[
https://issues.apache.org/jira/browse/RANGER-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16956400#comment-16956400
]
Velmurugan Periasamy commented on RANGER-2621:
----------------------------------------------
[~susidev33] - based on your description, it looks like kerberos configuration
issue, not a ranger issue. In kerberized env, plugins download policies using
kerberos principal that the host component (for example hiveserver2 in case of
hive plugin) is configured with. If Ranger admin cannot trust these kerberos
identities, that would be the issue.
> Ranger Policy Update fails on Kerberized Cluster
> ------------------------------------------------
>
> Key: RANGER-2621
> URL: https://issues.apache.org/jira/browse/RANGER-2621
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 2.0.0
> Reporter: Susi Dev
> Priority: Major
>
> {color:#4c9aff}Can someone help configuring RANGER for KERBERIZED cluster
> ??{color}
> We have Ranger 2.0 installed on separate EC2 node, while trying to integrate
> with EMR cluster.
> When the EMR cluster is not kerberized, the policy sync works just fine..
> When EMR is kerberized, policy download does not work anymore...
>
> We see below error:
> +*Access Log:*+
> 10.23.123.150 - - [14/Oct/2019:20:07:09 +0000] "GET
> /service/plugins/secure/policies/download/hadoopdev?supportsPolicyDeltas=false
> HTTP/1.1" 401 52 "-" "curl/7.61.1"
>
> +*Hive Server 2 log:*+
> 2019-10-14T20:03:34,353 WARN [Thread-8([])]: client.RangerAdminRESTClient
> (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(186)) - Error getting
> policies. secureMode=true, user=hive/[email protected] (auth:KERBEROS),
> response=\{"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication
> Failed"}, serviceName=hivedev
>
> +*Plugin Error(Test Connection):*+
> org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show
> databases like "*"]..
> Unable to execute SQL [show databases like "*"]..
> Error running query: java.lang.NoSuchFieldError: REPLLOAD.
> REPLLOAD.
>
>
> {color:#FF0000}Plugin Config:{color}
> Service Name : hivedev
> Active Status: Enabled
>
> {color:#FF0000}Config Properties :{color}
> Username : Rangeradmin/[email protected]
> Password : ********
> jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver
> jdbc.url: jdbc:hive2://hostname:10000/;principal=hive/[email protected]
> Common Name for Certificate:
> Add New Configurations
> ||Name||Value||
> |policy.download.auth.users | rangeradmin/[email protected] | |
>
>
> {color:#FF0000}*Ranger 2.0 looks great but with not enough documentation
> around the installation and configuration, we are all handicapped when it
> comes to using. Appreciate if some of you add good documentation, it helps us
> appreciate the amount of work done by you ... Right now, we are only shooting
> in the DARK.*{color}
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
