Unable to get listing of files for directory [/]

Hello ! I enabled yesterday the plugin HDFS with Ranger 0.5 on HDP 2.3.4.7. In Ranger UI, in the hdfs repository definition (with all the parameters for the repository), when I click on "test connection", I have an error message saying that the test failed. And in the xa_portal.log, I can see

Questions on properties for the hdfs repository

Hello ! I'm using Ranger embedded with HDP 2.3.4.7 (this is Ranger 0.5) I have some kerberized clusters. On two clusters A1 and A2, I don't have namenode HA. On two other clusters, B1 and B2, I have namenodo HA. My first question concerns the property dfs.datanode.kerberos.principal. I don't

Re: Ranger REST API - Search Service - Parameter type seems not to work

g/apache/ranger/plugin/util/SearchFilter.java> > . > > > > Hope this helps. > > > > Madhan > > > > > > *From: *Lune Silver <lunescar.ran...@gmail.com> > *Reply-To: *"user@ranger.incubator.apache.org" < > user@ranger.

Ranger REST API - Search Service - Parameter type seems not to work

Hello everyone ! I'm currently testing the Ranger REST API with Ranger 0.5 (embedded in HDP2.3.4.7). I'm trying to get the list of services for a specific plugin. It works fine. But when I try the type filter (hdfs, yarn etc...), it does not seem to take this filter into account. Here is the

About the audit Summarization

Hello everyone. I enabled the audit for kafka with Ranger with an HDP 2.3.4.7. I set to true the following property : xasecure.audit.provider.summary.enabled. During one minute, I launch a producer adding one message into a specific topic every second. The default agregation time is 5 seconds

Re: Audit to secure solr with digest authentication

box. > > > > The best option for you is to update the Ranger 0.5 code base to read > user/password from the plugin configuration file and use them in the > SolrAuditDestination java class. And replace the plugin jars for the > component you are using. > > > >

Audit to secure solr with digest authentication

Hello ! I'm trying to use SolR as a storage for ranger audit, but I'm encountering one blocking problem. I'm using HDP 2.3.4.7 and Ambari 2.2.2. In Ambari, for audit on solR, I have two fields - ranger.audit.solr.username - ranger.audit.solr.password I log in the ranger admin UI and check the

Re: About the specification of each plugin(s policy

nts supports > natively. All the service definitions are in this location > agents-common/src/main/resources/service-defs. They are pretty simple and > straight forward. > > > > Bosco > > > > > > *From: *Lune Silver <lunescar.ran...@gmail.com> > *Reply-To: *

About the specification of each plugin(s policy

Hello everyone ! I contact you because I cannot find detailed specification about each plugin policies specificities. Generally these specificities are related to the the policy items part of the policy : - the access rights naturally (for example for kafka, there is consume permission) - the

Re: Kafka and Ranger

/resource_management/libraries/functions/ranger_functions.py So it is not at all a ranger problem, but an ambari problem ;-). Best regards. Lune. On Thu, Aug 4, 2016 at 9:01 AM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello ! > > I have an HDP 2.3.4.7 with Ambari 2.2

Kafka and Ranger

Hello ! I have an HDP 2.3.4.7 with Ambari 2.2.2. I enabled the plugin Kafka for Ranger. I noticed something a little bit annoying. If Ranger Admin is down, Kafka will take a looong time to start, because it tries to connect to Ranger Admin to get the repository. ### Will retry 74 time(s),

Re: Cannot create policy, getting 404

You can use json valider website to validate the json policy you submit. It helped me a lot in the beginning. BR. Lune Le 19 juil. 2016 20:09, "Stromas, Aaron" a écrit : > I should have checked the logs before posting – I had an error in content. > > Best regards, > >

Re: Question about Ranger REST URL with service-name component

I don't know if this is your problem, but there is an error in the rest api documentation concerning for example the way to get of a policy thanks to the service-name and policy-name. The error is a missing level in the api arborescence. In the documentation, you can see this : /public/v2/api/

About the audit stored in HDFS

Hello everyone ! I send you this mail about a question related to the storage HDFS of the audit. I use Ranger for three plugins first : - HDFS - Kafka - HBase I have two namenodes, two Hbase-masters, 100 region servers and 30 kafka brokers. I notices that I have ony audit file per server per

SSL activation for Ranger - Problem with Keystore was tampered with, or password was incorrect in usersync log

Hello ! I send you this mail, because on one of my cluster, I installed ranger and activated the ssl. I checked the logs in ranger usersync and I saw the following error : ### (...) 08 Jul 2016 17:58:24 INFO UnixAuthenticationService [main] - Starting User Sync Service! 08 Jul 2016 17:58:24 INFO

