ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sailaja Polavarapu (Jira)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-2804) Ranger Ozone plugin unable to write to solr audits in SSL enabled cluster
Date Mon, 20 Apr 2020 22:47:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sailaja Polavarapu updated RANGER-2804:
---------------------------------------
    Attachment: 0001-RANGER-2804-Adding-libext-folder-under-lib-for-ozone.patch

> Ranger Ozone plugin unable to write to solr audits in SSL enabled cluster
> -------------------------------------------------------------------------
>
>                 Key: RANGER-2804
>                 URL: https://issues.apache.org/jira/browse/RANGER-2804
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Sailaja Polavarapu
>            Assignee: Sailaja Polavarapu
>            Priority: Major
>         Attachments: 0001-RANGER-2804-Adding-libext-folder-under-lib-for-ozone.patch
>
>
> In a secure environment with Auto-TLS enabled, ranger-ozone plugin is unable to write
to solr audits. The following exception is thrown:
> 2020-04-06 22:32:44,581 WARN [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.provider.BaseAuditHandler (BaseAuditHandler.java:403) - Log failure
count: 1 in past 01:00.021 minutes; 9 during process lifetime
> 2020-04-06 22:32:44,581 ERROR [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.queue.AuditFileSpool (AuditFileSpool.java:709) - Error sending logs
to consumer. provider=ozone.async.summary.batch, consumer=ozone.async.summary.batch.solr
> 2020-04-06 22:32:44,582 INFO [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.queue.AuditFileSpool (AuditFileSpool.java:769) - Destination is down.
sleeping for 30000 milli seconds. indexQueue=0, queueName=ozone.async.summary.batch, consumer=ozone.async.summary.batch.solr
> 2020-04-06 22:33:44,583 INFO [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.provider.BaseAuditHandler (BaseAuditHandler.java:332) - Audit Status
Log: name=ozone.async.summary.batch.solr, interval=01:00.022 minutes, events=1, failedCount=1,
totalEvents=9, totalFailedCount=9
> 2020-04-06 22:33:44,597 WARN [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.provider.BaseAuditHandler (BaseAuditHandler.java:394) - failed to
log audit event: {"repoType":201,"repo":"cm_ozone","reqUser":"om","evtTime":"2020-04-06 18:02:51.063","access":"create","resource":"vol1/bucket1","resType":"bucket","action":"create","result":1,"agent":"ozone","policy":17,"enforcer":"ranger-acl","cliIP":"172.27.91.205","reqData":"/vol1/bucket1","agentHost":"vs-ozrgr-1.vs-ozrgr.root.hwx.site","logType":"RangerAudit","id":"7ffd1e19-cfea-4d4f-8077-538bb1232c3f-0","seq_num":1,"event_count":1,"event_dur_ms":1,"tags":[],"additional_info":"{\"remote-ip-address\":172.27.91.205,
\"forwarded-ip-addresses\":[]","cluster_name":"Cluster 1","policy_version":1}
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from server at
https://vs-ozrgr-2.vs-ozrgr.root.hwx.site:8985/solr/ranger_audits_shard1_replica_n1: Expected
mime type application/octet-stream but got text/html. <html><head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 Unauthorized access</title>
> </head>
> <body><h2>HTTP ERROR 401 Unauthorized access</h2>
> <table>
> <tr><th>URI:</th><td>/solr/ranger_audits_shard1_replica_n1/update</td></tr>
> <tr><th>STATUS:</th><td>401</td></tr>
> <tr><th>MESSAGE:</th><td>Unauthorized access</td></tr>
> <tr><th>SERVLET:</th><td>default</td></tr>
> </table>
> </body>
> </html>
> 	at org.apache.solr.client.solrj.impl.CloudSolrClient.directUpdate(CloudSolrClient.java:551)
> 	at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1019)
> 	at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:884)
> 	at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:817)
> 	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:194)
> 	at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:106)
> 	at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:71)
> 	at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:85)
> 	at org.apache.ranger.audit.utils.SolrAppUtil$1.run(SolrAppUtil.java:35)
> 	at org.apache.ranger.audit.utils.SolrAppUtil$1.run(SolrAppUtil.java:32)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1876)
> 	at org.apache.ranger.audit.provider.MiscUtil.executePrivilegedAction(MiscUtil.java:516)
> 	at org.apache.ranger.audit.utils.SolrAppUtil.addDocsToSolr(SolrAppUtil.java:32)
> 	at org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:258)
> 	at org.apache.ranger.audit.provider.BaseAuditHandler.logJSON(BaseAuditHandler.java:192)
> 	at org.apache.ranger.audit.queue.AuditFileSpool.sendEvent(AuditFileSpool.java:879)
> 	at org.apache.ranger.audit.queue.AuditFileSpool.runLogAudit(AuditFileSpool.java:827)
> 	at org.apache.ranger.audit.queue.AuditFileSpool.run(AuditFileSpool.java:757)
> 	at java.lang.Thread.run(Thread.java:748)
> Caused by: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error
from server at https://vs-ozrgr-2.vs-ozrgr.root.hwx.site:8985/solr/ranger_audits_shard1_replica_n1:
Expected mime type application/octet-stream but got text/html. <html><head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 Unauthorized access</title>
> </head>
> <body><h2>HTTP ERROR 401 Unauthorized access</h2>
> <table>
> <tr><th>URI:</th><td>/solr/ranger_audits_shard1_replica_n1/update</td></tr>
> <tr><th>STATUS:</th><td>401</td></tr>
> <tr><th>MESSAGE:</th><td>Unauthorized access</td></tr>
> <tr><th>SERVLET:</th><td>default</td></tr>
> </table>
> </body>
> </html>
> 	at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:607)
> 	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:255)
> 	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:244)
> 	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:484)
> 	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:414)
> 	at org.apache.solr.client.solrj.impl.CloudSolrClient.lambda$directUpdate$0(CloudSolrClient.java:528)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> 	at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:209)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> 	... 1 more
> 2020-04-06 22:33:44,598 WARN [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.provider.BaseAuditHandler (BaseAuditHandler.java:403) - Log failure
count: 1 in past 01:00.018 minutes; 10 during process lifetime
> 2020-04-06 22:33:44,598 ERROR [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.queue.AuditFileSpool (AuditFileSpool.java:709) - Error sending logs
to consumer. provider=ozone.async.summary.batch, consumer=ozone.async.summary.batch.solr
> 2020-04-06 22:33:44,599 INFO [ozone.async.summary.batch_ozone.async.summary.batch.solr_destWriter]
org.apache.ranger.audit.queue.AuditFileSpool (AuditFileSpool.java:769) - Destination is down.
sleeping for 30000 milli seconds. indexQueue=0, queueName=ozone.async.summary.batch, consumer=ozone.async.summary.batch.solr



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message