Re: Location for storing example code and tutorials...

: - Policy Admin - Component plugins Release 0.5 - Design - Kafka integration - Plugable plugin architecture - Support near real-time query with HDFS auditing records Thanks Bosco On Dec 11, 2014, at 11:03 PM, Don Bosco Durai bo...@apache.org wrote: Can we look at the format followed

Re: Permission Denied: User doesn't have USE privilege on database

Hi Muthupandi At an high level, it seems Hive is still using it’s native authorization. Can you check the Audit in Ranger to see whether Ranger is auditing it? Thanks Bosco On Dec 15, 2014, at 9:19 PM, Muthu Pandi muthu1...@gmail.com wrote: Hi All I have configured Ranger on

Re: Permission Denied: User doesn't have USE privilege on database

repository correctly, after configuring hive repository and its name it use the ranger authorization. Great work Guys, Authorization look simple and effective. Regards Muthupandi.K Think before you print. On Wed, Dec 17, 2014 at 2:43 AM, Don Bosco Durai bo...@apache.org

Re: Permission Denied: User doesn't have USE privilege on database

to provide the Knox Repo creating example. Because where i dont know what to provide in Knox url Thanks all With regards Amithsha On Fri, Dec 19, 2014 at 11:22 AM, Don Bosco Durai bo...@apache.org mailto:bo...@apache.org wrote: Hi Muthupandi Glad to know it worked for you. Please continue

Re: Troubles with HDFS policies

Check hdfs dfs -ls $folderName. In the case of HDFS, if Ranger doesn¹t find any permission in it¹s policy database, then it falls back to HDFS permission check. So make sure in the HDFS level, you have 700 or even 000 for the given folder and manage all the permissions via Ranger. We recommend

Re: Deleting users

. Original message From: Don Bosco Durai bo...@apache.org Date:29/04/2015 16:39 (GMT+00:00) To: user@ranger.incubator.apache.org Cc: Subject: Re: Deleting users Dale, do you want to delete some users which you created using the Ranger UI? Thanks Bosco On 4/29/15, 5:40 AM

Re: Troubles with HDFS policies

. Still, as I noticed some small mistakes, do you know how I can contribute to the documentation improvement ? Thanks for your help, Loïc De : Don Bosco Durai [mailto:bdu...@hortonworks.com] De la part de Don Bosco Durai Envoyé : mercredi 29 avril 2015 17:45 À : user

Re: Ranger Audit Page not displaying any results

Dale, Log aggregation is the recommended solution for high volume transaction. The log summary will log only the unique request combination (user, resource, action, IP,…) with the count for the interval. The interval is by default is 5 seconds, so in Hbase, if each RegionServer is handling 20K

Re: Chaining 2 Ranger Plugins for Hive

Regarding extending Ranger authorizer classes, you have two options: 1. Use Ranger dynamic policies. This will allow you to write your own java class and implement custom logic. You can use this in any Ranger permission. This is been introduced in Apache Ranger 0.5, so there is not much

Re: Handshake error configuring Knox repository geteway URL in Ranger admin

Prabu Can you check this JIRA and let us know if it work? https://issues.apache.org/jira/browse/RANGER-355 Thanks Bosco On 5/21/15, 4:57 AM, Prabu Soundar Rajan -X (prabsoun - MINDTREE LIMITED at Cisco) prabs...@cisco.com wrote: Hi Team, We are experiencing the below issue in enabling the

Re: Apache Ranger with CDH 5.4

Harish, can you check with version of Hadoop/HDFS is packaged in CDH 5.4? Ranger 0.5 is compatible in HDFS 2.7.x and for versions before that you need to use Ranger 0.4. The install scripts is based on open source Hadoop version and assumes the paths for configuration and libraries. I am not

Re: Rearranging Ranger Wiki pages ...

