Cloudera Community
hyadav
user rank
Rising Star

Re: Hive server 2 thrift error

by New Contributor in Support Questions
‎08-12-2019 09:15 PM
‎08-12-2019 09:15 PM
I am facing the same error , I am trying to connect from the ODBC driver. Do you have any idea , how you resolve this issue. i am getting the error in odbc as Failed to initialize security context: No authority could be contacted for authentication. and in hiveserver2 log.Caused by: org.apache.thrift.transport.TSaslTransportException: No data or no sasl data in the stream ... View more

Re: Ambari for LDAP or Active Directory Authentica...

by Guru in Support Questions
‎07-20-2016 01:10 PM
3 Kudos
‎07-20-2016 01:10 PM
3 Kudos
@Krishna Pandey is mostly correct, however: For #1, though Ambari does store the manager DN and password, it does not store the synced users passwords. Because of this, Ambari relies on the LDAP server to validate authentication for these users. For #2 and #3, Ambari has no ability to manage passwords in the LDAP server. Therefore if a user wants to change their password or is required to change their password, they need to use some other facility. With this, if the user must change their password before authenticating, then authenticate will fail until the password is changed using some other facility. I assume that if the user is no longer required to change their password, authentication should work again. ... View more

Configuring Ranger Policy Administration High Avai...

by Rising Star in Community Articles
‎06-22-2016 01:31 PM
1 Kudo
‎06-22-2016 01:31 PM
1 Kudo
Documentation referred: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_installing_manually_book/content/configure-ranger_policy_admin_ha.html Environment Information: [ hivenv ] >> Cluster name hivenv-ambari-server.hwxblr.com >> 10.0.1.26 >> Ambari Server hn1.hwxblr.com >> 10.0.1.21 >> Existing Ranger Admin hn3.hwxblr.com >> 10.0.1.23 >> Load Balancer hn2.hwxblr.com >> 10.0.1.25 >> Additional Ranger Admin # hadoop version Hadoop 2.7.1.2.3.2.0-2950 Subversion git@github.com:hortonworks/hadoop.git -r5cc60e0003e33aa98205f18bccaeaf36cb193cc Compiled by jenkins on 2015-09-30T18:08Z Compiled with protoc 2.5.0 From source with checksum 69a3bf8c667267c2c252a54fbbf23d This command was run using /usr/hdp/2.3.2.0-2950/hadoop/lib/hadoop-common-2.7.1.2.3.2.0-2950.jar # uname -a Linux hn1.hwxblr.com 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release CentOS release 6.7 (Final) Steps to be followed: Install the Ranger Admin component on the hosts you wish to use – hn1.hwxblr.com. For information about installing Ranger over Ambari, see Installing Ranger Over Ambari 2.0 . Configure a load balancer to balance the loads among the various Ranger Admin instances and take note of the load balancer URL. Step 1: Before Installing HAProxy on the server we need to install epel repository on our system depending on our operating system version using following command. CentOS/RHEL 5 , 32 bit: # rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm CentOS/RHEL 5 , 64 bit: # rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm CentOS/RHEL 6 , 32 bit: # rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm CentOS/RHEL 6 , 64 bit: # rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Step 2: Install HAProxy using Yum. [root@hn3 ~]# yum install haproxy Step 3: Now we will configure HAProxy. [root@hn3 ~]# vi /etc/haproxy/haproxy.cfg Please refer for brief documentation before editing this file : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Load_Balancer_Administration/ch-haproxy-setup-VSA.html [root@hn3 ~]# cat haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 30000 #--------------------------------------------------------------------- # round robin balancing between Ranger HA #--------------------------------------------------------------------- frontend haproxy bind 10.0.1.28:6080 reqadd X-Forwarded-Proto:\ http default_backend ranger_ha backend ranger_ha 10.0.1.28:6080 balance roundrobin mode http stats enable stats hide-version stats uri /stats stats realm Haproxy\ Statistics stats auth haproxy:redhat option httpchk option httpclose option forwardfor cookie LB insert server hn1.hwxblr.com 10.0.1.27:6080 cookie A check server hn2.hwxblr.com 10.0.1.29:6080 check [root@hn3 ~]# Step 5: Start the HAProxy service [root@hn3 ~]# service haproxy start Step 6: To make the HAProxy service persist through reboots [root@hn3 ~]# chkconfig haproxy on Update the Policy Manager external URL in all Ranger Admin clients (Ranger UserSync and Ranger plug-ins) to point to the load balancer URL. Ambari >> Ranger >> Configs >>Ranger Settings >> External URL (policymgr_external_url ) : http://hn3.hwxblr.com:6080 Enable Ranger Admin HA Wizard >> On Ambari >> Ranger >> Service Actions >> Enable Ranger HA URL to load balancer: http://10.0.1.23:6080 Select additional Ranger Admin as hn2.hwxblr.com Install Additional Ranger Admin Access Load Balancer URL: http://10.0.1.23:6080 , you should be able to access Ranger policies. ... View more

