ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rafael Felix Correa (Jira)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1629) Test Connection fails when creating Knox Service from Ranger Admin UI
Date Fri, 03 Jul 2020 08:51:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150839#comment-17150839
] 

Rafael Felix Correa commented on RANGER-1629:
---------------------------------------------

I can confirm being hit by the exact same behaviour of Test Connection, this time for the
presto plugin. I can see by opening the Developer Console in Chrome that clicking Test Connection
sends **** instead of the actual password, which causes the following stack trace in my case:
{code:java}
org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [SHOW CATALOGS]. .
Error executing query.
Error starting query at https://presto-test.local:8889/v1/statement returned an invalid response:
JsonResponse{statusCode=500, statusMessage=Internal Server Error, headers={content-length=[7326],
content-type=[text/plain], date=[Wed, 01 Jul 2020 09:18:23 GMT]}, hasValue=false} [Error:
java.lang.RuntimeException: Authentication error
at io.prestosql.server.security.PasswordAuthenticator.authenticate(PasswordAuthenticator.java:64)
at io.prestosql.server.security.AuthenticationFilter.filter(AuthenticationFilter.java:80)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68)
at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:269)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617)
at io.airlift.http.server.TraceTokenFilter.doFilter(TraceTokenFilter.java:63)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
at io.airlift.http.server.TimingFilter.doFilter(TimingFilter.java:51)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:500)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalArgumentException:
password must not be longer than 71 bytes plus null terminator encoded in utf-8, was 138
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2051)
at com.google.common.cache.LocalCache.get(LocalCache.java:3951)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4964)
at io.prestosql.plugin.password.file.PasswordStore.authenticate(PasswordStore.java:62)
at io.prestosql.plugin.password.file.FileAuthenticator.createAuthenticatedPrincipal(FileAuthenticator.java:49)
at io.prestosql.server.security.PasswordAuthenticator.authenticate(PasswordAuthenticator.java:51)
... 59 more
Caused by: java.lang.IllegalArgumentException: password must not be longer than 71 bytes plus
null terminator encoded in utf-8, was 138
at at.favre.lib.crypto.bcrypt.LongPasswordStrategy$StrictMaxPasswordLengthStrategy.innerDerive(LongPasswordStrategy.java:50)
at at.favre.lib.crypto.bcrypt.LongPasswordStrategy$BaseLongPasswordStrategy.derive(LongPasswordStrategy.java:34)
at at.favre.lib.crypto.bcrypt.BCrypt$Hasher.hashRaw(BCrypt.java:302)
at at.favre.lib.crypto.bcrypt.BCrypt$Verifyer.verifyBCrypt(BCrypt.java:622)
at at.favre.lib.crypto.bcrypt.BCrypt$Verifyer.innerVerifyBytes(BCrypt.java:561)
at at.favre.lib.crypto.bcrypt.BCrypt$Verifyer.innerVerifyChar(BCrypt.java:526)
at at.favre.lib.crypto.bcrypt.BCrypt$Verifyer.verify(BCrypt.java:479)
at io.prestosql.plugin.password.file.EncryptionUtil.doesBCryptPasswordMatch(EncryptionUtil.java:58)
at io.prestosql.plugin.password.file.PasswordStore.lambda$getHashedPassword$0(PasswordStore.java:118)
at io.prestosql.plugin.password.file.PasswordStore.matches(PasswordStore.java:68)
at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheLoader.java:165)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
... 66 more
{code}
Writing the actual password in the box and hitting Test Connection works as expected.

 

> Test Connection fails when creating Knox Service from Ranger Admin UI
> ---------------------------------------------------------------------
>
>                 Key: RANGER-1629
>                 URL: https://issues.apache.org/jira/browse/RANGER-1629
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 0.7.0
>            Reporter: Anirudh
>            Priority: Blocker
>
> Knox setup with self-signed certificate. When creating service on Ranger Admin UI for
Knox, Test Connection gives error. 
> I followed the steps mentioned in RANGER-355. I'm using the CN printed from the certificate
in the place of <host> in the following https://<host>:8443/gateway/admin/api/v1/topologies/
> However, I'm not sure what values to enter for username and password while creating service.
When I click Test-Connection, I'm getting this error
> "Connection Failed.
> Unable to retrieve any topologies/services using given parameters. You can still save
the repository and start creating policies, but you would not be able to use autocomplete
for resource names. Check ranger_admin.log for more info."
> and the ranger_admin.log contains
> "ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:156) - Unable
to decrypt password due to error
> javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting
with padded cipher
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:922)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:833)
> at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
> at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
> at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:141)
> at org.apache.ranger.services.knox.client.KnoxClient.getTopologyList(KnoxClient.java:79)
> at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:406)
> at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:402)
> at org.apache.ranger.services.knox.client.KnoxClient.timedTask(KnoxClient.java:431)
> at org.apache.ranger.services.knox.client.KnoxClient.getKnoxResources(KnoxClient.java:410)
> at org.apache.ranger.services.knox.client.KnoxClient.connectionTest(KnoxClient.java:315)
> at org.apache.ranger.services.knox.client.KnoxResourceMgr.validateConfig(KnoxResourceMgr.java:42)
> at org.apache.ranger.services.knox.RangerServiceKnox.validateConfig(RangerServiceKnox.java:56)
> at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
> at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
> at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> >>> INFO apache.ranger.services.knox.client.KnoxClient (KnoxClient.java:81)
- Password decryption failed; trying knox connection with received password string
> >>> ERROR apache.ranger.services.knox.client.KnoxClient (KnoxClient.java:131)
- Got invalid REST response from: https://<host>:8443/gateway/admin/api/v1/topologies/,
responseStatus: 401"



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message