- Ranger blog or tutorials Some of the ranger documentation would be pertinent to the current release. On Tue, Jul 28, 2015 at 1:17 PM, Don Bosco Durai bo...@apache.org wrote: We might need to do some rearrangement of the wiki pages to make it more scalable. At the high level

Re: Apache Ranger with CDH 5.4

Seems our email crossed each otherŠ For Hadoop 2.6 you need to use Ranger 0.4. You can see the installation document at https://cwiki.apache.org/confluence/display/RANGER/Ranger+Installation+Guide . For HDFS authorization you shouldn¹t see much difference between Ranger 0.4 and Ranger 0.5.

Re: Error Setting up Ranger-Admin

On Wed, Jul 29, 2015 at 3:22 PM, Aneela Saleem ane...@platalytics.com wrote: How can i see logs for ranger-hdfs plugin ? Can you please have a look on install.properties file? is it correct? On Wed, Jul 29, 2015 at 10:57 AM, Don Bosco Durai bo...@apache.org wrote: Yes, this issues seems

Re: Error Setting up Ranger-Admin

, using username And where is xasecure-audit.xml file located? On Wed, Jul 29, 2015 at 10:36 PM, Don Bosco Durai bo...@apache.org wrote: Yes, either you have to upgrade Hadoop or use Ranger 0.4 Thanks Bosco From: Aneela Saleem ane...@platalytics.com Reply-To: user

Re: Error Setting up Ranger-Admin

. And the problem was resolved. Now heading towards LDAP user sync and having some issues. I'll start another thread for this. Regards, Aneela Saleem On Jul 30, 2015 4:32 AM, Don Bosco Durai bo...@apache.org wrote: This is good. Are the access audits also showing up now? Did you do anything

Re: Unable to start HBase

Ranger for HBASE checkbox was not ticked. Cheers, Dale Sent from my Samsung device Original message From: Don Bosco Durai bo...@apache.org Date: 27/07/2015 17:59 (GMT+00:00) To: user@ranger.incubator.apache.org Subject: Re: Unable to start HBase Dale Does

Re: Error Setting up Ranger-Admin

-Lenovo-G50-70/192.168.1.4 http://192.168.1.4 / On Wed, Jul 29, 2015 at 1:53 AM, Aneela Saleem ane...@platalytics.com wrote: hduser On Wed, Jul 29, 2015 at 1:51 AM, Don Bosco Durai bo...@apache.org wrote: This seems to be one

Re: Error Setting up Ranger-Admin

Repository Thing. On Tue, Jul 28, 2015 at 5:17 PM, Aneela Saleem ane...@platalytics.com wrote: Hi Bosco, I did as you suggested but still getting same error. On Tue, Jul 28, 2015 at 4:49 AM, Don Bosco Durai bo...@apache.org wrote: The properties file looks good.. I am not sure whether

Re: Error Setting up Ranger-Admin

i proceed? Do you have any fruitful link, i should follow? (being a novice) On Tue, Jul 28, 2015 at 10:04 PM, Don Bosco Durai bo...@apache.org wrote: Aneela The document you linked is for Apache Ranger 0.4. There subtle changes in Apache Ranger 0.5. Just curious, how you were able

Re: Error Setting up Ranger-Admin

Ranger Admin? On Tue, Jul 28, 2015 at 10:48 PM, Don Bosco Durai bo...@apache.orgmailto:bo...@apache.org wrote: Yes, this is link I was about to redirect you to. Sorry, I might have assumed incorrectly on your initial question. ./setup.sh is called only for installing RangerAdmin. Good it seems you

Re: Error Setting up Ranger-Admin

org.apache.hadoop.hdfs.server.namenode.NameNode: Failed to start namenode. java.io.IOException: NameNode is not formatted. On Wed, Jul 29, 2015 at 12:22 AM, Don Bosco Durai bo...@apache.org wrote: Anything in the namenode log file? Thanks Bosco From: Aneela Saleem ane...@platalytics.com

