[jira] [Commented] (HDDS-9728) Ozone/Ranger TENANT_AUTHORIZER_ERROR

[Hemant Kumar (Jira)]

    [ 
https://issues.apache.org/jira/browse/HDDS-9728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814490#comment-17814490
 ] 

Hemant Kumar commented on HDDS-9728:
------------------------------------

Hi [~netscrol], I tired to reproduce the issue and created a tenant per day for 
5 days. But still didn't see any couldn't reproduce it.
{code:java}
[root@host-1 ~]# ozone tenant list --json
[
  {
    "tenantId": "heku011",
    "bucketNamespaceName": "heku011",
    "userRoleName": "heku011-UserRole",
    "adminRoleName": "heku011-AdminRole",
    "bucketNamespacePolicyName": "heku011-VolumeAccess",
    "bucketPolicyName": "heku011-BucketAccess"
  },
  {
    "tenantId": "heku012",
    "bucketNamespaceName": "heku012",
    "userRoleName": "heku012-UserRole",
    "adminRoleName": "heku012-AdminRole",
    "bucketNamespacePolicyName": "heku012-VolumeAccess",
    "bucketPolicyName": "heku012-BucketAccess"
  },
  {
    "tenantId": "heku013",
    "bucketNamespaceName": "heku013",
    "userRoleName": "heku013-UserRole",
    "adminRoleName": "heku013-AdminRole",
    "bucketNamespacePolicyName": "heku013-VolumeAccess",
    "bucketPolicyName": "heku013-BucketAccess"
  },
  {
    "tenantId": "heku014",
    "bucketNamespaceName": "heku014",
    "userRoleName": "heku014-UserRole",
    "adminRoleName": "heku014-AdminRole",
    "bucketNamespacePolicyName": "heku014-VolumeAccess",
    "bucketPolicyName": "heku014-BucketAccess"
  },
  {
    "tenantId": "heku015",
    "bucketNamespaceName": "heku015",
    "userRoleName": "heku015-UserRole",
    "adminRoleName": "heku015-AdminRole",
    "bucketNamespacePolicyName": "heku015-VolumeAccess",
    "bucketPolicyName": "heku015-BucketAccess"
  }
] {code}
It would be great if you can add the whole error message. Current message is 
trimmed and response is not there.

> Ozone/Ranger TENANT_AUTHORIZER_ERROR
> ------------------------------------
>
>                 Key: HDDS-9728
>                 URL: https://issues.apache.org/jira/browse/HDDS-9728
>             Project: Apache Ozone
>          Issue Type: Bug
>            Reporter: netscrol
>            Priority: Major
>
> When using ozone with a ranger, an error occurs 
> spontaneously(TENANT_AUTHORIZER_ERROR). All ranger functions work except for 
> operations with tenants. The error appears when trying to create a tenant or 
> add a user to a tenant.
>  
> {code:java}
> /opt/ozone/bin/ozone tenant create room-tenant --om-service-id=cluster1
> 2023-11-07 16:28:23,247 WARN util.NativeCodeLoader: Unable to load 
> native-hadoop library for your platform... using builtin-java classes where 
> applicable
> 2023-11-07 16:28:24,223 INFO rpc.RpcClient: Creating Tenant: 'room-tenant', 
> with new volume: 'room-tenant'
> TENANT_AUTHORIZER_ERROR java.io.IOException: 
> org.apache.ranger.RangerServiceException: Ranger API 
> org.apache.ranger.RangerClient$API@4a92034f failed: statusCode=401, 
> status=Unauthorized, response: {code}
> Ranger access log
>  
> {code:java}
> 10.10.1.225 - - [17/Nov/2023:18:23:01 +0000] "POST 
> /service/public/v2/api/roles?serviceName=test-ozone HTTP/1.1" 401 - 3 "-" 
> "Java/1.8.0_372" {code}
>  
>  
>  
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org