Cloudera Community
Sean464
user rank
user rank
Expert Contributor

Re: impala queries

by Expert Contributor Expert Contributor in Support Questions
‎08-11-2025 01:06 AM
‎08-11-2025 01:06 AM
Hello @Malrashed,  We’ll need a few additional details before we can advise further. From your description, it sounds like the delay occurs only when submitting queries via Hue — specifically, the query takes a while to appear in the Queries tab — while running the same query through impala-shell works as expected. Could you confirm if that’s correct? If so, do you recall any recent changes made to the cluster before this issue began? If the delay is limited to Hue, we should check whether it’s a Hue-side latency. In the Hue logs (rungunicorn.log), look for the time difference between: 'ImpalaService.ImpalaHiveServer2Service.Client'>.ExecuteStatement and 'ImpalaService.ImpalaHiveServer2Service.Client'>.FetchResults Make sure you match the same guid in both lines so we’re looking at the request/response for the same session. This will help us determine whether the delay is in Hue or elsewhere in the query path. If you don’t see any delay in Hue, check the agent and Service Monitor logs (cloudera-scm-firehose) to make sure there’s no lag in processing JMX data. Also, verify the CM server logs to make sure there is no GC pauses.  If those logs look clean (no errors or heap issues), try adjusting the polling interval in Cloudera Manager: CM > Impala > Configuration > query_monitoring_period_seconds    ... View more

Re: kinit: Preauthentication failed while getting ...

by Expert Contributor Expert Contributor in Support Questions
‎08-06-2025 01:20 AM
1 Kudo
‎08-06-2025 01:20 AM
1 Kudo
Hello @tableau,  If pre-authentication is failing despite using the correct credentials, it’s possible that the issue is due to a mismatch in the letter-case of the username. Specifically, the username provided may not match the userPrincipalAttribute value (typically userPrincipalName) in Active Directory. When AES encryption types are used, Active Directory derives the key salt by concatenating the realm name with the username, and this process is case-sensitive. Therefore, any mismatch in letter-case can lead to authentication failure. To verify the correct casing of the userPrincipalAttribute for the KDC admin user, you can run the following ldapsearch command: ldapsearch -v -H ldaps://{LDAP_URL}:636 -D 'xx@TEST.LAN' -W -b '{SEARCHBASE}' userPrincipalName="xx@TEST.LAN"   Once confirmed, use the exact same letter-case when importing the KDC account manager credentials under: Administration → Security → Kerberos Credentials → Import KDC Account Manager Credentials Additionally, if the old KDC details still appear during the 'Generate Missing Credentials' operation, please ensure the new KDC is correctly configured under: Administration → Security → Kerberos Credentials → Setup KDC for this Cloudera Manager Let me know if any further clarification is needed. ... View more

Re: How to secure Kafka Broker Server with a SSL C...

