[jira] [Created] (RANGER-2621) Ranger Policy Update fails on Kerberized Cluster

Mon, 14 Oct 2019 13:38:09 -0700 

Susi Dev created RANGER-2621:
--------------------------------

             Summary: Ranger Policy Update fails on Kerberized Cluster
                 Key: RANGER-2621
                 URL: https://issues.apache.org/jira/browse/RANGER-2621
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 2.0.0
            Reporter: Susi Dev


{color:#4c9aff}Can someone help configuring RANGER for KERBERIZED cluster 
??{color}

We have Ranger 2.0 installed on separate EC2 node, while trying to integrate 
with EMR cluster.

When the EMR cluster is not kerberized, the policy sync works just fine.. 

When EMR is kerberized, policy download does not work anymore...

 

We see below error:

+*Access Log:*+ 

10.23.123.150 - - [14/Oct/2019:20:07:09 +0000] "GET 
/service/plugins/secure/policies/download/hadoopdev?supportsPolicyDeltas=false 
HTTP/1.1" 401 52 "-" "curl/7.61.1"

 

+*Hive Server 2 log:*+

2019-10-14T20:03:34,353 WARN [Thread-8([])]: client.RangerAdminRESTClient 
(RangerAdminRESTClient.java:getServicePoliciesIfUpdated(186)) - Error getting 
policies. secureMode=true, user=hive/i...@domain.net (auth:KERBEROS), 
response=\{"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication 
Failed"}, serviceName=hivedev

 

+*Plugin Error(Test Connection):*+

org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show 
databases like "*"]..
Unable to execute SQL [show databases like "*"]..
Error running query: java.lang.NoSuchFieldError: REPLLOAD.
REPLLOAD.

 

 

{color:#FF0000}Plugin Config:{color}

Service Name : hivedev
Active Status:  Enabled
 
{color:#FF0000}Config Properties :{color}
Username : Rangeradmin/_hostn...@domain.net 
Password : ********  
jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver 
jdbc.url: jdbc:hive2://hostname:10000/;principal=hive/hostn...@domain.net 
Common Name for Certificate: 
Add New Configurations 
||Name||Value||
|policy.download.auth.users | rangeradmin/hostn...@domain.net | |
 
 
{color:#FF0000}*Ranger 2.0 looks great but with not enough documentation around 
the installation and configuration, we are all handicapped when it comes to 
using. Appreciate if some of you add good documentation, it helps us appreciate 
the amount of work done by you ... Right now, we are only shooting in the 
DARK.*{color} 
 

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to