Hi All, I am trying to run a saprk job which create hive context and triggered through ooize using shell action.When i run this job standalone without oozie,it works fine.With oozie it gives below error.Any help please: 9/07/29 10:56:07 INFO hive.HiveContext: Initializing HiveMetastoreConnection version 1.2.1 using Spark classes. 19/07/29 10:56:07 INFO client.ClientWrapper: Inspected Hadoop version: 2.7.3.2.6.4.0-91 19/07/29 10:56:07 INFO client.ClientWrapper: Loaded org.apache.hadoop.hive.shims.Hadoop23Shims for Hadoop version 2.7.3.2.6.4.0-91 19/07/29 10:56:07 INFO client.ClientWrapper: Attempting to login to Kerberos using principal: user@HDP.COM and keytab: user.keytab-f5b06c50-7f5f-4ba4-985c-74c4c2c98f74 19/07/29 10:56:07 INFO security.UserGroupInformation: Login successful for user user@HDP.COM using keytab file user.keytab-f5b06c50-7f5f-4ba4-985c-74c4c2c98f74 19/07/29 10:56:07 INFO hive.metastore: Trying to connect to metastore with URI thrift://<masternode>:9083 19/07/29 10:56:07 ERROR transport.TSaslTransport: SASL negotiation failure javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]   at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)   at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)   at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)   at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)   at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)   at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)   at java.security.AccessController.doPrivileged(Native Method)   at javax.security.auth.Subject.doAs(Subject.java:422)   at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1869)   at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)   at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:420)   at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:236)   at org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient.<init>(SessionHiveMetaStoreClient.java:74)   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)   at java.lang.reflect.Constructor.newInstance(Constructor.java:423)   at org.apache.hadoop.hive.metastore.MetaStoreUtils.newInstance(MetaStoreUtils.java:1521)   at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.<init>(RetryingMetaStoreClient.java:86)   at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:132)   at org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.getProxy(RetryingMetaStoreClient.java:104)   at org.apache.hadoop.hive.ql.metadata.Hive.createMetaStoreClient(Hive.java:3005)   at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:3024) ... View more

Hi, I have kerberos and HA enabled on my hadoop cluster.Now to enable HA over the webhdfs i did the following configuration: <provider> <role>ha</role> <name>HaProvider</name> <enabled>true</enabled> <param> <name>WEBHDFS</name> <value>maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000;enabled=true</value> </param> </provider> <service> <role>WEBHDFS</role> <url>http://<nn1>:50070/webhdfs</url> <url>http://<nn2>:50070/webhdfs</url> </service> But the curl command is still failing. I am not using SSL. Can someone point to correct curl command i should use assuming knox1 is my hostname of knox gateway. I have used below command $ curl -k -i -vvvv --negotiate -u : "http://<knox1>:50070/gateway/<cluster_name>/webhdfs/v1/user?=op=LISTSTATUS" I have followed below tutorials but they cannot help: https://community.hortonworks.com/questions/35125/knox-error-after-configuring-namenode-ha.html https://community.hortonworks.com/content/supportkb/150585/how-to-configure-a-knox-topology-for-namenode-ha-1.html ... View more

Hi, I have to upgrade my Dev,QA,Preprod,Prod HDP clusters from 2.5.3.16 to 2.6.4 one by one.All the cluster are kerberos enabled and using full stack.Can you please share a link which i can read about to have details of upgrade process. Any link where issues faced during upgrade are discussed? TIA ... View more

Hi,I have a Kerberized cluster.I want to run webhdfs/REST call from my laptop. I donot have knox as of now.How can i do that? ... View more

Hi,I have to turn on the HDP security using AD first time on my cluster.Can some provide me step by step documentation and prerequisite for same what i need handy? Can my AD be my KDC?or do i need to have KDC installed within Hadoop cluster ideally with same realm as of KDC? While working on enabling Kerberos using existing AD,what will be kadmin host and KDC host? TIA @Geoffrey Shelton Okot ... View more

Hi, How we can setup spengo authentication for client when Client and HDP cluster are in different domains. My hdp cluster is running with ENV.COM.I have installed KDC server. My Mac is on corporate domain on global.company.com.When i do a klist on mac,it gives me ticket from my corporate domain controller.i cannot use keytab of cluster. Can someoen help? ... View more

Hi, I have a keberised cluster setup working fine.I want my end users to do all webhdfs,atlas,and all work using REST API/CURL command or Postman from their laptop. Can someone point me to steps/documention to achieve this along with few examples. Thanks Much ... View more

I have kerberised the hdp cluster.All the components and everything working fine except kafka.i observed that i am able to run kafka without any token and kinit.while for other compenents like hdfs,hive,hbase,spark i have to do kinit.why is such a issue?Any reasons?I only have 1 kafka broker in my cluster. ... View more

Seeing below exception in Kafka Logs after enabling Kafka: p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures} span.s2 {font-variant-ligatures: no-common-ligatures; background-color: #00e6e6} [2018-05-25 18:57:02,370] INFO Connecting to zookeeper on <hots1>:2181,<host2>:2181,<host3>:2181 (kafka.server.KafkaServer) [2018-05-25 18:57:02,596] FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at kafka.server.KafkaServer.startup(KafkaServer.scala:180) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) [2018-05-25 18:57:02,607] INFO shutting down (kafka.server.KafkaServer) [2018-05-25 18:57:02,618] INFO shut down completed (kafka.server.KafkaServer) [2018-05-25 18:57:02,619] FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable) org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at kafka.server.KafkaServer.startup(KafkaServer.scala:180) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) [2018-05-25 18:57:02,634] INFO shutting down (kafka.server.KafkaServer) ... View more

Any step by step link/documentation for enabling SSL on HDP across all components...kafka,spark,hive,hbase,hdfs,MR,YARN etc. ... View more