Hello !
I enabled yesterday the plugin HDFS with Ranger 0.5 on HDP 2.3.4.7.
In Ranger UI, in the hdfs repository definition (with all the parameters
for the repository), when I click on "test connection", I have an error
message saying that the test failed.
And in the xa_portal.log, I can see
Hello !
I'm using Ranger embedded with HDP 2.3.4.7 (this is Ranger 0.5)
I have some kerberized clusters.
On two clusters A1 and A2, I don't have namenode HA.
On two other clusters, B1 and B2, I have namenodo HA.
My first question concerns the property dfs.datanode.kerberos.principal.
I don't
g/apache/ranger/plugin/util/SearchFilter.java>
> .
>
>
>
> Hope this helps.
>
>
>
> Madhan
>
>
>
>
>
> *From: *Lune Silver <lunescar.ran...@gmail.com>
> *Reply-To: *"user@ranger.incubator.apache.org" <
> user@ranger.
Hello everyone !
I'm currently testing the Ranger REST API with Ranger 0.5 (embedded in
HDP2.3.4.7).
I'm trying to get the list of services for a specific plugin.
It works fine.
But when I try the type filter (hdfs, yarn etc...), it does not seem to
take this filter into account.
Here is the
Hello everyone.
I enabled the audit for kafka with Ranger with an HDP 2.3.4.7.
I set to true the following property :
xasecure.audit.provider.summary.enabled.
During one minute, I launch a producer adding one message into a specific
topic every second.
The default agregation time is 5 seconds
box.
>
>
>
> The best option for you is to update the Ranger 0.5 code base to read
> user/password from the plugin configuration file and use them in the
> SolrAuditDestination java class. And replace the plugin jars for the
> component you are using.
>
>
>
>
Hello !
I'm trying to use SolR as a storage for ranger audit, but I'm encountering
one blocking problem.
I'm using HDP 2.3.4.7 and Ambari 2.2.2.
In Ambari, for audit on solR, I have two fields
- ranger.audit.solr.username
- ranger.audit.solr.password
I log in the ranger admin UI and check the
nts supports
> natively. All the service definitions are in this location
> agents-common/src/main/resources/service-defs. They are pretty simple and
> straight forward.
>
>
>
> Bosco
>
>
>
>
>
> *From: *Lune Silver <lunescar.ran...@gmail.com>
> *Reply-To: *
Hello everyone !
I contact you because I cannot find detailed specification about each
plugin policies specificities.
Generally these specificities are related to the the policy items part of
the policy :
- the access rights naturally (for example for kafka, there is consume
permission)
- the
/resource_management/libraries/functions/ranger_functions.py
So it is not at all a ranger problem, but an ambari problem ;-).
Best regards.
Lune.
On Thu, Aug 4, 2016 at 9:01 AM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello !
>
> I have an HDP 2.3.4.7 with Ambari 2.2
Hello !
I have an HDP 2.3.4.7 with Ambari 2.2.2.
I enabled the plugin Kafka for Ranger.
I noticed something a little bit annoying.
If Ranger Admin is down, Kafka will take a looong time to start, because it
tries to connect to Ranger Admin to get the repository.
###
Will retry 74 time(s),
You can use json valider website to validate the json policy you submit. It
helped me a lot in the beginning.
BR.
Lune
Le 19 juil. 2016 20:09, "Stromas, Aaron" a écrit :
> I should have checked the logs before posting – I had an error in content.
>
> Best regards,
>
>
I don't know if this is your problem, but there is an error in the rest api
documentation concerning for example the way to get of a policy thanks to
the service-name and policy-name.
The error is a missing level in the api arborescence.
In the documentation, you can see this :
/public/v2/api/
Hello everyone !
I send you this mail about a question related to the storage HDFS of the
audit.
I use Ranger for three plugins first :
- HDFS
- Kafka
- HBase
I have two namenodes, two Hbase-masters, 100 region servers and 30 kafka
brokers.
I notices that I have ony audit file per server per
Hello !
I send you this mail, because on one of my cluster, I installed ranger and
activated the ssl.