Re: Error Setting up Ranger-Admin

,org.apache.hadoop.hdfs.web.resources.TokenKindParam,org.apache.hadoop.h dfs.web.resources.TokenServiceParam) throws java.io.IOException,java.lang.InterruptedException, with URI template, /, is treated as a resource method On Wed, Jul 29, 2015 at 12:50 AM, Don Bosco Durai bo...@apache.org wrote: I have

Re: Error Setting up Ranger-Admin

so much Bosco. I created JIRA for this. Can be found here https://issues.apache.org/jira/browse/RANGER-582 Let me try UserSync, then i will approach yyou in case of any problem. On Tue, Jul 28, 2015 at 11:28 PM, Don Bosco Durai bdu...@hortonworks.com wrote: Good. I already typed it, so let

Re: master branch compilation issue

assembly: Error creating assembly archive src: Problem creating TAR: request to write '8192' bytes exceeds size in header of '566424' bytes On Tue, Aug 4, 2015 at 9:12 PM, Don Bosco Durai bo...@apache.org wrote: I don¹t see anything obviously wrong. Can you try after deleting the folder

Re: Unable to start HBase

again. Dale, can you please confirm the checkbox is present after adding to the custom properties. Thanks. On Wed, Jul 29, 2015 at 12:46 PM, Don Bosco Durai bo...@apache.org wrote: Dale, can you answer Balaji¹s question? This will help us to understand the root cause. Vel/Gautam, any tips

Rearranging Ranger Wiki pages ...

We might need to do some rearrangement of the wiki pages to make it more scalable. At the high level, this is the principal we originally organized the wiki pages: 1. Dashboard/Index page as the link to all important pages and links 2. Top level page tree is limited to top level pages (so we can

Re: Error Setting up Ranger-Admin

This seems to be one of the reason HDFS plugin is not enabled. As what user have you installed Hadoop? Thanks Bosco From: Aneela Saleem ane...@platalytics.com Reply-To: user@ranger.incubator.apache.org user@ranger.incubator.apache.org Date: Tuesday, July 28, 2015 at 1:31 PM To:

Re: Error Setting up Ranger-Admin

@ranger.incubator.apache.org Subject: Re: Error Setting up Ranger-Admin Yes the command is working On Wed, Jul 29, 2015 at 1:11 AM, Don Bosco Durai bo...@apache.org wrote: Did the original startup issue get resolved? Your errors seems to be coming from WebHDFS. Can we check whether “hdfs

Re: ranger startup exception

Hafiz After rolling back the change, can you try building this on another computer? This issue seems to be specific to the environment you are using to build. Thanks Bosco From: Hafiz Mujadid hafizmujadi...@gmail.com Reply-To: user@ranger.incubator.apache.org

Re: ranger startup exception

, August 7, 2015 at 4:34 AM To: user@ranger.incubator.apache.org user@ranger.incubator.apache.org Subject: Re: ranger startup exception solved issue on another machine and rolling back to previous commit thanks On Fri, Aug 7, 2015 at 2:41 PM, Don Bosco Durai bo...@apache.org wrote: Hafiz

Re: Unable to start HBase

then upgraded Ambari to 2.1 which is when HBase failed to run as the Enable Ranger for HBASE checkbox was not ticked. Cheers, Dale Sent from my Samsung device Original message From: Don Bosco Durai bo...@apache.org Date: 27/07/2015 17:59 (GMT+00:00) To: user

Re: Error Setting up Ranger-Admin

The properties file looks good.. I am not sure whether it is because of python 2.7. Is it possible for you to use python 2.6? Try changing the below to where 2.6 is installed. PYTHON_COMMAND_INVOKER=python Thanks Bosco From: Aneela Saleem ane...@platalytics.com Reply-To:

Re: Hive server identity assertion

Hive uses the same core-site.xml settings as HDFS. So if the group mapping work in HDFS, then it should work in Hive also. And if the user and groups are in linux/unix, then it should have been support out of the box. What version of Hive are you using? (It shouldn¹t matter) Thanks Bosco

