Kartik_Agarwal
Cloudera Employee

Re: E090 RA040 I/O error while requesting Ambari, ...

by Cloudera Employee in Support Questions
‎10-11-2021 08:35 AM
‎10-11-2021 08:35 AM
To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart ... View more

STEP 1: Get certificate from ambari-server echo | ...

by Cloudera Employee in Support Questions
‎10-11-2021 08:32 AM
‎10-11-2021 08:32 AM
STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart ... View more

Re: Hive view crashing on ambari after setting up ...

by Cloudera Employee in Support Questions
‎10-11-2021 08:30 AM
‎10-11-2021 08:30 AM
To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart ... View more

Re: Error while enabling Ambari View

by Cloudera Employee in Support Questions
‎10-11-2021 08:28 AM
‎10-11-2021 08:28 AM
To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart ... View more

Re: Service 'webhcat' check failed: RA040 I/O erro...

by Cloudera Employee in Support Questions
‎10-11-2021 08:27 AM
‎10-11-2021 08:27 AM
To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart ... View more

Re: yarn queue manager error: Couldn't connect to ...

by Cloudera Employee in Support Questions
‎10-11-2021 08:25 AM
‎10-11-2021 08:25 AM
To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: STEP 1: Get certificate from ambari-server echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr STEP 2: Get path of ambari trustore and truststore password from Ambari properties cat /etc/ambari-server/conf/ambari.properties |grep truststore As per your ambari.properties below is the path and password :- ssl.trustStore.password=refer from ambari.property file ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore STEP 3: keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> STEP 4: ambari-server restart ... View more

Re: Ambari unable to run custom hook for modifying...

by Cloudera Employee in Support Questions
‎10-03-2021 01:14 AM
‎10-03-2021 01:14 AM
I was facing the similar error and got it resolved by added Hadoop users to passwd file.    resource_management.core.exceptions.ExecutionFailed: Execution of 'usermod -G hadoop -g hadoop hive' returned 6. usermod: user 'hive' does not exist in /etc/passwd Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py', 'ANY', '/var/lib/ambari-agent/data/command-59009.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY', '/var/lib/ambari-agent/data/structured-out-59009.json', 'INFO', '/var/lib/ambari-agent/tmp', 'PROTOCOL_TLSv1_2', '']   >> File location /etc/passwd >> Adduser hadoop  ... View more

Re: Ambari cluster deploy

by Cloudera Employee in Support Questions
‎10-03-2021 01:13 AM
‎10-03-2021 01:13 AM
I was facing the similar error and got it resolved by added Hadoop users to passwd file.    resource_management.core.exceptions.ExecutionFailed: Execution of 'usermod -G hadoop -g hadoop hive' returned 6. usermod: user 'hive' does not exist in /etc/passwd Error: Error: Unable to run the custom hook script ['/usr/bin/python', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py', 'ANY', '/var/lib/ambari-agent/data/command-59009.json', '/var/lib/ambari-agent/cache/stacks/HDP/2.0.6/hooks/before-ANY', '/var/lib/ambari-agent/data/structured-out-59009.json', 'INFO', '/var/lib/ambari-agent/tmp', 'PROTOCOL_TLSv1_2', '']   >> File location /etc/passwd >> Adduser hadoop      ... View more

Re: what extension should keystore and truststore ...

by Cloudera Employee in Support Questions
‎09-29-2021 11:34 PM
‎09-29-2021 11:34 PM
If you are using the Java truststore it does not have any file extension name like (jks or pem). So it does not require any extension.   You need to make sure that it is having the right set of permission to access the truststore. ... View more

Re: Regenerating Kerberos Keytabs from Ambari API

by Cloudera Employee in Community Articles
‎09-29-2021 11:22 PM
‎09-29-2021 11:22 PM
To invoke kerberos related operations via Ambari APIs requires, we store the KDC credentials to the Ambari's credential store. For more information on the same please refer to: https://community.cloudera.com/t5/Community-Articles/Adding-KDC-Administrator-Credentials-to-the-Ambari/ta-p/246591   1. To set up Ambari's credential store, the following command must be invoked from the Ambari server host's command line: # ambari-server setup-security Then choose option [2] Encrypt passwords stored in ambari.properties file.   2. Review the changes. Once this is complete, the Ambari credential store will be located at /var/lib/ambari-server/keys/credentials.jceks.   3. Restart ambari server.   4. Now we should be able to store the KDC credentials to the ambari credentials store.   # curl -u admin:admin -H 'X-Requested-By: ambari' -X POST -d '{ 'Credential' : {'principal' : 'admin/admin@EXAMPLE.COM ', 'key' : 'admin','type' : 'persisted'}}' http://example.com:8080/api/v1/clusters/kerberos_ambari/credentials/kdc.admin.credential   5. After this we should be able to run the Kerberos API calls like following:   Regenerate for all   curl -u admin:admin -H 'X-Requested-By: ambari' -X PUT -d '{'Clusters':{'security_type':'KERBEROS'}}' http://example.com:8080/api/v1/clusters/kerberos_ambari?regenerate_keytabs=all   (OR) Below is for missing once.   curl -u admin:admin -H 'X-Requested-By: ambari' -X PUT -d '{'Clusters':{'security_type':'KERBEROS'}}' http://example.com:8080/api/v1/clusters/kerberos_ambari?regenerate_keytabs=missing ... View more