I checked the logs in ranger usersync and I saw the following error :
###
(...)
08 Jul 2016 17:58:24 INFO UnixAuthenticationService [main] - Starting User
Sync Service!
08 Jul 2016 17:58:24 INFO
e. This is to avoid making call to the
> ldap so frequently. ranger.usersync.sleeptimeinmillisbetweensynccycl is
> configurable for UNIX/file sync source.
>
> I guess you can restart usersync if you want to sync immediately.
>
>
> -Thanks,
>
> Deepak
>
>
>
> anything on the admin side?
>
> Thanks
>
> Bosco
>
>
> From: Lune Silver <lunescar.ran...@gmail.com>
> Reply-To: <user@ranger.incubator.apache.org>
> Date: Friday, June 24, 2016 at 10:45 AM
> To: <user@ranger.incubator.apache.org>
> Subject: Cust
Hello !
Currently when activating encryption between plugins and admin, admin uses
the default truststore of java.
Is it possible to specify a custom truststore for ranger admin ?
BR.
Lune
Hello !
I'm using HDP 2.3.4.7 and Ambari 2.2.1.
I enabled the group syncing in addition to user syncing in the tab "Ranger
User info" in the sub-tab "Group Configs".
At 11h46 today, I created a group and added a user in this group.
###
# ipa group-add test11h46
Description: test11h46
Hello !
I have an HDP 2.3.4.7 with Ambari 2.2.1.
I enabled ranger for three plugins :
- HDFS
- HBase
- Kafka.
For each one of these plugins, in their configuration in Ambari, in the
paragraph Advanced ranger--plugin-properties, there is a
property called :
###
Policy user for
###
And it it
0.8.1/package/scripts/service_check.py>
> <https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
> <https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-serv
Hello !
I'm using an HDP 2.3.4.7 with ambari 2.2.1.
I send you this mail because I would like to know what are the permissions
necessary for the user ambari-qa on kafka when Ranger is enabled ?
By default, ambari creates a policy in which this user has all the right on
everything (resource=*
point.java:314)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Do you see any exceptions in xa_portal.log when you do this rest call ?
> This will give some idea of what is wrong.
>
> Thanks,
> Ramesh
>
> From: Lune Silver <lunescar.ran...@gmail.com>
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incuba
groups with no members or
> users that are part of the user search. We added this support recently as
> part of (RANGER-869). Once you add a new group and add any user to be
> member of that new group, then the group should be sync’d at the next sync
> cycle without a restart.
>
>
Hello !
Sorry to spam the mailing list, but I have another topic.
With the HDP 2.3.4, is it possible to create kafka policies with the REST
API ?
I tried to use the API v2 from the wiki, but I think the API v2 is not
taken into account in this version.
Hello !
I'm using HDP 2.3.4 and I'm trying to use REST API of Ranger to create
policies.
May I use the v2 API or should I use the previous one ?
I tried the following :
###
curl -i -vvv -k -u amb_ranger_admin -H "Content-Type: application/json" -X
POST
I also noticed the following error message in ambari :
###
2016-05-19 16:47:25,132 - Error creating repository. Http status code - 404.
###
The password for amb_ranger_admin is OK (it works both in ranger ui and in
the ldap)
BR.
Lune.
Hello !
I just enabled kafka plugin on my cluster and I'm encountering the
following problem.
The kafka-broker cannot start anymore.
In the Ambari UI, the start of a kafka-broker is stuck forever with the
following error message :
###
2016-05-19 15:43:57,545 -
Okay, so I deactivate the hbase plugin, and then I reactivated it.
And now it works.
I can only imagine there was a problem somewhere the first time I perform
this operation
On Thu, May 19, 2016 at 11:16 AM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello everyone.
>
&g
Hello everyone.
I configured the hbase plugin with SSL this morning and I have a problem
with a permission while I shouldn't have any permission problem.
The hbase plugin is enabled.
I can see in the policy cache the following policy for my user rangerlookup
:
###
"resources": {
Hello !
Does anyone know about these properties please ?
BR.
Lune.