Re: Ranger LDAP Group sync issue

Kashif I don’t think Ranger currently has support for writing policy update audits to file. Would you be able to create a JIRA for this? I think, this should be straight forward to implement. In most Hadoop projects, they use log4j appender to write to file. We could do the same. Hopefully,

Re: Question regarding "ranger policy User" for HDFS hive etc

Arvind Does your env as Kerberos? Bosco From: Arvind S Reply-To: Date: Monday, November 16, 2015 at 2:34 AM To: Subject: Question regarding "ranger policy User" for HDFS hive etc My setup has

Re: Question regarding "ranger policy User" for HDFS hive etc

6, 2015 at 8:23 PM To: <user@ranger.incubator.apache.org> Subject: Re: Question regarding "ranger policy User" for HDFS hive etc yes cluster is kerberized..and is already using AD. Cheers !! Arvind On Tue, Nov 17, 2015 at 2:11 AM, Don Bosco Durai <bo...@apache.org> wrote:

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

t and should not appear in the UI. Users who really need exceptions can turn it on. On Thu, Oct 15, 2015 at 11:35 AM, Don Bosco Durai <bo...@apache.org> wrote: >Allow and Deny in the same policy and deduce that user "Scott" can access the >resource while anyone else in group &q

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

d not appear in the UI. Users who really need exceptions can turn it on. On Thu, Oct 15, 2015 at 11:35 AM, Don Bosco Durai <bo...@apache.org> wrote: >Allow and Deny in the same policy and deduce that user "Scott" can access the >resource while anyone else in group "interns&q

Re: Testing policies on hbase columns

2:39 PM, Don Bosco Durai <bo...@apache.org> wrote: Aneela, For Hbase, Ranger follows the same behavior as Hbase. If the user has permission to the column, the get will return the value and if the user doesn’t have access to the column, then it won’t return anything. To test, you can try crea

Re: Issue while enabling hbase plugin

Based on your other email, it seems you get Hbase plugin installed properly. Was it just the permission or you had to do anything more? Thanks Bosco From: Don Bosco Durai Reply-To: <user@ranger.incubator.apache.org> Date: Sunday, October 11, 2015 at 9:47 PM To:

Re: [DISCUSS] Policy model enhancement to support deny-conditions and exceptions

by adding a deny-exclude, as shown below:>> In the wiki, we have created a "deny" policy for intern group and an exception for Scott. First of all, why cannot user clearly specific users or groups that would need specific access. Why is there a need to give access to finance group as

Re: Ranger 0.5 Source location

@Hanish, the documentation is incorrect. We should be using branch ranger-0.5 for Apache Ranger 0.5. @Dilli, I agree with you. We should standardize the release branch and subsequent dot (patch) release branches. Seems 0.5 branch has been free flowing for sometime, can we plan to release

Re: HBase group authroizations

- Villeurbanne 2015-08-26 17:47 GMT+02:00 Don Bosco Durai bo...@apache.org: Loïc, sorry I am trying to understand the issue here. n my case, on HBaseMaster and in Ranger database, the group I made policies for was called sysadmin when on the nodes containing the RegionServers it was called

Re: Setting up ranger admin

Mack, do you unlimited JCE installed on your system for the JDK you are using? Thanks Bosco From: Mack Hendricks mhendri...@hortonworks.com Reply-To: user@ranger.incubator.apache.org user@ranger.incubator.apache.org Date: Saturday, August 22, 2015 at 2:29 AM To:

Re: Issues with usersync (LDAPS certificate not validated)

wrote: >> I guess no JDK changes. And i re-checked certificate infact generated a new >> one. Still same issue. >> >> On Thu, Oct 1, 2015 at 6:16 PM, Dilli Dorai <dilli.do...@gmail.com> wrote: >>> Aneela, >>> Please check whether the certificate has

Re: Issues with usersync (LDAPS certificate not validated)

Any other changes you can think of? JDK changes, etcs? Thanks Bosco From: Aneela Saleem Reply-To: Date: Wednesday, September 30, 2015 at 9:37 PM To: Subject: Re: Issues with usersync (LDAPS