Re: Frequency of synchronization for usersync cannot be less than one hour

e. This is to avoid making call to the > ldap so frequently. ranger.usersync.sleeptimeinmillisbetweensynccycl is > configurable for UNIX/file sync source. > > I guess you can restart usersync if you want to sync immediately. > > > -Thanks, > > Deepak > > >

Re: Custom truststore for ranger admin

> anything on the admin side? > > Thanks > > Bosco > > > From: Lune Silver <lunescar.ran...@gmail.com> > Reply-To: <user@ranger.incubator.apache.org> > Date: Friday, June 24, 2016 at 10:45 AM > To: <user@ranger.incubator.apache.org> > Subject: Cust

Custom truststore for ranger admin

Hello ! Currently when activating encryption between plugins and admin, admin uses the default truststore of java. Is it possible to specify a custom truststore for ranger admin ? BR. Lune

Frequency of synchronization for usersync cannot be less than one hour

Hello ! I'm using HDP 2.3.4.7 and Ambari 2.2.1. I enabled the group syncing in addition to user syncing in the tab "Ranger User info" in the sub-tab "Group Configs". At 11h46 today, I created a group and added a user in this group. ### # ipa group-add test11h46 Description: test11h46

About the usage of the property Policy user for

Hello ! I have an HDP 2.3.4.7 with Ambari 2.2.1. I enabled ranger for three plugins : - HDFS - HBase - Kafka. For each one of these plugins, in their configuration in Ambari, in the paragraph Advanced ranger--plugin-properties, there is a property called : ### Policy user for ### And it it

Re: Ranger - Kafka Plugin - User ambari-qa

0.8.1/package/scripts/service_check.py> > <https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py> > <https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-serv

Ranger - Kafka Plugin - User ambari-qa

Hello ! I'm using an HDP 2.3.4.7 with ambari 2.2.1. I send you this mail because I would like to know what are the permissions necessary for the user ambari-qa on kafka when Ranger is enabled ? By default, ambari creates a policy in which this user has all the right on everything (resource=*

Re: Ranger REST API and Kafka policies

point.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

Re: Ranger REST API and Kafka policies

Do you see any exceptions in xa_portal.log when you do this rest call ? > This will give some idea of what is wrong. > > Thanks, > Ramesh > > From: Lune Silver <lunescar.ran...@gmail.com> > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incuba

Re: usersync - frequency of synchronization actions ?

groups with no members or > users that are part of the user search. We added this support recently as > part of (RANGER-869). Once you add a new group and add any user to be > member of that new group, then the group should be sync’d at the next sync > cycle without a restart. > >

Ranger REST API and Kafka policies

Hello ! Sorry to spam the mailing list, but I have another topic. With the HDP 2.3.4, is it possible to create kafka policies with the REST API ? I tried to use the API v2 from the wiki, but I think the API v2 is not taken into account in this version.

How to use Ranger REST API

Hello ! I'm using HDP 2.3.4 and I'm trying to use REST API of Ranger to create policies. May I use the v2 API or should I use the previous one ? I tried the following : ### curl -i -vvv -k -u amb_ranger_admin -H "Content-Type: application/json" -X POST

Re: Kafka Broker does not start once kafka plugin enabled

I also noticed the following error message in ambari : ### 2016-05-19 16:47:25,132 - Error creating repository. Http status code - 404. ### The password for amb_ranger_admin is OK (it works both in ranger ui and in the ldap) BR. Lune.

Kafka Broker does not start once kafka plugin enabled

Hello ! I just enabled kafka plugin on my cluster and I'm encountering the following problem. The kafka-broker cannot start anymore. In the Ambari UI, the start of a kafka-broker is stuck forever with the following error message : ### 2016-05-19 15:43:57,545 -

Re: HBase Plugin - scan table fails even with read permissions enabled

Okay, so I deactivate the hbase plugin, and then I reactivated it. And now it works. I can only imagine there was a problem somewhere the first time I perform this operation On Thu, May 19, 2016 at 11:16 AM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello everyone. > &g

HBase Plugin - scan table fails even with read permissions enabled

Hello everyone. I configured the hbase plugin with SSL this morning and I have a problem with a permission while I shouldn't have any permission problem. The hbase plugin is enabled. I can see in the policy cache the following policy for my user rangerlookup : ### "resources": {

Re: Enabling HDFS plugin & value of dfs.namenode.inode.attributes.provider.class

Hello ! Does anyone know about these properties please ? BR. Lune. On Tue, May 17, 2016 at 2:47 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Ah, in fact, I checked the wiki and also hortonworks doc and didn't find > some explanations about other properties also in HDFS c

Re:

Hey guys ! My problem was the fact that I let the hadoop.rpc.protection field empty in the repository definition. I put the default value authentication and now the test connect button works and the auto-completion works too. BR. Lune. On Wed, May 18, 2016 at 11:39 AM, Lune Silver

Re:

op environment []. ### The user rangerhdfslookup exists in my kerberos db, a kinit rangerhdfslookupwith the right password works fine, and this is the same password that I put in the repository definition, and in the ambari UI. BR. Lune. On Wed, May 18, 2016 at 10:15 AM, Lune Silver <lunescar.