On Tue, May 17, 2016 at 2:47 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Ah, in fact, I checked the wiki and also hortonworks doc and didn't find
> some explanations about other properties also in HDFS c
Hey guys !
My problem was the fact that I let the hadoop.rpc.protection field empty in
the repository definition.
I put the default value authentication and now the test connect button
works and the auto-completion works too.
BR.
Lune.
On Wed, May 18, 2016 at 11:39 AM, Lune Silver
op environment [].
###
The user rangerhdfslookup exists in my kerberos db, a kinit
rangerhdfslookupwith the right password works fine, and this is the same
password that I put in the repository definition, and in the ambari UI.
BR.
Lune.
On Wed, May 18, 2016 at 10:15 AM, Lune Silver <lunescar.
ugin in the property "Common Name
For Certificate".
In the Ranger Admin UI, I checked that, in the repository definition, there
is also this property with the right value.
Do you think Is there something wrong ?
BR.
Lune.
On Tue, May 17, 2016 at 3:45 PM, Lune Silver <lunescar.ran..
Hello !
I just enabled the HDFS plugin for Ranger.
The repository was created by Ambari (2.2.1 with HDP cluster 2.3.2).
In the Ranger Admin UI, in the repository edit window, when I check on the
button "test connection", I have the following error message :
###
Unable to connect repository with
3. xasecure.policymgr.clientssl.truststore.credential.file
4. Audit provider summary enabled
Thank you in advance for your help.
Best regards.
Lune.
On Tue, May 17, 2016 at 1:13 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello !
>
> I send you this mail because I was
Hello !
I send you this mail because I was wondering what was the usage of the
following property :
dfs.namenode.inode.attributes.provider.class
It was automatically added to the hdfs-site.xml when I enabled the HDFS
plugin for Ranger.
I was wondering what was the usage of this property ?
BR.
?
Furthermore, what are the powers of this user ? Is he able to perform a lot
of operations in ranger admin ?
BR.
Lune.
On Fri, May 13, 2016 at 6:11 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> It is the same. I have the same error message.
> But there is something strange, I can
ot;
else
echo "ERROR: Required file, not found: ${CFG_FILE}, Aborting
installation"
exit 8
fi
mv ${cdir}/conf/unixauthservice.properties
${cdir}/conf/unixauthservice.properties.${curDt}
mv ${cdir}/conf/unixauthservice.properties.tmp
${cdir}/conf/unixauthservice.properties
###
e properties are configured only when the rangerusersync user’s
> default password in changed.
> Changing the default password is a 2-step process – 1. Update the password
> in Ranger UI, 2. Run updatepolicymgrpassword.sh to update the key store.
>
> - Sailaja.
>
> From: Lune
using the apache master ranger, then log4j.properties file is
> used instead of log4j.xml
>
> Thanks,
> Ramesh
>
> From: Lune Silver <lunescar.ran...@gmail.com>
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date:
Hello !
I send you this mail because I would like to increase the loglevel for the
component ranger admin in order to check a problem that I have.
Do you know how to do that ?
BR.
Lune
n Thu, May 12, 2016 at 12:33 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello everyone !
>
> I am using HDP 2.3.2 with Ambari 2.2.1.
> I installed Ranger Admin and Ranger Usersync with SSL.
> They are both green in Ambari UI and there is no error in the logs of
Hello everyone !
I am using HDP 2.3.2 with Ambari 2.2.1.
I installed Ranger Admin and Ranger Usersync with SSL.
They are both green in Ambari UI and there is no error in the logs of both
component.
The thing is, when I try to log in the Ranger Admin UI, I always have the
following error :
###
Hello !
I found that the problem was coming from the password for the usersync
truststore.
I tried to set up a new one and now it works fine.
BR.
Lune.
On Wed, May 11, 2016 at 5:59 PM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> hello !
>
> I enabled the ssl for ranger adm
hello !
I enabled the ssl for ranger admin successfully, but now I have a problem
to set up the SSL for usersync.