Re: Group level permission are not working in ranger

What is happening here? Is the directory getting created? Thanks Bosco From: Hafiz Mujadid Reply-To: Date: Sunday, November 29, 2015 at 1:44 PM To: Subject: Group level permission are not

Re: Hbase policy issue

3.jar in hbase/lib again. Place httpcore-4.2.5.jar in ranger-hbase-plugin-impl folder. And now it's also working. Bosco! there is no http-core by default in hbase-plugin and http-client in hdfs plugin. I think it should be there by default. Thanks On Sun, Dec 6, 2015 at 11:59 PM, D

Re: Hbase policy issue

Aneela, thanks Madhan, we should have both the jars in our plugin impl folder and make sure it works. Aneela, if you don't mind, can you do one experiment? Can you revert your change? Have the old httpcore in the hbase lib folder, but add the 4.2.5 in the ranger-impl folder (check under lib

Re: Group level permission are not working in ranger

EDeniedhadoop-acl192.168.23.1051 I want to know why audits are showing that it is because of hadoop-acl not ranger-acl? Thanks On Wed, Dec 2, 2015 at 9:37 AM, Don Bosco Durai <bo...@apache.org> wrote: You don’t need to. Since auditing is working, you can check who gave the permission with

Re: Queries on the developement for a new custom plugin

Aruna, can you give more detail on what you are trying to achieve? I was searching for integration design diagram, but couldn’t find one. We will work on creating one. In the meanwhile, here is the high level. Ranger plugins run within the component process. It gives a light java library, which

Re: HDFS-plugin does nothing

Also, don’t forget to change your umask to 077 or 007. This email thread as lot of context: https://www.mail-archive.com/user@ranger.incubator.apache.org/msg00719.html Bosco From: Margus Roo Reply-To: Date: Thursday, December 17, 2015 at

Re: doAs() with Ranger HBase plugin

Chris Ranger plugin uses the same user/group made available by the component. So in your case, Hbase is getting the service user, which I assume is you “springboot” app user. You might want to do couple of things: Check Hbase logs to see if there are any errors (like impersonation not allowed

Re: Group level permission are not working in ranger

y is being created. On Mon, Nov 30, 2015 at 2:47 AM, Don Bosco Durai <bo...@apache.org> wrote: What is happening here? Is the directory getting created? Thanks Bosco From: Hafiz Mujadid <hafizmujadi...@gmail.com> Reply-To: <user@ranger.incubator.apache.org> Date: Sunday, Nov

Re: hdfs plugin enable issue

I think, we need to look into this issue. The trunk should have worked with the latest Hadoop, unless something changed on Hadoop side. I don’t have bandwidth this week, can you anyone investigate this? Hafiz, if you still have the old logs, can you send some lines above the exception you

Re: access audit logs are not being shown on ranger ui

The properties seems correct. Best way to test is to : Check the HDFS logs. Check Solr from web interface (use the same url you configured) See if there are any unprocessed files in /var/log/hadoop/hdfs/audit/solr/spool Bosco From: Hafiz Mujadid Reply-To:

Re: Group level permission are not working in ranger

nership of all folders in hdfs with hduser:hadoop but still group level permissions are not working. my audits are not working, i am trying to figure out the issue with audits. i will let you know when audits are available. thanks On Mon, Nov 30, 2015 at 9:34 AM, Don Bosco Durai <bo...

Re: access audit logs are not being shown on ranger ui

plugin and Ranger Admin. Can you please review and update such that they both point to the same Solr instance? properties for hdfs plugin: XAAUDIT.SOLR.URL=http://192.168.23.105:6083/solr/ranger_audits properties in ranger-admin: audit_solr_urls=http://122.129.79.70:6083/solr/ranger_audits Madhan

Re: Unable to create a key from Ranger KMS

Hi Shashi Did you get any answers for this question? It seems you don’t have authorization to create the key. Did you give permission from Ranger Admin? Bosco From: Shashi Vishwakarma Reply-To: Date: Wednesday, June 1, 2016 at

Re: Existing Solr Cloud + Ranger Audit

Report: www.lloydsbankinggroup-cr.com/downloads From: Don Bosco Durai [mailto:bo...@apache.org] Sent: 22 June 2016 08:03 To: user@ranger.incubator.apache.org Subject: Re: Existing Solr Cloud + Ranger Audit -- This email has reached the Bank via an external source -- Yes, you could.