Re: How HDFS balancer works ?

by Cloudera Employee in Support Questions
‎09-23-2021 07:51 AM
‎09-23-2021 07:51 AM
HDFS data might not always be distributed uniformly across DataNodes. One common reason is addition of new DataNodes to an existing cluster. HDFS provides a balancer utility that analyzes block placement and balances data across the DataNodes. The balancer moves blocks until the cluster is deemed to be balanced, which means that the utilization of every DataNode (ratio of used space on the node to total capacity of the node) differs from the utilization of the cluster (ratio of used space on the cluster to total capacity of the cluster) by no more than a given threshold percentage. The balancer does not balance between individual volumes on a single DataNode.   T o free up the spaces in particular datanodes. You can use a block distribution application to pin its block replicas to particular datanodes so that the pinned replicas are not moved for cluster balancing. https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.6.0/bk_hdfs-administration/content/overview_hdfs_balancer.html ... View more

Re: How to update Ambari truststore and Ranger key...

by Cloudera Employee in Support Questions
‎09-23-2021 07:26 AM
‎09-23-2021 07:26 AM
make sure that the Ambari Server trusts the certificate that the LDAP server is using. One quick way to get that certificate directly is to use openssl to retrieve that certificate from the LDAP server, and then explicitly add it to a new keystore: $ openssl s_client -showcerts -connect ldapserver.domain.com:636 You'll see the certificate printed in STDOUT, just look for BEGIN CERTIFICATE. You will need to grab the entire certificate including the ----BEGIN and END ---- text, and save it to a file. In this case we'll call it ldap.cert. Once this has been done you can follow 1.2.(1-3) steps in the doc to create a new JKS keystore and import that certificate to ensure that it's trusted by Ambari:   http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_Ambari_Security_Guide/content/_configure_... Now you've got a JKS keystore with that certificate in it, you can tell Ambari to use that when connecting to your LDAP server using SSL by re-running the ambari-server setup-ldap. Just make sure you answer correctly for: Use SSL=true TrustStore type=jks Path to TrustStore file=/etc/ambari-server/keys/ldaps-keystore.jks Password for TrustStore={{ what you typed in step 1.2.3 }} ... View more

Re: Where does Cloudera Manager store generated ke...

by Cloudera Employee in Support Questions
‎09-23-2021 07:09 AM
‎09-23-2021 07:09 AM
They will be in the process directory for the component. For example:   hive.keytab is in: /var/run/cloudera-scm-agent/process/*-hive_on_tez-HIVESERVER2   ... View more

Re: Location of keytab files

by Cloudera Employee in Support Questions
‎09-23-2021 06:59 AM
1 Kudo
‎09-23-2021 06:59 AM
1 Kudo
The keytabs are pushed from a database to a runtime location at startup of services, what you are describing as a configuration is not really viable from what I understand. You will see /var/run/cloudera-scm-agent/process/ but this is ephemeral, next restart will have another locaiton. You could experiment with trying to provide the manual keytabs through safety valve to the necessary services. ... View more

Re: Ranger error "Keystore was tampered with, or p...

by Cloudera Employee in Support Questions
‎05-19-2021 11:23 PM
1 Kudo
‎05-19-2021 11:23 PM
1 Kudo
To work further on this you need to verify the ranger Keystore and Truststore password.  To do that please use the below command.  >> Keytool -list -keystore /Path/to/the/keystore The above command will ask for the password, if you enter the right password it will show the data else not. You need to use the same configuration under the ranger configuration.   ... View more
Contact Me
Online
Offline
Last Visited
‎10-11-2021 05:22 PM
Public Statistics
Date Registered ‎03-11-2020 04:39 AM
Last Visited ‎10-11-2021 05:22 PM
Total Messages Posted 65
Total Kudos Received 2