by Expert Contributor Expert Contributor in Support Questions
‎09-21-2021 08:41 PM
1 Kudo
‎09-21-2021 08:41 PM
1 Kudo
@vorraluck, Following is the error I see, which points to the parameter 'SamplePassword123'. You're missing "=" sign in this parameter as the error hints.   # openssl req -new -sha256 -nodes -newkey rsa:2048 -config /tmp/openssl.cnf error on line 13 of /tmp/openssl.cnf 140163633919888:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:345:line 13   Change SamplePassword123 to SamplePassword = 123. Once the change is made, both the private key and the CSR file can be created.    [root@node1 ~]# openssl req -new -sha256 -nodes -newkey rsa:2048 -config <( > > cat <<-EOF > > [req] > > default_bits = 2048 > > prompt = no > > default_md = sha256 > > req_extensions = req_ext > > distinguished_name = dn > > SamplePassword = 123 > > [ dn ] > > C=TH > > ST=Bangkok > > L=Chaxxx > > O=xtac Public Company Limited > > OU=Enterprise Service Support > > emailAddress=john.doe@xtac.co.th > > CN = rs-xxx-hmb-201.xtac.dev > > > > [ req_ext ] > > subjectAltName = @alt_names > > > > [ alt_names ] > > DNS.1 = rs-xxx-hmb-201 > > DNS.2 = rs-xxx-hmb-201.xtac.dev > > > > EOF > > ) Generating a 2048 bit RSA private key .+++ .....................................................................................................................................................................................................................+++ writing new private key to stdout -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0PnXQOdpbKGso wNY7K+pYItm3G4/yL7HYjViUzxQsEZasIypZrYIY8KqF64bndEf002YkaHcEDCFR xr59eBfpmXYWezl89ZeRU2YEL5188ubSrkdo/P0IdBSGAbu1/2WlQ26AyIHTkG96 ppsOa25vbKPdOmPh37ylB0C1ghCk6utib5/HAiIt0X9YqGERfnTVXpo/fRzxSHdb 7eioxFx0CP38Vzo/wXQP2FDwa3bw0MTNNF813ttC0yzRpcFf4ACde2jzFpehgtY0 E3yvq7/gVURibZgg6MSVVrg/dzjlReiRFxQOO4XDcuNn1VLSJ23UOT4wXwszKIe2 e7nNPtb5AgMBAAECggEAEhorzuvgiEM47/DeEzdH4+4sG33DKTmtDOi1OszJY9uo XEVz3WnVpReWqLiM5fYBvA73NTTgryFgv0vMmeFT1Xw6JeveTDSGMmxD1KvLj179 267xMRQnfY/a99J4vcCWvtBU6s44a70X1SOicwJLJxmsI23X1jmYQqLF1vTnIwjh of6e6jQWeE1nyrhHctqlyYfFNat6uK8NfJ21PTb4yfjp5dhefgaIK/9qOB9SKMwk LFXLGVlePBFziadY8spbRl56mcbEC6mgbXff4Zbzy5QhXxQaN38358G5fSGpsgiQ 44rTFrC2PTPzS1HeGpqdAwhqFU5lEXnMVegS43ZeAQKBgQDrngKDgKnXY/HBO9E0 OAzC2j+O6BBalPl65f9l6rhiZo8QwhcJciMyCkgnDxnXb/FkKcBmLx+QJXjYguQ4 zkXMEqCS5Bz+jrwnQrnAh/TIlKyZPxy2qpJUvUJND8DZ7ZMVmBycOPI4gFjoIx/G U0kPPdgHhdRtL/Uv2XsXBM4/4QKBgQDD1ibpDuvAd2x1EKAEWwj3v/Ee41am+Q9Z WjFWDmS7jV8EYPqOrYedKyaY0t5ArOOKUHRiOp0VOsTWF7m7NAzwmvdspV0YeShh qCPuWWOGBATjVOMmPgqKBUn3U67y7pZRX6tpOlcwj8sB6KQRpm9NpLcMSFrDWxEz oCgLHVXaGQKBgQDQirxC1GB/SfCyTVVvWKTC2hUjUXcYFX9zLZsOA+BLB+dct81Y CPPp2HvgRldi/au0MdgfGVpgZSo+yCtjs/7HDz2chda74G3cegyawjsARcc2pEuv ye1Wn2TNfEH/IW3r0QSRqT2KkN8gJ+Z5zUF/AgfxMJzCP45OWbm+t/wtQQKBgCou Yksor5bRIkdEwXKuuQvECAeDKBLm6mtwhdfnWcMb/C9RRCafMeqkdLfOE5kSpCAS nD7cKSF9exAyJAsyducMOebo51hyIESIltSr5EflbbgZfKOsEVEROpFPMQuaYD4+ wQj1S/plvnA2z8ANfUPYCqVWoFYbs2TPRlC+jNNhAoGAPgGiUz+4lDvQL62R6xDP R8OUGhmfB37nQy4NFNaiRxQW9TSdrg09cb3CS04IjyH9QQmetRyhZSXCYCu7H/bf H/rR5S7/e5WKgtgAIpNhYNXg1p6zoac6cXBYUO4ekf/PR70cFXAQdzFt/sQIExiy SV6SL1F3ja/sn9/wUXkvZgc= -----END PRIVATE KEY----- ----- -----BEGIN CERTIFICATE REQUEST----- MIIDTDCCAjQCAQAwgcExCzAJBgNVBAYTAlRIMRAwDgYDVQQIDAdCYW5na29rMQ8w DQYDVQQHDAZDaGF4eHgxJDAiBgNVBAoMG3h0YWMgUHVibGljIENvbXBhbnkgTGlt aXRlZDEjMCEGA1UECwwaRW50ZXJwcmlzZSBTZXJ2aWNlIFN1cHBvcnQxIjAgBgkq hkiG9w0BCQEWE2pvaG4uZG9lQHh0YWMuY28udGgxIDAeBgNVBAMMF3JzLXh4eC1o bWItMjAxLnh0YWMuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA tD510DnaWyhrKMDWOyvqWCLZtxuP8i+x2I1YlM8ULBGWrCMqWa2CGPCqheuG53RH 9NNmJGh3BAwhUca+fXgX6Zl2Fns5fPWXkVNmBC+dfPLm0q5HaPz9CHQUhgG7tf9l pUNugMiB05BveqabDmtub2yj3Tpj4d+8pQdAtYIQpOrrYm+fxwIiLdF/WKhhEX50 1V6aP30c8Uh3W+3oqMRcdAj9/Fc6P8F0D9hQ8Gt28NDEzTRfNd7bQtMs0aXBX+AA nXto8xaXoYLWNBN8r6u/4FVEYm2YIOjElVa4P3c45UXokRcUDjuFw3LjZ9VS0idt 1Dk+MF8LMyiHtnu5zT7W+QIDAQABoEUwQwYJKoZIhvcNAQkOMTYwNDAyBgNVHREE KzApgg5ycy14eHgtaG1iLTIwMYIXcnMteHh4LWhtYi0yMDEueHRhYy5kZXYwDQYJ KoZIhvcNAQELBQADggEBAH9kfI4ZCJRDF2lKjCjLgj/UaRpdO9yIcWUsQHU6jpSU meKpjkDgn8zTB8hTJ8C8K5rIp1BbGB8Oe/ppdbgzmIKPLjEKUGxIIkBMdSnPRmAg BUy+nArMmVGrv1weA7F1E/ECzdR1NeXl6eWLYDbmHIwT1/dkpL7evCE8zYufQb9u H1/U/zzyWiiOuneL+GzhCh7srQkQCtjiWrnuhjZnANvRSlR+FIYY7PWlY1e2m7go kL5CRVbSUZaYvknIAgOBJs2fkvyrR+YFlKqzlhN3i9yXdfAC09D0kr0FE9CUedh1 HJsxwMB5S1L2zZXAS0iNqoTTb0wHi3UbKLJIMeQx0RU= -----END CERTIFICATE REQUEST----- [root@node1 ~]#     Cheers!  Was your question answered? Make sure to mark the answer as the accepted solution. If you find a reply useful, say thanks by clicking on the thumbs up button. ... View more