Re: Existing Solr Cloud + Ranger Audit

Yes, you could. https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5#InstallandConfigureSolrforRangerAudits-ApacheRanger0.5-SelfInstall Bosco From: "Ellis, Tom (Financial Markets IT)" Reply-To:

Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment

[/] from Hadoop environment Yes sure, how do I do that without a log in? From: Don Bosco Durai [mailto:bo...@apache.org] Sent: 16 June 2016 19:29 To: user@ranger.incubator.apache.org Subject: Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment

Re: About the purge of the audit in a DB

Yes, you need to need delete rows from this table. The recommendation is to create partitions in database, so it is easy to drop the partition. If you are going to run “DELETE” syntax, you have to be careful of redo logs in the database. The recommendation is to use SolrCloud, because it has

Re: Ranger - Kafka Plugin - User ambari-qa

Ideally, we should only permit minimal permission to ambari-qa for service check. E.g. We should create a topic just for service check and give permission to ambari-qa only to that topic. We should do the same for all the services. Lune, one workaround for you now is to see which topic or calls

Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment

currently the stand by node? Thanks Velmurugan & Bosco. From: Don Bosco Durai [mailto:bo...@apache.org] Sent: 16 June 2016 08:16 To: user@ranger.incubator.apache.org Subject: Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment Sorry

Re: Custom truststore for ranger admin

Just curious, since plugins are initiating the request, do you need anything on the admin side? Thanks Bosco From: Lune Silver Reply-To: Date: Friday, June 24, 2016 at 10:45 AM To: Subject:

Re: Custom truststore for ranger admin

2016 at 10:51 AM To: <user@ranger.incubator.apache.org> Subject: Re: Custom truststore for ranger admin Yeah when ssl is set to "want", you need to get the certificate of the plugin and to add it to the truststore of the admin. Le 24 juin 2016 19:47, "Don Bosco Durai"

Re: Cannot create Hive external table

user.hive.groups to '*'. We are trying to find a cleaner solution and to understand why that has changed. Anyway, sorry for having posted on the Ranger mailing list a non-Ranger issue. And thanks for your help. Julien 2016-01-08 21:50 GMT+01:00 Don Bosco Durai <bo...@apache.org>: Julien

Re: HDFS Plugin - Unable to get listing of files for directory [/] from Hadoop environment

Sorry to hijack the thread… Since it is common practice and sometimes required to have the HDFS properties be available on each node. Should we consider just loading the HDFS related properties directly from the HDFS properties file? In this way, we only need to provide to take the path to the

Re: Informationn about properties of Ranger

Also, if I am not wrong, they have different set of properties. Thanks Bosco From: Velmurugan Periasamy Reply-To: Date: Thursday, April 21, 2016 at 9:25 AM To: "user@ranger.incubator.apache.org"

Re: About the size of ranger.usersync.filesource.file

I think Ramesh added this feature. Ramesh is it documented anywhere? Thanks Bosco From: Lune Silver Reply-To: Date: Thursday, April 21, 2016 at 2:48 AM To: Subject: Re: About the size of

Re: Loading config error

bator.apache.org" <user@ranger.incubator.apache.org> Subject: Re: Loading config error That is correct. Kafka 0.9.0.1 Lawrence Weikum | Software Engineer | Pandora 1426 Pearl Street, Suite 100, Boulder CO 80302 m 720.203.1578 | lwei...@pandora.com From: Don Bosco Durai

