[
https://issues.apache.org/jira/browse/HDDS-9728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814490#comment-17814490
]
Hemant Kumar edited comment on HDDS-9728 at 2/7/24 10:12 PM:
-------------------------------------------------------------
Hi [~netscrol], I tired to reproduce the issue and created a tenant per day for
5 days. But still didn't see any couldn't reproduce it.
{code:java}
[root@host-1 ~]# ozone tenant list --json
[
{
"tenantId": "heku011",
"bucketNamespaceName": "heku011",
"userRoleName": "heku011-UserRole",
"adminRoleName": "heku011-AdminRole",
"bucketNamespacePolicyName": "heku011-VolumeAccess",
"bucketPolicyName": "heku011-BucketAccess"
},
{
"tenantId": "heku012",
"bucketNamespaceName": "heku012",
"userRoleName": "heku012-UserRole",
"adminRoleName": "heku012-AdminRole",
"bucketNamespacePolicyName": "heku012-VolumeAccess",
"bucketPolicyName": "heku012-BucketAccess"
},
{
"tenantId": "heku013",
"bucketNamespaceName": "heku013",
"userRoleName": "heku013-UserRole",
"adminRoleName": "heku013-AdminRole",
"bucketNamespacePolicyName": "heku013-VolumeAccess",
"bucketPolicyName": "heku013-BucketAccess"
},
{
"tenantId": "heku014",
"bucketNamespaceName": "heku014",
"userRoleName": "heku014-UserRole",
"adminRoleName": "heku014-AdminRole",
"bucketNamespacePolicyName": "heku014-VolumeAccess",
"bucketPolicyName": "heku014-BucketAccess"
},
{
"tenantId": "heku015",
"bucketNamespaceName": "heku015",
"userRoleName": "heku015-UserRole",
"adminRoleName": "heku015-AdminRole",
"bucketNamespacePolicyName": "heku015-VolumeAccess",
"bucketPolicyName": "heku015-BucketAccess"
}
] {code}
1. It would be great if you can add the whole error message and OM logs as
well. Current message is trimmed and response is not there.
2. Can you enable ranger logs and see why it is failing in Ranger?
3. Can you verify that user is allowed to access the ranger and has admin
rights?
Are you facing the issue on the docker?
was (Author: JIRAUSER297350):
Hi [~netscrol], I tired to reproduce the issue and created a tenant per day for
5 days. But still didn't see any couldn't reproduce it.
{code:java}
[root@host-1 ~]# ozone tenant list --json
[
{
"tenantId": "heku011",
"bucketNamespaceName": "heku011",
"userRoleName": "heku011-UserRole",
"adminRoleName": "heku011-AdminRole",
"bucketNamespacePolicyName": "heku011-VolumeAccess",
"bucketPolicyName": "heku011-BucketAccess"
},
{
"tenantId": "heku012",
"bucketNamespaceName": "heku012",
"userRoleName": "heku012-UserRole",
"adminRoleName": "heku012-AdminRole",
"bucketNamespacePolicyName": "heku012-VolumeAccess",
"bucketPolicyName": "heku012-BucketAccess"
},
{
"tenantId": "heku013",
"bucketNamespaceName": "heku013",
"userRoleName": "heku013-UserRole",
"adminRoleName": "heku013-AdminRole",
"bucketNamespacePolicyName": "heku013-VolumeAccess",
"bucketPolicyName": "heku013-BucketAccess"
},
{
"tenantId": "heku014",
"bucketNamespaceName": "heku014",
"userRoleName": "heku014-UserRole",
"adminRoleName": "heku014-AdminRole",
"bucketNamespacePolicyName": "heku014-VolumeAccess",
"bucketPolicyName": "heku014-BucketAccess"
},
{
"tenantId": "heku015",
"bucketNamespaceName": "heku015",
"userRoleName": "heku015-UserRole",
"adminRoleName": "heku015-AdminRole",
"bucketNamespacePolicyName": "heku015-VolumeAccess",
"bucketPolicyName": "heku015-BucketAccess"
}
] {code}
1. It would be great if you can add the whole error message. Current message is
trimmed and response is not there.
2. Can you enable ranger logs and see why it is failing in Ranger?
> Ozone/Ranger TENANT_AUTHORIZER_ERROR
> ------------------------------------
>
> Key: HDDS-9728
> URL: https://issues.apache.org/jira/browse/HDDS-9728
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: netscrol
> Priority: Major
>
> When using ozone with a ranger, an error occurs
> spontaneously(TENANT_AUTHORIZER_ERROR). All ranger functions work except for
> operations with tenants. The error appears when trying to create a tenant or
> add a user to a tenant.
>
> {code:java}
> /opt/ozone/bin/ozone tenant create room-tenant --om-service-id=cluster1
> 2023-11-07 16:28:23,247 WARN util.NativeCodeLoader: Unable to load
> native-hadoop library for your platform... using builtin-java classes where
> applicable
> 2023-11-07 16:28:24,223 INFO rpc.RpcClient: Creating Tenant: 'room-tenant',
> with new volume: 'room-tenant'
> TENANT_AUTHORIZER_ERROR java.io.IOException:
> org.apache.ranger.RangerServiceException: Ranger API
> org.apache.ranger.RangerClient$API@4a92034f failed: statusCode=401,
> status=Unauthorized, response: {code}
> Ranger access log
>
> {code:java}
> 10.10.1.225 - - [17/Nov/2023:18:23:01 +0000] "POST
> /service/public/v2/api/roles?serviceName=test-ozone HTTP/1.1" 401 - 3 "-"
> "Java/1.8.0_372" {code}
>
>
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