Re:

ugin in the property "Common Name For Certificate". In the Ranger Admin UI, I checked that, in the repository definition, there is also this property with the right value. Do you think Is there something wrong ? BR. Lune. On Tue, May 17, 2016 at 3:45 PM, Lune Silver <lunescar.ran..

[no subject]

Hello ! I just enabled the HDFS plugin for Ranger. The repository was created by Ambari (2.2.1 with HDP cluster 2.3.2). In the Ranger Admin UI, in the repository edit window, when I check on the button "test connection", I have the following error message : ### Unable to connect repository with

Re: Enabling HDFS plugin & value of dfs.namenode.inode.attributes.provider.class

3. xasecure.policymgr.clientssl.truststore.credential.file 4. Audit provider summary enabled Thank you in advance for your help. Best regards. Lune. On Tue, May 17, 2016 at 1:13 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello ! > > I send you this mail because I was

Enabling HDFS plugin & value of dfs.namenode.inode.attributes.provider.class

Hello ! I send you this mail because I was wondering what was the usage of the following property : dfs.namenode.inode.attributes.provider.class It was automatically added to the hdfs-site.xml when I enabled the HDFS plugin for Ranger. I was wondering what was the usage of this property ? BR.

Re: Cannot log in the Ranger Admin UI

? Furthermore, what are the powers of this user ? Is he able to perform a lot of operations in ranger admin ? BR. Lune. On Fri, May 13, 2016 at 6:11 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: > It is the same. I have the same error message. > But there is something strange, I can

Re: Cannot log in the Ranger Admin UI

ot; else echo "ERROR: Required file, not found: ${CFG_FILE}, Aborting installation" exit 8 fi mv ${cdir}/conf/unixauthservice.properties ${cdir}/conf/unixauthservice.properties.${curDt} mv ${cdir}/conf/unixauthservice.properties.tmp ${cdir}/conf/unixauthservice.properties ###

Re: Cannot log in the Ranger Admin UI

e properties are configured only when the rangerusersync user’s > default password in changed. > Changing the default password is a 2-step process – 1. Update the password > in Ranger UI, 2. Run updatepolicymgrpassword.sh to update the key store. > > - Sailaja. > > From: Lune

Re: How to increase the loglevel for admin and usersync

using the apache master ranger, then log4j.properties file is > used instead of log4j.xml > > Thanks, > Ramesh > > From: Lune Silver <lunescar.ran...@gmail.com> > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incubator.apache.org> > Date:

How to increase the loglevel for admin and usersync

Hello ! I send you this mail because I would like to increase the loglevel for the component ranger admin in order to check a problem that I have. Do you know how to do that ? BR. Lune

Re: Cannot log in the Ranger Admin UI

n Thu, May 12, 2016 at 12:33 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello everyone ! > > I am using HDP 2.3.2 with Ambari 2.2.1. > I installed Ranger Admin and Ranger Usersync with SSL. > They are both green in Ambari UI and there is no error in the logs of

Cannot log in the Ranger Admin UI

Hello everyone ! I am using HDP 2.3.2 with Ambari 2.2.1. I installed Ranger Admin and Ranger Usersync with SSL. They are both green in Ambari UI and there is no error in the logs of both component. The thing is, when I try to log in the Ranger Admin UI, I always have the following error : ###

Re: Problem setting up the SSL for Ranger usersync

Hello ! I found that the problem was coming from the password for the usersync truststore. I tried to set up a new one and now it works fine. BR. Lune. On Wed, May 11, 2016 at 5:59 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: > hello ! > > I enabled the ssl for ranger adm

Problem setting up the SSL for Ranger usersync

hello ! I enabled the ssl for ranger admin successfully, but now I have a problem to set up the SSL for usersync. I followed the following doc : https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/configure_ambari_ranger_ssl_self_signed_cert_usersync.html But

Re: Ranger does not take into account the logging properties from ambari

rowse/RANGER-859 > > As a workaround, you can create symlinks under /var/log/ranger to point to > > > From: Lune Silver <lunescar.ran...@gmail.com> > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incubator.apache.org> > Date: Tuesday, May 10

