we can setup spengo authentication for client when Client and HDP cluster are in different domains. My hdp cluster is running with ENV.COM.I have installed KDC server. My Mac is on corporate domain on global.company.com.When i do a klist on mac,it gives me ticket from my corporate domain controller.i cannot use keytab of cluster. Can someoen help? ... View more

Hi, I have a keberised cluster setup working fine.I want my end users to do all webhdfs,atlas,and all work using REST API/CURL command or Postman from their laptop. Can someone point me to steps/documention to achieve this along with few examples. Thanks Much ... View more

I have kerberised the hdp cluster.All the components and everything working fine except kafka.i observed that i am able to run kafka without any token and kinit.while for other compenents like hdfs,hive,hbase,spark i have to do kinit.why is such a issue?Any reasons?I only have 1 kafka broker in my cluster. ... View more

Seeing below exception in Kafka Logs after enabling Kafka: p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures} span.s2 {font-variant-ligatures: no-common-ligatures; background-color: #00e6e6} [2018-05-25 18:57:02,370] INFO Connecting to zookeeper on <hots1>:2181,<host2>:2181,<host3>:2181 (kafka.server.KafkaServer) [2018-05-25 18:57:02,596] FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at kafka.server.KafkaServer.startup(KafkaServer.scala:180) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) [2018-05-25 18:57:02,607] INFO shutting down (kafka.server.KafkaServer) [2018-05-25 18:57:02,618] INFO shut down completed (kafka.server.KafkaServer) [2018-05-25 18:57:02,619] FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable) org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at kafka.server.KafkaServer.startup(KafkaServer.scala:180) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) [2018-05-25 18:57:02,634] INFO shutting down (kafka.server.KafkaServer) ... View more

Any step by step link/documentation for enabling SSL on HDP across all components...kafka,spark,hive,hbase,hdfs,MR,YARN etc. ... View more