Member since
06-15-2016
45
Posts
1
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
7662 | 09-05-2019 04:46 AM |
09-05-2019
04:46 AM
Hi All, Resolved using below steps: 1) To observe the Datanode threads: Created a widget in Ambari under HDFS for DataNode Threads (Runnable, Waited, Blocked) Monitored that from a particular date the threads went in wait stage. Exported the graph widget CSV file to view the exact time of wait threads. 2) Restart all Datanodes manually and observed that the wait threads were released. 3) With default 4096 threads the DataNode is running properly. Still unable to understand: 1) How to check the wait threads are in which DataNode? 2) Which task or process tend to threads in the wait stage? Would like to know if anyone comes across this and able to find in detail. Else the above steps are the only solution for wait threads.
... View more
08-18-2019
09:42 PM
Hi @rushi_ns , yours might be completly different issue. Please create a new Question thread stating your issue.
... View more
06-11-2019
11:37 AM
@Jay Kumar SenSharma, Thanks for the support!!! Yeah, there was inconsistency in Ambari-Server DB which was not allowing Alert to function on Ambari-UI. The Ambari-server DB size was grown to 294 MB. By purging the last 6 months from DB and restarting the ambari functioned the Alerts back on Ambari-UI. Would like to know in detail if this happens on PROD env what measures should be taken as an admin.
... View more
09-18-2018
08:28 PM
1 Kudo
@Rohit Sharma Thats exactly how it was designed to function.When you create a Kerberos database kdb5_util create -s and generate keytabs, you are creating a something a private and public key it's the DNA database the keytab is like a biometric passport (keytab) that you present to the airport and its check against the passport database (kdc) to check whether it's really you or someone's passport that's exactly what's happening !!!! The KDC database is checking the keytabs against the ABC.COM yet you are trying to present a wrong passport. So there is no way your Kafka is going to function unless. Recreate the KDC database Regenerate the keytabs Edit the kdc.conf,krb5.conf and kadm5.acl HTH , @Rohit Sharma Whe
... View more
05-15-2018
06:24 AM
Hi All, I resolved this issue, in my cluster the user was created in Ambari View and HDFS /user directory not in OS having hive view access through which i was trying to query "select count(*) from table;". In a kerberized zone if you have enabled Hive impersonation i.e., run hive query using end user, so the "select count(*) from table;" query searches the access and privileges of /tmp/hive directory on the node where Hiveserver2 service is installed. The Solution to this are as follows:
1) Create a user in OS and allow HDFS group permission using "usermod -g hdfs username".
2) Create a user in OS and allow the HDFS and give permission through Ranger of /tmp/hive directory.
3) Disable Hive impersonation i.e., run hive query using end user. This will use hive user to fetch query output in background. Let me know if there are other possible ways to achieve the same.
... View more
04-24-2018
08:48 PM
1 Kudo
@Rohit Sharma Please find below answer to your question though I didn't understand exactly what you meant!!! 1. What are kerberize zone advantages. ? You can't Kerberize a zone but a cluster, but you can create an encryption zone those are 2 different things. The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords across the network. If used properly, Kerberos effectively eliminates the threat that packet sniffers would otherwise pose on a network. 2. Which services should i considered to keep in that zone? Again some confusing here. An encryption zone is a special directory whose contents will be transparently encrypted upon write and transparently decrypted upon read.You can store for example HR salary scheme, or just about any document you deem needs protection You either Kerberize the whole cluster or not, 3. Which approach is good to use other the this.? You need Kerberos if you're serious about security. AD/LDAP will cover only a fraction of components, many other systems will require Kerberos for identity. One can still keep users in the LDAP, but the first line in the infrastructure will be Kerberos. Kerberos is the defacto standard for securing your hadoop environment couple with SSL/SASL and the traditional firewalls and physical protection (Caged nodes in a datacenter) 4. If it's HA and Prod environment what are best practices.? HA and prod I don't see the link. HA is basically having a redundant system which is fault tolerant. And Prod environment is self-explanatory 5. How to implement and configure if I am planning to add ranger poorly? For authentication, there is no alternative for Kerberos. Once your cluster is Kerberized, you can make it easier for certain access path by using AD/LDAP. Example, access to HS2 via AD/LDAP authentication or accessing various services using Knox Authorization can be done via Ranger or using the natively supported ACL. Except for Storm and Kafka, having Kerberos is not mandatory. Without reliable authentication, authorization and auditing is meaningless. Common use case as yours: User A logs into the system with his AD credentials, HDFS or Hive ACL's kicks in for authorization. 6. If it is integrated with HDP and HDF cluster what would be administraror good practice? Now HDP & HDF are both managed by Ambari so that sort of simplifies so admin task for more info 7. Study materials if any in HDP? Better start off with HDP or HDF sandboxes see HDP HDF
... View more
11-21-2017
02:53 PM
@Rohit Sharma Thank you 🙂
... View more
11-16-2017
01:58 PM
@Rohit Sharma Good to know that the issue is resolved. As the issue is resolved, hence it will be also great if you can mark this HCC thread as Answered by clicking on the "Accept" Button on the correct answer. That way other HCC users can quickly find the solution when they encounter the same issue.
... View more
07-20-2017
08:26 AM
@Jay SenSharma I can see in the ambari ui that Node 4 in my cluster is giving the STALE alert. I verified the URL registered hosts and Hosts entry on all the nodes it seems perfect.
... View more