mkobe
mkobe
Explorer

Is it possible to authenticate to Zeppelin REST AP...

by Explorer mkobe in Support Questions
‎05-19-2020 09:46 AM
‎05-19-2020 09:46 AM
I'm trying to simply run all paragraphs with a specific noteId and get a valid response, with the following call:       curl -s -i --negotiate -u : \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ "https://localhost:9995/api/notebook/job/<noteid>"       Which based on the Zeppelin API documentation is the correct URL for the POST method for running all paragraphs of a note.   Also since this is a Kerberized environment I'm leveraging the      --negotiate -u :     so it uses the appropriate keytab for authentication.   Like other cases I've found online, I get an HTTP 302 error and the redirect is to /api/login     HTTP/1.1 302 Found Date: Tuesday, May 19, 2020 12:35:03 PM EDT Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE X-FRAME-OPTIONS: SAMEORIGIN Strict-Transport-Security: max-age=631138519 X-XSS-Protection: 1 Set-Cookie: JSESSIONID=776ba082-58e9-47bd-ad55-b85768c50a75; Path=/; HttpOnly Location: https://localhost:9995/api/login;JSESSIONID=776ba082-58e9-47bd-ad55-b85768c50a75       When trying to authenticate to /api/login just using Kerberos credentials as https://community.cloudera.com/t5/Support-Questions/Authentication-with-the-Zeppelin-REST-API/td-p/115170:     curl -i --negotiate -u : -X POST "https://localhost:9995/api/login"     I get the following response:     HTTP/1.1 500 Request failed. Date: Tuesday, May 19, 2020 12:19:12 PM EDT Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE X-FRAME-OPTIONS: SAMEORIGIN Strict-Transport-Security: max-age=631138519 X-XSS-Protection: 1 Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Mon, 18-May-2020 16:19:12 GMT Content-Type: text/html; charset=ISO-8859-1 Cache-Control: must-revalidate,no-cache,no-store Content-Length: 305 Server: Jetty(9.2.15.v20160210) <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 500 Request failed.</title> </head> <body><h2>HTTP ERROR 500</h2> <p>Problem accessing /api/login. Reason: <pre> Request failed.</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html>       What am I doing wrong here? Is it even possible to access Zeppelin REST API with just Kerberos credentials? If so, how? ... View more

Re: NiFi Error Despite Successful SSL Handshake us...

by New Contributor JC_ROS in Support Questions
‎02-10-2020 01:21 AM
‎02-10-2020 01:21 AM
@MattWho  Thanks for the answers ! You're right in my nifi.properties : nifi.security.needClientAuth is set to false. My version of nifi is an old one (1.9.2). I will pay more attention during my next upgrade.   My nifi and my nifi-registry are both secured. I have only added the CN of my nifi app cert into authorizers.xml file (userGroupProvider and accessPolicyProvider). ... View more

Ranger Admin Still Looking Into Default Java Trust...

by Explorer mkobe in Support Questions
‎01-29-2020 01:15 PM
‎01-29-2020 01:15 PM
Recently renewed certificates for an HDP cluster, which included the certificates for the ranger plugin (correctly having the same CN throughout the cluster)   The issue here is Atlas is set up with Two-way SSL, meaning that the Ranger admin node needs (and has currently) the root CA and intermediate CA certs in it's truststore as well as on the Atlas node (specified under property xasecure.policymgr.clientssl.truststore correctly)   Despite this, Ranger is still using the default java truststore to allow Atlas to authenticate.    I don't want to keep re-importing into the default java truststore when it gets overwritten during something like an OS patching.   How can I make Ranger point to the separate truststore we've created? ... View more

Cannot Open Knox Gateway Keystore

by Explorer mkobe in Support Questions
‎01-24-2020 07:08 AM
‎01-24-2020 07:08 AM
I'm in the process of renewing certificates in my HDP cluster and the last thing on the agenda is the Knox server.   I understand that the new node cert is to be imported into gateway.jks, the Knox keystore, with an alias "gateway-identity".   The problem is no one knows the password to the keystore. I thought it was the master secret, which to my understanding is contained in the master file, typically under /var/lib/knox/data/security/master.   So I copy the password string inside and try it with the keystore, and obviously it's not working.    I really want to avoid creating a new master secret password (what would be the exact detailed implications or steps required after such an action anyways?) ... View more

Re: After Rewewing Node Certificates Ambari Node S...

by Explorer mkobe in Support Questions
‎01-22-2020 07:37 AM
1 Kudo
‎01-22-2020 07:37 AM
1 Kudo
@lyubomirangelo    Thank you! Going through the wizard (ambari-server setup-security) fixed my issue. I just needed to point to the new key and certificate chain file, then restart.     ... View more

Re: Using Existing Set of root and intermediate CA...

by Explorer mkobe in Support Questions
‎01-15-2020 08:14 AM
‎01-15-2020 08:14 AM
@EricL    After obtaining root and intermediate CA certificates, and using the following command:     sudo keytool -importcert -alias rootca -keystore cacerts -file /tmp/rootca.crt     Where cacerts is the truststore file.   I get the following message:     Certificate already exists in keystore under alias <...>     So rootca and intermediateca certs are already in my cacerts truststore. So why is keytool not allowing me to import the new certificate into the keystore? (note: I'm trying to import the server certificate into a different file than cacerts) ... View more

Inconsistent spacing in hdfs dfs -ls -R output, ne...

by Explorer mkobe in Support Questions
‎12-04-2019 06:18 PM
‎12-04-2019 06:18 PM
I'm trying to get a properly delimited output of all the files outputted under the    hdfs dfs -ls -R /   command in hdfs.   When I run the command I get inconsistent delimiters in the output. Is there a way to add a delimiter such as tab or comma to the output?   The aim is to pop the output into an excel file and have no overlap in the columns.  ... View more
Labels:

Re: Error While Trying to Test Connection to Hive ...

by Explorer mkobe in Support Questions
‎10-24-2019 07:17 AM
‎10-24-2019 07:17 AM
      [postgres@testvm1 ~]$ psql psql (9.2.24) Type "help" for help. postgres=#       @Scharan Confirmed postgres is running. Again, I don't seem to have a /var/lib/psql folder at all, despite postgres being installed...   It might help to say that I've designated Hive Metastore and HiveServer2 to be on a node that's not the postgres/ambari server node (from what I've heard it should not matter..)   UPDATE: I did find the pg_hba.conf file, just in a different location: It shows the following: # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv6 local connections: host all all ::1/128 trust     ... View more
Contact Me
Online
Offline
Last Visited
‎07-20-2020 04:00 PM
Public Statistics
Date Registered ‎10-23-2019 01:53 PM
Last Visited ‎07-20-2020 04:00 PM
Total Messages Posted 11
Total Kudos Received 2