ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Velmurugan Periasamy (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (RANGER-2621) Ranger Policy Update fails on Kerberized Cluster
Date Thu, 17 Oct 2019 14:15:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16953796#comment-16953796
] 

Velmurugan Periasamy edited comment on RANGER-2621 at 10/17/19 2:14 PM:
------------------------------------------------------------------------

1] Regarding error in kerberized env, policy.download.auth.users should be configured to the
user passed after the auth-to-rules translation. Could you please verify that? 

2] Regarding plugin error, verify if hive service def is updated (See https://issues.apache.org/jira/browse/RANGER-2389).
Did you upgrade the old cluster? 

CC [~rmani] / [~mehul] / [~abhayk] 


was (Author: vperiasamy):
1] Regarding error in kerberized env, policy.download.auth.users should be configured as the
right user that is getting passed after the auth-to-rules translation. Could you please verify
that? 

2] Regarding plugin error, verify if hive service def is updated (See https://issues.apache.org/jira/browse/RANGER-2389).
Did you upgrade the old cluster? 

CC [~rmani] / [~mehul] / [~abhayk] 

> Ranger Policy Update fails on Kerberized Cluster
> ------------------------------------------------
>
>                 Key: RANGER-2621
>                 URL: https://issues.apache.org/jira/browse/RANGER-2621
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 2.0.0
>            Reporter: Susi Dev
>            Priority: Major
>
> {color:#4c9aff}Can someone help configuring RANGER for KERBERIZED cluster ??{color}
> We have Ranger 2.0 installed on separate EC2 node, while trying to integrate with EMR
cluster.
> When the EMR cluster is not kerberized, the policy sync works just fine.. 
> When EMR is kerberized, policy download does not work anymore...
>  
> We see below error:
> +*Access Log:*+ 
> 10.23.123.150 - - [14/Oct/2019:20:07:09 +0000] "GET /service/plugins/secure/policies/download/hadoopdev?supportsPolicyDeltas=false
HTTP/1.1" 401 52 "-" "curl/7.61.1"
>  
> +*Hive Server 2 log:*+
> 2019-10-14T20:03:34,353 WARN [Thread-8([])]: client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(186))
- Error getting policies. secureMode=true, user=hive/ip@DOMAIN.NET (auth:KERBEROS), response=\{"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication
Failed"}, serviceName=hivedev
>  
> +*Plugin Error(Test Connection):*+
> org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases
like "*"]..
> Unable to execute SQL [show databases like "*"]..
> Error running query: java.lang.NoSuchFieldError: REPLLOAD.
> REPLLOAD.
>  
>  
> {color:#FF0000}Plugin Config:{color}
> Service Name : hivedev
> Active Status:  Enabled
>  
> {color:#FF0000}Config Properties :{color}
> Username : Rangeradmin/_hostname@DOMAIN.NET 
> Password : ********  
> jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver 
> jdbc.url: jdbc:hive2://hostname:10000/;principal=hive/hostname@DOMAIN.NET 
> Common Name for Certificate: 
> Add New Configurations 
> ||Name||Value||
> |policy.download.auth.users | rangeradmin/hostname@DOMAIN.NET | |
>  
>  
> {color:#FF0000}*Ranger 2.0 looks great but with not enough documentation around the installation
and configuration, we are all handicapped when it comes to using. Appreciate if some of you
add good documentation, it helps us appreciate the amount of work done by you ... Right now,
we are only shooting in the DARK.*{color} 
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message