I followed the following doc :
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/configure_ambari_ranger_ssl_self_signed_cert_usersync.html
But
rowse/RANGER-859
>
> As a workaround, you can create symlinks under /var/log/ranger to point to
>
>
> From: Lune Silver <lunescar.ran...@gmail.com>
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date: Tuesday, May 10
Hello !
I'm using HDP 2.3.2 with ambari 2.2.1 and I have a problem with ranger
which does not take into account the logging dir I set in the conf.
I set the following properties in the tab advanced -> Advanced ranger-env :
- ranger_admin_log_dir = /ranger/admin
- ranger_usersync_log_dir =
.
Lune
On Tue, May 10, 2016 at 10:36 AM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello !
>
> I'm trying to install Ranger Admin with Ambari 2.2.1 and I got the
> following exception during the installation :
> ###
>
> 2016-05-10 10:25:47,952 - Execute['pyth
Hello !
I'm trying to install Ranger Admin with Ambari 2.2.1 and I got the
following exception during the installation :
###
2016-05-10 10:25:47,952 - Execute['python
/usr/hdp/current/ranger-admin/db_setup.py'] {'logoutput': True,
'environment': {'RANGER_ADMIN_HOME':
rrently the default values are:
> ranger.usersync.pagedresultsenabled is "false"
> ranger.usersync.pagedresultssize is "500"
>
> Thanks,
> Sailaja
>
> On Apr 20, 2016, at 9:01 AM, Don Bosco Durai <bo...@apache.org> wrote:
>
> Sailaja, what is
t;
> Lune – unix auth service running as part of usersync is applicable only if
> unix authentication method is chosen in ranger admin. For LDAP/AD
> authentication methods, ranger admin will authenticate the user directly
> against LDAP/AD.
>
> From: Lune Silver <lunescar.ran...@gmail
In fact, I am wondering, isn't this file only created if I choose a
textfile as a source for usersync ?
BEst regards.
Lune
On Thu, Apr 21, 2016 at 10:47 AM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello !
>
> I send you this mail concerni
do not call usersync.
>>
>> Could you confirm which services make call to this listen port?
>> Thanks
>> Dilli
>>
>>
>> On Wed, Apr 20, 2016 at 1:50 PM, Sailaja Polavarapu <
>> spolavar...@hortonworks.com> wrote:
>>
>>> Hi Lune,
&
Hello !
I send you this mail concerning the property
ranger.usersync.filesource.file.
I was wondering which size I have to plan for this file ?
How is this file organized ?
It is like /etc/passwd and /etc/group ?
Does ranger keep old versions of this file or is it overwritten everytime ?
Best
erties are written to xml file, and if unset its written
> to install.properties.
>
> HTH. Thanks.
>
>
> On Tue, Mar 22, 2016 at 4:05 PM, Lune Silver <lunescar.ran...@gmail.com>
> wrote:
>
>> Hello !
>>
>> I send you this mail concerning the p
and the keystore file is to activate ssl for usersync ?
Best regards.
Tale.
On Tue, Mar 22, 2016 at 11:28 AM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello Gautam.
>
> Thank you for your answer.
>
> Best regards.
>
> Lune.
>
>
>
>
>
> On Tue
Hello !
I send you this mail concerning the property "xml_configurations_supported".
I cannot find any information about this property in the documentation.
What is the définition of the property "xml_configurations_supported" ?
Best regards.
Lune
Hello !
I'm currently writing an installation book for my team and myself and I'm
in the Advanced ranger-admin-site in Ambari UI.
In this part, I can see two parameters :
- ranger.credential.provider.path : file for credential store
- ranger.https.attrib.keystore.file : ranger admin keystore
Q1
/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java#L300-L317
> >
>
> @Lune Above information is "good to know" but may not be helpful to solve
> a specific problem. Is there a specific problem you are trying to solve?
> If you tell us
for sure that "create topics" is not controlled/ governed by any
> ranger permission. It has to be done by a superuser.
>
>
> *Cheers !!*
> Arvind
>
> On Thu, Feb 18, 2016 at 8:48 PM, Lune Silver <lunescar.ran...@gmail.com>
> wrote:
>
>> Hello !
&
62 matches
Mail list logo