Re: Between HDFS encryption and compression

by Master Guru Master Guru in Support Questions
‎06-21-2016 07:34 AM
‎06-21-2016 07:34 AM
Compression and encryption are 2 different things: In Step 1 you compress a file, or not, it's optional but recommended unless you have reasons not to compress it. In Step 2 you encrypt the file from Step 1. ... View more

Re: Group names from AD contain special characters...

by Rising Star in Support Questions
‎06-14-2016 08:38 AM
‎06-14-2016 08:38 AM
@dsharma Thank you ... View more

Re: Add/Remove external LDAP users to/from an inte...

by Explorer in Community Articles
‎08-23-2017 01:30 PM
‎08-23-2017 01:30 PM
Hi, I'm using SSL-enabled Ranger 0.7 with LDAP/AP usersync. I wiped the external groups added by the LDAP/AD sync process and I'm attempting to add a user imported from LDAP/AP (demo1) to an internal group (demo1_grp). So before starting the user demo1 had no groups. My /tmp/ugsync.txt file is as follows: # cat /tmp/ugsync.txt "demo1","demo1","demo1_grp" When launching the code above I get the following erros: log4j: reset attribute= "false". log4j: Threshold ="null". log4j: Level value for root is [info]. log4j: root level set to INFO log4j: Class name: [org.apache. log4j.DailyRollingFileAppender] log4j: Setting property [file] to [/var/log/ranger/usersync/usersync.log]. log4j: Setting property [datePattern] to ['.'yyyy-MM-dd]. log4j: Parsing layout of class: "org.apache.log4j.PatternLayout" log4j: Setting property [conversionPattern] to [%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n]. log4j: setFile called: /var/log/ranger/usersync/usersync.log, true log4j: setFile ended log4j: Appender [logFile] to be rolled at midnight. log4j: Adding appender named [logFile] to category [root]. Exception in thread "main" java.lang.NullPointerException at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildGroupList(PolicyMgrUserGroupBuilder.java:425) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:194) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:163) at org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder.main(FileSourceUserGroupBuilder.java:63) Any ideas? Thanks in advance. ... View more

Re: Ranger Admin stops applying policy updates.

by Super Guru in Support Questions
‎05-23-2016 11:33 AM
‎05-23-2016 11:33 AM
@Harini Yadav Please check this - Ranger will always takes 1st precedence and then POSX permissions/HDFS acl's. Also setting "xasecure.add-hadoop-authorization" = false in ranger-hdfs-security.xml in /etc/hadoop/conf will stop the fall back to HDFS ACL. Please check below url's for more details - http://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/ https://community.hortonworks.com/questions/22054/should-we-disable-hdfs-default-acl-to-enable-range.html ... View more

Re: Ambari to create and maintain principals and k...

by Master Mentor in Support Questions
‎05-18-2016 12:18 PM
‎05-18-2016 12:18 PM
@Harini Yadav If service is not managed by ambari then it's not possible. Please see this doc to go through kerberos setup. I am sure that you have seen this http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.2.0/bk_Ambari_Security_Guide/content/ch_configuring_amb_hdp_for_kerberos.html ... View more

Re: Unable to view job info in the RM UI for the j...

by Guru in Support Questions
‎05-23-2016 08:39 PM
1 Kudo
‎05-23-2016 08:39 PM
1 Kudo
Hi @Harini Yadav/ @Sri Bandaru Only users mentioned in "mapreduce.job.acl-view-job" [mapred-site.xml] can view the private details about the job. More information can be found by grepping for mapreduce.job.acl-view-job in https://hadoop.apache.org/docs/r2.7.1/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml ... View more

Re: Does Hortonworks support the following Securit...

by Guru Guru in Support Questions
‎03-14-2016 03:30 PM
‎03-14-2016 03:30 PM
There's no WS-* code, hence no need for the WS-* stuff. OAuth? Maybe some time in the future. Note also: SASL, SPNEGO ... View more
Contact Me
Online
Offline
Last Visited
‎08-15-2019 06:35 AM
Community Statistics
Member Since ‎01-27-2016 09:53 AM
Last Visited ‎08-15-2019 06:35 AM
Posts 27
Kudos received 25