Re: You can't execute queries until the end of the...

by Expert Contributor Expert Contributor in Support Questions
‎08-07-2021 07:41 PM
1 Kudo
‎08-07-2021 07:41 PM
1 Kudo
Hue is unable to handle the slow responses from Hive servers and hence the error. This happens when Hive is unable to return the query handle to Hue in a timely manner. So, the ideal solution here would be to investigate Hive slowness and not Hue.   Hue relies on server_conn_timeout parameter in its configuration (default 120s), after which the active sessions with hiveserver2 is teared down.    If Hue is using MySQL as the underlying DB, then we can tweak the innodb-lock-wait-timeout to be greater than the server_conn_timeout in Hue's configuration, that way we get fail-fast system and the locked tables are released. Please note that this is only a workaround until the cause of Hive performance issue is found and remediated.  ... View more

Re: Hue kt log error

by Expert Contributor Expert Contributor in Support Questions
‎06-07-2021 05:11 AM
‎06-07-2021 05:11 AM
Hello @Amn_468,    That's quite strange, as the service should generally look for the log file before starting. The only possibility that I can think of here is that the log file would have been removed manually while the service was running.    Having said that, yes, let's try creating the log file manually with appropriate permissions as suggested by @nthomas, and restart Hue kt_renewer service to see if it is able to write to the newly created file.    ... View more

Re: DFSIO fails with error "User hdfs does not hav...

by Expert Contributor Expert Contributor in Support Questions
‎06-06-2021 10:34 PM
‎06-06-2021 10:34 PM
@PrernaU    The below exception hints that 'hdfs' user is not authorised to submit jobs in the Yarn queue 'default', and this is due to ACL in place.    Caused by: org.apache.hadoop.security.AccessControlException: User hdfs does not have permission to submit application_1622150236559_0013 to queue default Is ACL managed by Ranger please? If so, we will need to add 'hdfs' user to have complete access over Yarn queue 'default' under Yarn policies in Ranger UI.      ... View more

Re: Hue kt log error

by Expert Contributor Expert Contributor in Support Questions
‎06-02-2021 03:42 AM
‎06-02-2021 03:42 AM
Hello @Amn_468 ,   Are we setting up Hue KT_renewer for the first time? What is the status of Hue kt_renewer service please?    stderr logs from Hue kt_renewer can give more insights. The below commands can take us to the directory were stderr log is stored.    # export HUE_DIR="/var/run/cloudera-scm-agent/process/`ls -alrt /var/run/cloudera-scm-agent/process | grep hue-KT_RENEWER | tail -1 | awk '{print $9}'`" # cd $HUE_DIR/logs     ... View more

Re: Openldap Setup

by Expert Contributor Expert Contributor in Community Articles
‎07-01-2020 09:43 AM
‎07-01-2020 09:43 AM
Great article! I faced the following error while trying adding data to ldap (Step 13.)   # ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/ldap/base.ldif Enter LDAP Password: adding new entry "dc=example,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax   After some research, found that we need to add the cosine and nis LDAP schemas before running the preceding command.    # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif ... View more
Contact Me
Online
Offline
Last Visited
‎05-20-2026 12:19 AM
Community Statistics
Member Since ‎03-25-2020 12:38 AM
Last Visited ‎05-20-2026 12:19 AM
Posts 167
Kudos received 5