I am trying to run Oozie in my localhost for learning. Oozie server is up and running fine.
But when I try to execute the example job , it gives be below error:-
Error: E0501 : E0501: Could not perform authorization operation, User: vidya.pandey is not allowed to impersonate vidya.pandey
....
My user name is vidya.pandey and oozie software is installed with same name.
I followed the suggestions on web and tried many combinations to solve above error. but I failed. Please help me how to solve this error.
Please suggest how to put my user name "vidya.pandey" in oozie-site.xml
oozie.service.ProxyUserService.proxyuser.#USER#.hosts
You need to add your current user in the HDFS core-site as proxyuser. Add the following configuration in the HADOOP_HOME/conf/core-site.xml:
<property>
<name>hadoop.proxyuser.current_user.groups</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.current_user.hosts</name>
<value>host_name_server_running</value>
</property>
In the above replace current_user with the desired user name value and replace host_name_server_running with the name of your server.
Essentially, the user who is running the oozie server process should be added as the proxy user in the core-site.xml. In your case, it happens to be the same user.
Related
Note : My version of Elasticsearch is 7.15.0
I'm new to Elasticsearch , I'm trying to use Kibana alerts , to do that I must create a Rule and a Connector but when I've selected that field I've been got informed to enable Transport Layer Security and API keys to do so I followed the Elastic Transport Layer Security guide instructions where the instructor describe these steps :
Encrypt inter-node communications with Transport Layer Security :
1. Open the $ES_PATH_CONF/elasticsearch.yml file and make the following changes:
a. Add the cluster-name setting and enter a name for your cluster:
cluster.name: my-cluster
b. Add the node.name setting and enter a name for the node. The node name defaults to the host-name of the machine when Elasticsearch starts.
node.name: node-1
c. Add the following settings to enable inter-node communication and provide access to the node’s certificate.
Because you are using the same elastic-certificates.p12 file on every node in your cluster, set the verification mode to certificate:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
Since the elastic-certificates is not generated automatically during the installation of the Software it must be generated by the elasticsearch-certutil inside the /usr/share/elasticsearch/bin directory :
a. First :
cd /usr/share/elasticsearch/bin
b. run the elastic-certutil to generate the elastic-stack-ca.zip certificate file :
bin/elasticsearch-certutil ca
c. unzip the file to exract the all information and move them to the /etc/elasticsearch directory .
unzip elastic-stack-ca.zip
Now the problem occurs when starting the elasticsearch service :
sudo service elasticsearch restart
Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
I tried to see where the error is located by running these two control commands but I did not understand .
Have you checked permissions and owners on the files? Permissions should be at 640 for the files. The owner/group should be root:elasticsearch.
I'm facing some issues when I try to run a simple SELECT query on influxdb via the Python library.
I'm trying to run the following query:
influx_client.query('SELECT * FROM "measurements" LIMIT 10;')
Of course I switched to the according database (and connected to the server) before executing the query. Also I tried those variants of the query:
influx_client.query("SELECT * FROM \"measurements\" LIMIT 10;")
influx_client.query("SELECT * FROM 'measurements' LIMIT 10;")
influx_client.query('SELECT * FROM \'measurements\' LIMIT 10;')
influx_client.query('SELECT * FROM {0} LIMIT 10;'.format("measurements"))
influx_client.query("SELECT * FROM {0} LIMIT 10;".format("measurements"))
however they all lead to the same issue.
The result (or more the error) that I get is the following:
influxdb.exceptions.InfluxDBClientError: 403: {"error":"error authorizing query: myuser not authorized to execute statement 'SELECT * FROM \"measurements\" LIMIT 10', requires READ on True"}
I know that my user have the required permissions because when connecting to the DB with a CLI I can execute the query. On top of that I checked the permissions with SHOW GRANTS and I could see that all requirements are satisfied (the user actualy does have all privileges).
I saw some simillar issues already (for instance in this issue) however this does not fit my case since I'm quoting the query.
Informations about the environment:
InfluxDB version: 1.8.0
InfluxDB-python version: 5.3.1
Python version: 3.6.8
Operating system version: CentOS 7
Any ideas ?
There are two things you need to check for the authentication issue:
https configuration with given private key and password certificate Link
Passing the user credentials for the influx db connection (Check the case sensitivity as well.
Have used influx and these are key configuration will lead to authentication issue.
using command CLI you need to provide the user permission to the given database
Using <you-database>
GRANT ALL PRIVILEGES TO <username>
Grant Permission To User
I am trying to run paragraphs using zeppelin spark object method
z.run("noteId","paragraphId")
z.run("paragraphId")
I have tried both the methods, but nothing seems to be triggering the next paragraph. I do not get any errors also. Please let me know if I am missing something here.
On checking the zeppelin server logs I am getting the below error :
ERROR [2020-08-26 15:46:37,742] ({Thread-35} RemoteInterpreterEventPoller.java[run]:250) - Can't handle event RemoteInterpreterEvent(type:RUN_INTERPRETER_CONTEXT_RUNNER, data:{"logger":{"traceCapable":true,"name":"org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$ParagraphRunner"},"noteId":"2FHDFMR16","paragraphId":"20200819-131115_701985359"})
org.apache.zeppelin.rest.exception.ForbiddenException: HTTP 403 Forbidden
at org.apache.zeppelin.socket.NotebookServer.onRemoteRunParagraph(NotebookServer.java:2153)
at org.apache.zeppelin.interpreter.remote.RemoteInterpreterEventPoller.run(RemoteInterpreterEventPoller.java:141)
I have created my notebook using the admin user only. Do we need to provide any special access? I am just using admin user.
Update 1:
I changed notebook settings in which we removed user and owner permissions. It's triggering, but it's with an anonymous user. It will be a problem if we are working in multi-user environment.
I think instead of that
Try
z.z.run
I am trying to configure spark and connect to power bi.
I add the following properties to the hive-site.xml
<property>
<name>hive.server2.transport.mode</name>
<value>http</value>
</property>
<property>
<name>hive.server2.thrift.http.port</name>
<value>9999</value>
</property>
<property>
<name>hive.server2.http.endpoint</name>
<value>cliservice</value>
</property>
<property>
<name>hive.server2.thrift.http.path</name>
<value>cliservice</value>
</property>
It works well for beeline
!connect jdbc:hive2://34.66.189.xxx:9999
However, it throws errors when connecting to PowerBI
I keep my [user name] and [password] empty
And it throws an error
Many Thanks if anyone can give a helping hand.
Should I keep the username and password empty?
You have to enter an username AND password. Since you didn't configure that in your hive settings, it doesn't matter what you input.
The reason its required is because the Thriftserver tries to access the username and password you entered which is sent as an array. However, if you don't input an username and password, the array is empty and access the array's index at 0 and 1 will throw an ArraysOutOfBoundsException.
I am new to mesos.
After starting mesos-master, I tried to connect mesos-slave with the following command
/usr/sbin/mesos-slave --ip=192.192.7.180 --master=192.192.7.19:5050 --work_dir=/tmp/mesos/work/int --no-systemd_enable_support
It is not connecting to master. It is throwing the following error
No credentials provided. Attempting to register without authentication
Thank you in advance.
No credentials provided meaning you are trying to load a slave which is on a different network which is not configured in mesos config files.
once you register it then you can add it.
for the example sake try
for master
./bin/mesos-master.sh –ip=127.0.0.1 –work_dir=/var/lib/mesos
for slave
./bin/mesos-slave.sh –master=127.0.0.1:5050 –work_dir=/tmp/mesos –no-systemd_enable_support
open browser
localhost:5050
if all the steps are followed properly you should find a Mesos dashboard more details