Ranger does not take into account the logging properties from ambari

Hello ! I'm using HDP 2.3.2 with ambari 2.2.1 and I have a problem with ranger which does not take into account the logging dir I set in the conf. I set the following properties in the tab advanced -> Advanced ranger-env : - ranger_admin_log_dir = /ranger/admin - ranger_usersync_log_dir =

Re: Installing Ranger Admin with Ambari 2.2.1 failed - SQLException : SQL state: 3F000 org.postgresql.util.PSQLException: ERROR: no schema has been selected to create in ErrorCode: 0

. Lune On Tue, May 10, 2016 at 10:36 AM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello ! > > I'm trying to install Ranger Admin with Ambari 2.2.1 and I got the > following exception during the installation : > ### > > 2016-05-10 10:25:47,952 - Execute['pyth

Installing Ranger Admin with Ambari 2.2.1 failed - SQLException : SQL state: 3F000 org.postgresql.util.PSQLException: ERROR: no schema has been selected to create in ErrorCode: 0

Hello ! I'm trying to install Ranger Admin with Ambari 2.2.1 and I got the following exception during the installation : ### 2016-05-10 10:25:47,952 - Execute['python /usr/hdp/current/ranger-admin/db_setup.py'] {'logoutput': True, 'environment': {'RANGER_ADMIN_HOME':

Re: Property ranger.usersync.pagedresultsenabled

rrently the default values are: > ranger.usersync.pagedresultsenabled is "false" > ranger.usersync.pagedresultssize is "500" > > Thanks, > Sailaja > > On Apr 20, 2016, at 9:01 AM, Don Bosco Durai <bo...@apache.org> wrote: > > Sailaja, what is

Re: Informationn about properties of Ranger

t; > Lune – unix auth service running as part of usersync is applicable only if > unix authentication method is chosen in ranger admin. For LDAP/AD > authentication methods, ranger admin will authenticate the user directly > against LDAP/AD. > > From: Lune Silver <lunescar.ran...@gmail

Re: About the size of ranger.usersync.filesource.file

In fact, I am wondering, isn't this file only created if I choose a textfile as a source for usersync ? BEst regards. Lune On Thu, Apr 21, 2016 at 10:47 AM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello ! > > I send you this mail concerni

Re: Informationn about properties of Ranger

do not call usersync. >> >> Could you confirm which services make call to this listen port? >> Thanks >> Dilli >> >> >> On Wed, Apr 20, 2016 at 1:50 PM, Sailaja Polavarapu < >> spolavar...@hortonworks.com> wrote: >> >>> Hi Lune, &

About the size of ranger.usersync.filesource.file

Hello ! I send you this mail concerning the property ranger.usersync.filesource.file. I was wondering which size I have to plan for this file ? How is this file organized ? It is like /etc/passwd and /etc/group ? Does ranger keep old versions of this file or is it overwritten everytime ? Best

Re: About the property xml_configurations_supported

erties are written to xml file, and if unset its written > to install.properties. > > HTH. Thanks. > > > On Tue, Mar 22, 2016 at 4:05 PM, Lune Silver <lunescar.ran...@gmail.com> > wrote: > >> Hello ! >> >> I send you this mail concerning the p

Re: Difference between ranger.credential.provider.path and ranger.https.attrib.keystore.file

and the keystore file is to activate ssl for usersync ? Best regards. Tale. On Tue, Mar 22, 2016 at 11:28 AM, Lune Silver <lunescar.ran...@gmail.com> wrote: > Hello Gautam. > > Thank you for your answer. > > Best regards. > > Lune. > > > > > > On Tue

About the property xml_configurations_supported

Hello ! I send you this mail concerning the property "xml_configurations_supported". I cannot find any information about this property in the documentation. What is the définition of the property "xml_configurations_supported" ? Best regards. Lune

Difference between ranger.credential.provider.path and ranger.https.attrib.keystore.file

Hello ! I'm currently writing an installation book for my team and myself and I'm in the Advanced ranger-admin-site in Ambari UI. In this part, I can see two parameters : - ranger.credential.provider.path : file for credential store - ranger.https.attrib.keystore.file : ranger admin keystore Q1

Re: Ranger - Kafka - Permission Admin

/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java#L300-L317 > > > > @Lune Above information is "good to know" but may not be helpful to solve > a specific problem. Is there a specific problem you are trying to solve? > If you tell us

Re: Ranger - Kafka - Permission Admin

for sure that "create topics" is not controlled/ governed by any > ranger permission. It has to be done by a superuser. > > > *Cheers !!* > Arvind > > On Thu, Feb 18, 2016 at 8:48 PM, Lune Silver <lunescar.ran...@gmail.com> > wrote: > >> Hello ! &