Member since
11-29-2016
17
Posts
2
Kudos Received
2
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1863 | 12-13-2016 09:36 PM | |
997 | 11-30-2016 03:37 PM |
01-25-2017
06:40 PM
@apappu Sorry, I was just able to get to the office to try this out. This was the issue, thanks for your help!
Just out of curiosity, why can't a non-root user use port 443?
... View more
01-24-2017
10:13 PM
Hello, I enabled HTTPS for my Ambari Server before I changed it to run as a non-root daemon user. After I enabled non-root daemon, I'm getting the following error: 24 Jan 2017 17:06:48,001 WARN [main] AbstractLifeCycle:204 - FAILED SslSelectChannelConnector@0.0.0.0:443: java.net.SocketException: Permission denied
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:433)
at sun.nio.ch.Net.bind(Net.java:425)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at org.eclipse.jetty.server.nio.SelectChannelConnector.open(SelectChannelConnector.java:187)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:316)
at org.eclipse.jetty.server.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:265)
at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:631)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.server.Server.doStart(Server.java:293)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:617)
at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:927)
It seems as though even though I've put in all the sudo settings (starting here: https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/commands_server.html ) the non-root user still doesn't have enough permissions to read the certificate to use for SSL binding. Does anyone know what is needed for this permission issue to be resolved? The SSL certificate and key are installed in /etc/ssl/certs/ I've been searching and I can't seem to find an answer to this. Thanks
... View more
Labels:
- Labels:
-
Apache Ambari
01-19-2017
03:33 PM
@Oliver Fletcher Yup, this was the issue. I enabled LDAPS on our domain and it works now.
... View more
01-11-2017
07:38 PM
@lraheja
Sure, it's no longer timing out, it's just back to what it was doing before.
kerberos-stack-2.txt
... View more
01-11-2017
06:26 PM
@lraheja I did not go through the ambari-server setup-ldap steps, I must've gone past this some how. After configuring this and restarting Ambari the LDAP tests seem to be getting further but are now just timing out.
My krb5.conf is not configured at all, it's the default conf file. I assumed Ambari was going to configure this through the wizard, is that not the case?
... View more
01-11-2017
06:03 PM
Hi @rguruvannagari thanks for the reply.
I just confirmed with my AD guy that our AD is not set up for SSL at all. I was able to parse AD using the ldapsearch tool using the same DN and ldap url I'm specifying. I'll keep trying different DN's
... View more
01-11-2017
05:39 PM
Hello, I'm receiving this error: Failed to connect to KDC - Failed to communicate with the Active Directory at LDAP://hq.domain.com/OU=Production,OU=domain,DC=hq,DC=domain,DC=com: simple bind failed: hq.domain.com:389
Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.
I've been following this guide: https://www.ibm.com/support/knowledgecenter/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.admin.doc/doc/admin_kerb_activedir.html as well as the HDP documentation on this. I'm doing the automated kerberos wizard. JCE has been distributed to all of the nodes, I'm using Oracle JDK 1.8. Attached is the full stack trace: kerberos-stack.txt The KDC Test Connection passes just fine, I can see expected network traffic between my domain controller and the Ambari server. The only main difference is that I'm not using SSL on AD. I figure this should be fine and Ambari can just use the plaintext 389 port. I realize this is a security concern but I have no way around this right now. I don't have control over this area of our domain setup. Could this be my issue? Any help appreciated. Thanks.
EDIT: I was able to successfully parse AD using the ldapsearch tool using the same DN and LDAP url that I'm specifying. Also with the same admin user.
... View more
Labels:
12-13-2016
09:36 PM
1 Kudo
This is resolved. There were a couple directories leftover in the /usr/hdp location using the old version, it seems Ambari will use this file path to determine the version needed, not sure how to articulate this further but yeah, something metadata wise was changed based on these files existing still. Also doing "python /usr/lib/python2.6/site-packages/ambari_agent/HostCleanup.py --silent" on every machine helped clean up things that were missed. I forgot to run this step.
... View more
12-13-2016
04:51 AM
Hi @rgangappa Thanks for the reply. Unfortunately I've tried this already and it didn't fix the issue. I don't believe the HDP.repo file is the problem, the correct repo is being used, it's just Ambari is instructing yum to install the wrong package - - a package in which does not exist in the correct repo that is loaded into yum.
... View more
12-13-2016
12:02 AM
Hello all, I'm doing an install of HDP 2.5.3. using Ambari 2.4.2.0-136, and the final install continues to fail because of this:
Traceback (most recent call last):
File "/var/lib/ambari-agent/cache/common-services/ATLAS/0.1.0.2.3/package/scripts/atlas_client.py", line 57, in <module>
AtlasClient().execute()
File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 280, in execute
method(env)
File "/var/lib/ambari-agent/cache/common-services/ATLAS/0.1.0.2.3/package/scripts/atlas_client.py", line 45, in install
self.install_packages(env)
File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 567, in install_packages
retry_count=agent_stack_retry_count)
File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 155, in __init__
self.env.run()
File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 160, in run
self.run_action(resource, action)
File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 124, in run_action
provider_action()
File "/usr/lib/python2.6/site-packages/resource_management/core/providers/package/__init__.py", line 54, in action_install
self.install_package(package_name, self.resource.use_repos, self.resource.skip_repos)
File "/usr/lib/python2.6/site-packages/resource_management/core/providers/package/yumrpm.py", line 51, in install_package
self.checked_call_with_retries(cmd, sudo=True, logoutput=self.get_logoutput())
File "/usr/lib/python2.6/site-packages/resource_management/core/providers/package/__init__.py", line 86, in checked_call_with_retries
return self._call_with_retries(cmd, is_checked=True, **kwargs)
File "/usr/lib/python2.6/site-packages/resource_management/core/providers/package/__init__.py", line 98, in _call_with_retries
code, out = func(cmd, **kwargs)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 70, in inner
result = function(command, **kwargs)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 92, in checked_call
tries=tries, try_sleep=try_sleep)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 140, in _call_wrapper
result = _call(command, **kwargs_copy)
File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 293, in _call
raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of '/usr/bin/yum -d 0 -e 0 -y install atlas-metadata_2_5_0_0_1245' returned 1. Error: Nothing to do The error "Nothing to do" is being thrown because "atlas-metadata_2_5_0_0_1245" doesn't exist in the HDP 2.5.3 repo, manually trying to install this shows this. When I do "yum search atlas" it shows this version: atlas-metadata_2_5_3_0_37 but yet Ambari is not set to install this version for some reason even though in the install wizard I specified 2.5.3.
Here is what my HDP.repo looks like on every node: [HDP-2.5]
name=HDP-2.5
baseurl=http://public-repo-1.hortonworks.com/HDP/centos7/2.x/updates/2.5.3.0
path=/
enabled=1
gpgcheck=0
I ran through this exact same install 2 weeks ago (2.5, but it might have been 2.5.0, I had it grab the latest 2.5), and I had zero problems. However I should mention these machines were all used in this previous install and I'm doing a re-install right now. I've ensured that everything has been wiped off of the machines based on information found here: https://community.hortonworks.com/questions/1110/how-to-completely-remove-uninstall-ambari-and-hdp.html and here: http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_command-line-installation/content/ch_uninstalling_hdp_chapter.html
Ambari checks before install all passed with no errors. Can anyone please help me figure this out? Reinstalling all of the machines from scratch is nearly impossible right now. But I don't think there is anything wrong with the repo installation on the machines, Ambari installed that right, it simply is just not looking for the right packages. Note: Datanode / YARN services were installed properly, this seems to just be Atlas & App Timeline Server. Thanks
... View more
Labels: