The problem seemed to be resolved after I made two changes. The first change was to call kinit -kt ... in our metron account by updating the .bash_profile file. Once that was set up, I noticed "Denied" entries in Ranger for "metron" (and a few other cluster-related accounts). On closer inspection of the user list in Ranger there were a lot of user accounts missing.
The accounts that were missing from Ranger were those that were part of our Hadoop cluster. In other words, accounts created in LDAP/AD and added to groups for Ranger to sync appeared in the Ranger user accounts list. If accounts were originally created on the local system (Unix accounts), then appeared in LDAP/AD as part of Ambari-Kerberos registration then the accounts were not showing up in Ranger; it did not matter if the Unix accounts were added to the same groups we had set up for individual Users to be synced into Ranger. During the initial Ambari-Ranger service install process, I entered our LDAP/AD information and started usersync pulling information from LDAP/AD. I reinstalled Ranger, and used UNIX usersync for the initial installation. Once the local UNIX accounts, including metron, appeared in Ranger I switched the setting for usersync to use our Active Directory again. Once metron appeared in the user list, I updated the policy to allow metron and made several other changes to unblock storm, etc., and the error went away. Cheers, Tom. On 2020-04-03 15:21:15-07:00 Yerex, Tom wrote: Running Metron 0.7.1 on CentOS7 in a Kerberos-enabled cluster. Metron Admin gui is having problems, the following error appears in metron-rest.log; my hunch is there is a document I need to read and follow, but since there is a few copies of various documents I thought it best to check with the community before going further. org.springframework.web.client.HttpServerErrorException: 500 Server Error at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:97) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:79) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:775) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:728) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191) ~[metron-rest-0.7.1.jar:?] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_112] at javax.security.auth.Subject.doAs(Subject.java:360) ~[?:1.8.0_112] at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:684) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:332) ~[metron-rest-0.7.1.jar:?] at org.apache.metron.rest.service.impl.StormStatusServiceImpl.getAllTopologyStatus(StormStatusServiceImpl.java:87) ~[metron-rest-0.7.1.jar:?] at org.apache.metron.rest.controller.StormController.getAll(StormController.java:64) ~[metron-rest-0.7.1.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:877) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:783) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:866) ~[metron-rest-0.7.1.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851) ~[metron-rest-0.7.1.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.AbstractRequestLoggingFilter.doFilterInternal(AbstractRequestLoggingFilter.java:245) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.apache.metron.rest.web.filter.ResponseLoggingFilter.doFilter(ResponseLoggingFilter.java:61) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[metron-rest-0.7.1.jar:?] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[metron-rest-0.7.1.jar:?] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[metron-rest-0.7.1.jar:?] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [metron-rest-0.7.1.jar:?] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [metron-rest-0.7.1.jar:?] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [metron-rest-0.7.1.jar:?] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [metron-rest-0.7.1.jar:?] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [metron-rest-0.7.1.jar:?] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [metron-rest-0.7.1.jar:?] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [metron-rest-0.7.1.jar:?] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [metron-rest-0.7.1.jar:?] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [metron-rest-0.7.1.jar:?] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [metron-rest-0.7.1.jar:?] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [metron-rest-0.7.1.jar:?] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [metron-rest-0.7.1.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_112] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_112] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [metron-rest-0.7.1.jar:?] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] ....and a number of lines in the metron-management-ui.log: [HPM] Error occurred while trying to proxy request /api/v1/user from someserver:4200 to http://someserver:8082 (ECONNREFUSED) (https://nodejs.org/api/errors.html#errors_common_system_errors) Thank you, Tom.
