Member since
10-03-2017
82
Posts
2
Kudos Received
0
Solutions
02-27-2018
06:35 PM
Thanks @spolavarapu. This worked for me.
... View more
03-15-2018
09:45 PM
That's correct @GN_Exp. If you want to do SLA in Knox via Ranger plugin then you'd need kerberos too.
... View more
10-25-2017
06:28 PM
This is because 'guest' user in the Demo Ldap does not belong to group "users". For this to work you should create a group "users" in the demo ldap (users.ldif) and add guest user to it. You could try to impersonate 'guest' to a user who belongs to 'users' group on the machine.
... View more
10-17-2017
04:54 PM
@Neha G In a kerberized cluster there are 2 types of keytabs or principals headless and service principals. Headless principals are not bound to a specific host or node and are presented like @ SRV.COM Service principals are bound to a specific service and host or node, and are presented like with syntax: /@ SRV.COM So when you initialize the hdfs.headless.keytab is as DoAs so the user will take hdfs permissions
... View more
10-16-2017
05:04 AM
@Neha G You can use the basic hdfs commands to achieve this. hdfs dfs -copyFromLocal <local file system path> <hdfs path> - to copy files from local to hdfs hdfs dfs -copyToLocal <hdfs path> <local fs path> - copy from hdfs to local hdfs dfs -put <local file system path> <hdfs path> - to copy files from local to hdfs hdfs dfs -get <hdfs path> <local fs path> - copy from hdfs to local hdfs dfs -ls <path> - list the files. Check this link for more commands. https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/FileSystemShell.html Make sure to run kinit with hdfs keytab before running the above commands as it is a secure enviroment ( kinit -kt /etc/security/keytabs/hdfs.headless.keytab <principal>) If you don't know the value of principal , you can run the below command and get it [root@xxxxx ~]# klist -kte /etc/security/keytabs/hdfs.headless.keytab
Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
1 09/10/17 14:06:14 hdfs@EXAMPLE.COM (aes128-cts-hmac-sha1-96)
1 09/10/17 14:06:14 hdfs@EXAMPLE.COM (arcfour-hmac)
1 09/10/17 14:06:14 hdfs@EXAMPLE.COM (des-cbc-md5)
1 09/10/17 14:06:14 hdfs@EXAMPLE.COM (des3-cbc-sha1)
1 09/10/17 14:06:14 hdfs@EXAMPLE.COM (aes256-cts-hmac-sha1-96) In the above output hdfs@EXAMPLE.COM is the principal, so your kinit command would be kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs@EXAMPLE.COM Note : You can also use ambari files view to do these operations. GUI would be easy. Thanks, Aditya
... View more
10-16-2017
04:13 AM
@Neha G, Glad that it worked for you. Can you please accept the answer and start a new thread for this so that the main thread doesn't get deviated. Please share more logs related to the alerts in the new thread. Thanks, Aditya
... View more
10-27-2017
11:28 AM
@Neha You never responded.
... View more
10-13-2018
11:26 AM
This was fixed for me by updating fqdn name to point to domain name by updating /etc/hosts and resolv.conf.
... View more
10-09-2017
03:32 PM
The JOBTRACKER and NAMENODE services are a bit odd at first glance. Don't confuse their use with proxying of RPC services. These are used in order to realize the rewrite requirements for Oozie. Oozie responses include some host and port information that we need to be able to identify internally through the ServiceRegistryService gateway service.
... View more