Re: Can not create hive2 external table

There is an implicit check done by HiveServer2 to make sure the user has access to the external files. You are correct, at the HDFS level, each file permission is individually checked. What sort of error are you getting in hive log file? And is there any error on the HDFS side? Thanks Bosco

Re: Loading config error

Lawerence, also are you using Ambari or manual install? Thanks Bosco From: Ramesh Mani Reply-To: Date: Friday, May 6, 2016 at 2:04 PM To: "user@ranger.incubator.apache.org" Subject: Re: Loading

Re: Need Help to choose Apache Ranger

Native dashboard features like faceting, etc. Easy to write your own custom application on top of it Apache open source In other words, Solr is a great product on its own :-) Thanks Bosco From: Rehan Ahmed Ch <chre...@gmail.com> Date: Monday, April 11, 2016 at 2:10 AM To: Don Bosco Dur

Re: Ranger auth vs HDFS auth

Ravi, you can also look into this blog from Balaji. https://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/ Bosco From: ravi teja Reply-To: Date: Tuesday, August 2, 2016 at 11:30 PM To:

Re: Ranger-0.6 HDFS authentication failed in secure mode

I don’t have the full context, but there are few things you can look into: 1. The user should be full Kerberos principal and not just “admin” 2. If you are using Kebereros and Sun JDK, then you need to additional JCE unlimited strength package. But if Kerberos is already working

Re: Ranger-0.6 HDFS authentication failed in secure mode

work either. On Sat, Aug 13, 2016 at 8:12 AM, Don Bosco Durai <bo...@apache.org> wrote: I don’t have the full context, but there are few things you can look into: 1. The user should be full Kerberos principal and not just “admin” 2. If you are using Kebereros and Sun JDK

Re: Question about Ranger REST URL with service-name component

ject where I had an error in the JSON payload. I listed the requests that I still have problems with, namely, Get service definition by name Update policy by service-name and policy-name Delete policy by service-name and policy-name Search policies in a service I forgot to mentio

Re: Question about Ranger REST URL with service-name component

Aaron, are you still having this issues? Your previous mail said that you found errors in the log file. Thanks Bosco From: "Stromas, Aaron" Reply-To: Date: Tuesday, July 19, 2016 at 1:17 PM To:

Re: Issue in compiling Ranger 0.6

Aneela, Also see, if the Docker based build works for you? I have attached the script to the JIRA. https://issues.apache.org/jira/browse/RANGER-1137 #This script creates the Docker image (if not already created) and runs maven in the container #1. Install Docker #2. Checkout Ranger

Re: [jira] [Commented] (HAWQ-256) Integrate Security with Apache Ranger

Team The HAWQ community is working on integrating Ranger as one of their authorization provider. The HAWQ JIRA https://issues.apache.org/jira/browse/HAWQ-256 has the high level design document and also there is a long discussion around the topic. Since HAWQ is written in C/C++, the plan is to

Re: About the specification of each plugin(s policy

I don’t know whether these are explicitly documented. You can see the details in the service definition for each of the components supports natively. All the service definitions are in this location agents-common/src/main/resources/service-defs. They are pretty simple and straight forward.

Re: Antwort: Re: User running job in forbidden queue

sten Pfläging, Jörg Staff Vorsitzender des Aufsichtsrats: Jürgen Brinkmann Don Bosco Durai ---06.09.2016 18:41:06---Hi Loïc Von: Don Bosco Durai <bo...@apache.org> An: <user@ranger.incubator.apache.org> Datum: 06.09.2016 18:41 Betreff: Re: User running job in forbidden queue Hi Loïc J

Re: User running job in forbidden queue

, Loïc Loïc CHANEL System Big Data engineer MS - WASABI - Worldline (Villeurbanne, France) 2016-09-06 18:40 GMT+02:00 Don Bosco Durai <bo...@apache.org>: Hi Loïc Just curious, was the audit log helpful? I understand, this could be frustrating, so during the last couple of rel

