Cloudera Community
james_jones
user rank
user rank
Super Collaborator
My Accepted Solutions
Show All

Re: Connection to Hive & Impala - Kerberos Authent...

by Super Collaborator Super Collaborator in Support Questions
‎02-28-2024 09:41 AM
‎02-28-2024 09:41 AM
When using two realms, there has to be a trust between realms and your krb5.conf has to be configured properly to handle both realms on both the client and server. Setting this up isn't super difficult if you've done it once or twice but can be hard if it's new to you. The krb5.conf requires proper host or domain realm mapping. If you set up a 1 way trust (but it can also be a 2 way trust), and assuming you use MIT KDC for cluster service principals but AD is the other realm, then MIT KDC has to trust AD, but AD doesn't have to trust MIT KDC. To set up the trust you need to do configurations in both environments. Here's an example: https://community.cloudera.com/t5/Community-Articles/One-Way-Trust-MIT-KDC-to-Active-Directory/ta-p/247638 If the KDC trust isn't the issue, it may be something in there's probably an issue with the driver configuration. And, if this is being done on a Windows computer, you may need to configure the Windows machine to know about the other realm. I also recommend opening a Cloudera support case. ... View more

Re: hdp sandbox

by Super Collaborator Super Collaborator in Support Questions
‎02-28-2024 09:25 AM
‎02-28-2024 09:25 AM
Hi, Do you have a question? The HDP Sandbox is no longer available or supported. ... View more

Re: Getting Error while running the ansible play b...

by Super Collaborator Super Collaborator in Support Questions
‎01-19-2024 04:54 PM
2 Kudos
‎01-19-2024 04:54 PM
2 Kudos
That's a lot of log. Some of the error messages you see are normal. I'm not sure what your issue is. Do you see Cloudera Management Service below the Cluster services in CM (at the very bottom when you click Cloudera Manager - top left)? If so, click Instances and figure out which components/roles are not started. You can also click and start them one by one. Then you can look at the startup logs in the CM UI pop-up after it starts or fails. Check in the order of STDOUT, STDERR and lastly ROLE LOG, which is the log after it is started. You may need to check the Full Log. ... View more

Re: Getting Error while running the ansible play b...

by Super Collaborator Super Collaborator in Support Questions
‎01-17-2024 06:41 AM
1 Kudo
‎01-17-2024 06:41 AM
1 Kudo
Check for errors the Cloudera Manager server log file in /var/log/cloudera-scm-server/cloudera-scm-server.log. Also, I see that the URL is nitbucc-vad001:7180. You should use fully qualified domain names (e.g. nitbucc-vad001.xyz.local) for hosts and in the playbook configurations. I'm not saying that is the issue, but you may run into issues later if you don't use FQDN (especially if you secure the cluster).  ... View more

Re: Fix Under-replicated blocks in HDFS manually

by Super Collaborator Super Collaborator in Community Articles
‎06-19-2018 08:57 PM
‎06-19-2018 08:57 PM
Thanks, Pardeep. To make it 500x faster, do 500 files per call to the hadoop command. By changing the second line above, we can do this instead: $ hdfs fsck / | grep 'Under replicated' | awk -F':' '{print $1}' >> /tmp/under_replicated_files # Now using xargs -n 500 (or --max-args 500) $ cat /tmp/under_replicated_files |xargs -n 500 hdfs dfs -setrep 1 /tmp/under_replicated_files<br> ... View more

Re: Ambari SPN creation on remote AD

by Super Collaborator Super Collaborator in Support Questions
‎04-06-2018 09:24 PM
1 Kudo
‎04-06-2018 09:24 PM
1 Kudo
The code for creating principals in AD is here: ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java ... View more

Re: How to import External Libraries for Livy Inte...

by Super Collaborator Super Collaborator in Support Questions
‎02-20-2018 06:03 PM
‎02-20-2018 06:03 PM
@Rachna Dhand I know you must be way past this issue, but -- You have to install the packages on all NodeManager nodes as root so they are available to all users. Maybe this will help someone else in the future. ... View more

Re: Nifi PutS3Object error with AMI Role (AwsCrede...

by Super Collaborator Super Collaborator in Support Questions
‎09-27-2017 06:48 PM
‎09-27-2017 06:48 PM
Thanks @Karthik Narayanan. We do not see an option for cross role permission. Would it have another name? They did grant "Assumerole" but it is actually the same account so I'm not sure why it would need to assume a role in the first place. ... View more

Nifi PutS3Object error with AMI Role (AwsCredentia...

by Super Collaborator Super Collaborator in Support Questions
‎09-26-2017 10:48 PM
‎09-26-2017 10:48 PM
In Nifi with the PutS3Object, we get an error using AWS Credentials Provider service. AwsCredentialsProviderControlerService is configured to use IAM roles as follows: Use Default Credentials = True Use Anonymous Credentials = False Assume Role ARN = arn:aws:iam::ahjhdiauisjkk:role/role-test Assume Role Session Name = nifitest (*arbitary name*) Session time = 3600 No other values are set in the AwsCredentialsProviderControlerService We are using IAM roles because of organizational policies. The error is loosely transcribe here (it may contain typos): 13:40:46 EDT - All Nodes - ERROR PutS3Object[id=asdfasdfasdfasdf] Failed to put StandardFlowFileRecord[uuid=xxxxxxxx,claim=StandardContentClaim[resourceClaim=StandardResourceClaim[id=11111111, container=default,section=1], offset=0,length=222222],offset=1,name=test3,size=33333] to Amazon S2 due to com.amazonaws.services.securitytokenmodel.AWSSEcurityToeknServiceException: User: arn:aws:sts::7777777:assumed-role/role-hdf-node/i-03333330000 is not authorized to perform: sts:Assumerole on resource: arn:aws:sts::7777777:role/role-hdf-node (Service: AWSSecurityToeknService;Status Code: 403; Error Code: AccessDenied; Request ID: aaaaaaaaaaaa) com.amazonaws.services.securitytokenmodel.AWSSEcurityToeknServiceException: User: arn:aws:sts::7777777:assumed-role/role-hdf-node/i-03333330000 is not authorized to perform: sts:Assumerole on resource: arn:aws:sts::7777777:role/role-hdf-node (Service: AWSSecurityToeknService;Status Code: 403; Error Code: AccessDenied; Request ID: aaaaaaaaaaaa) Thanks for any help. Jim ... View more
Labels:

Re: Help with LDAP authentication backed by Cenrif...

by Super Collaborator Super Collaborator in Support Questions
‎07-18-2017 03:09 PM
‎07-18-2017 03:09 PM
Thank you @vperiasamy. We resolved the issue. I talked to Centrify Support and based on the way this environment was configured, authentication was not possible with the uid and Linux dn. The company's Centrify admins agreed to change the uid of users to match the Windows ID. We then configured authentication to go against the Windows identity, which happens to match the uid in Linux. It's a long story about the use-case, but this was by far the cleanest solution due to the fact that they use both Linux and Windows to access the cluster (we avoided manual mapping of identities this way). The article you shared is very good information. ... View more
Contact Me
Online
Offline
Last Visited
‎11-15-2024 01:43 PM
Community Statistics
Member Since ‎01-18-2016 02:01 PM
Last Visited ‎11-15-2024 01:43 PM
Posts 162
Kudos received 30