The CM version is 7.13.1. Airflow is not available as an option to "Add Service".  Is it possible to use Cloudera's Airflow with 7.1.9sp1? If yes, where  can I download the CSD for Airflow? If there is no CSD, how do I install Cloudera's Airflow as a stand-alone service? Thank you.     ... View more

I just finished installing a new cluster but failed to start the zookeeper service. Each instance started but had the "bad health" flag. The zookeeper log on node 3 showed this error repeatedly.  ++++ Cannot open channel to 1 at election address node1/61.62.63.1:4181 java.net.ConnectException: Connection refused ++++ On node 3, the connection to node 1 zookeeper port showed no issue. $ nc -zv node1 4181 Ncat: Version 7.92 ( https://nmap.org/ncat ) Ncat: Connected to 61.62.63.1:4181. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. On node1, the zookeeper port is open too $ ss -tulnp | grep 4181 tcp LISTEN 0 50 61.62.63.1:4181 0.0.0.0:* The private cloud base cluster is 7.1.9 sp1. Thank you. Regards, ... View more

The error from my Spark job is ++++ Failing this attempt.Diagnostics: Application application_1738011234567_0014 initialization failed (exitCode=255) with output: main : command provided 0 main : run as user is xxxx main : requested yarn user is xxxx User xxxx not found ++++ I read this post <https://community.cloudera.com/t5/Support-Questions/MapReduce-job-failing-after-kerberos/td-p/160273>. My group mapping configuration is hadoop.security.group.mapping = org.apache.hadoop.security.LdapGroupsMapping. I kinited xxxx before the job run. I added the AD user xxxx to an AD group hadoop. But I still got the same error. This online doc might be appliable <https://docs.cloudera.com/cdp-private-cloud-base/7.1.8/security-authorization/topics/cm-security-authorization-ldap-group-mappings.html#ariaid-title3> I might need to add the flag -Dcom.cloudera.cmf.service.config.emitLdapBindPasswordInClientConfig=true to the variable CMF_JAVA_OPTS flag. But the documentation is for CDP 7.1.8 and does not exist for 7.1.7, which is my cluster. Thank you. Best regards, ... View more

I use CDP Private Cloud Base 7.1.7 and just enabled Kerberos security. I followed the setup documentation but could not proceed further than this step <https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/security-kerberos-authentication/topics/cm-security-kerberos-enabling-step7-prepare-cluster.html>. In short, I lost "supergroup" access to hdfs. Here are details. * I created an AD account mysuperuser@example.com and an AD group mysupergroup@example.com. * After Kerberos is enabled, I changed dfs.permissions.superusergroup=mysupergroup, and restarted the cluster. Certainly,  "mysupergroup" and "mysuperuser" do not exist anywhere in Hdfs POSIX permission settings. * I kinited mysuperuser@example.com, but got hdfs permission denied error. It looks like that Kerberos could not understand AD groups associated with the kinited account. * Then I changed dfs.permissions.superusergroup=mysuperuser, restarted all services, but still got permission denied error. I intended to use Ranger to manage HDFS resource permissions. I could not get Ranger properly installed due to the HDFS permission error. Ranger depends on Solr and Solr uses HDFS. Right now Solr gave me an HDFS access error (Java error) - Caused by: org.apache.hadoop.ipc.RemoteException: Permission denied: user=solr, access=WRITE, inode="/":hdfs:supergroup:drwxr-xr-x. I am trying to understand how HDFS permission works after enabling Kerberos but before Ranger is operational. Right now I can only access hdfs via kiniting the hdfs keytab file, which should only be used as a last resort. Thank you. Best regards, ... View more