Re: Audit to secure solr with digest authentication

Lune The version before Ranger 0.6 might not work well with authentication. Even though, it might have been easy for us to support basic or digest auth, but I think, we missed it. The background is, Solr 5.2 introduced support for Kerberos and Solr 5.3 started natively supporting Basic

Re: Help starting RangerKMS

Benjamin, thanks for letting us know. It is always difficult to diagnosis Kerberos related issues. Glad you were able to resolve it quickly. Regards Bosco From: Benjamin Ross Reply-To: Date: Friday, August 26, 2016 at

Re: ranger solr-plugin

[Copied user and dev group] Hello I personally have not tested with Solr’s basic auth. All my testing was with Kerberos. Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6 Bosco From: "方久鑫 (fangheart)"

Re: allow all users to decrypt?

Hi Ben > Alternatively, is there any way to add the user DOMAIN\build to ranger? Ranger uses the same username that is used by HDFS. And that will depend on how your core-site.xml is configured or how the users are materialized on the linux boxes. You can check the Ranger Audits to see what

Re: Questions for Ranger's hive plugin

Da Madhan is the original author for the audit framework in Ranger 0.4 release. One quick feedback is, if you are using HDP, which in turn uses Ambari, then any manual configuration you might do will be overwritten. The best way to debug log4j related issues, is to create a file appender

Re: Pre-requisite for KMS

Aneela, Benjamin is correct. Hadoop supports pluggable KMS. Apache Ranger extends the Hadoop KMS, so you should be able to just plugin easily later. Just FYI, Ranger KMS stores the keys in database and optionally HSM. It also uses Ranger Plugin for authorization and audit. In addition

Re: Unable to connect to S3 after enabling Ranger with Hive

Is this for Ranger or Hive? Bosco From: Anandha L Ranganathan Reply-To: Date: Thursday, January 5, 2017 at 12:16 PM To: Subject: Re: Unable to connect to S3 after enabling Ranger with Hive

Re: ranger solr-plugin

it? Thanks Bosco From: fangheart <fanghe...@fangheart.win> Date: Wednesday, December 28, 2016 at 4:38 PM To: Don Bosco Durai <bo...@apache.org> Subject: Re: ranger solr-plugin Thank you very much for your reply.if you can support the kerberoes for ranger admin，i

Re: Ranger/Hive Version mismatch in HDP 2.5 ?

I feel we should have a matrix for the component versions supported by each Ranger release. Having it on the main page will be good. https://cwiki.apache.org/confluence/display/RANGER/Index One more thing I noticed is that the Installation and User guide is still pointing to release 0.5.

Re: Ranger database setup in AWS Aurora database.

Also, Anandha, were you able to create any other user in your database? If so, what was the syntax and DB user you used? Thanks Bosco From: Pradeep Agrawal Reply-To: Date: Tuesday, January 3, 2017 at 7:27 PM

Re: ranger solr-plugin

Thanks. On Wed, Jan 4, 2017 at 12:47 AM, Don Bosco Durai <bo...@apache.org> wrote: Gautam, this is mostly how to setup Apache Ranger to run in Kerberos mode. I know, when installed via Ambari, we create the Ranger Admin and Lookup user keytabs and appropriate properties are automati

Re: ranger solr-plugin

if any changes were done to the setup script for Solr plugin support. The script is generic for all components. On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai <bo...@apache.org> wrote: The latest release supports Kerberos. However, the setup is done via Apache Ambari. I am not sure wh

Re: ranger solr-plugin

if you need help on setting up Kerberos for Ranger Admin. Bosco From: "方久鑫 (fangheart)" <fanghe...@fangheart.win> Date: Friday, October 28, 2016 at 1:20 AM To: Don Bosco Durai <bo...@apache.org> Subject: Re: Re: ranger solr-plugin my version is 0.6. And now

Re: Git tags for releases

We should be able to do this. Vel, can we can make this part of our post-release checklist? https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65867946 Thanks Bosco From: Lars Francke Reply-To: Date:

  1   2   >