Hello,
I am currently working on integrating Security feature on Ranger and Ranger KMS and I'm facing some problems. First I got a problem with ranger audit with solr. I have two solr server running (one solr and one infra solr) and Ranger is using the wrong solr url and I got the following log msg : 2017-05-12 07:26:15,165 [http-bio-6182-exec-2] ERROR apache.solr.client.solrj.impl.CloudSolrClient (CloudSolrClient.java:903) - Request to collection ranger_audits failed due to (400) org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://tpcrmm03s.priv.atos.fr:8983/solr/ranger_audits: sort param field can't be found: evtTime, retry? 0 2017-05-12 07:26:15,166 [http-bio-6182-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:78) - Error from Solr server. org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://tpcrmm03s.priv.atos.fr:8983/solr/ranger_audits: sort param field can't be found: evtTime 2017-05-12 07:26:15,167 [http-bio-6182-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:160) - Error running query. query=q=*:*&fq=evtTime:[2017-05-11T22:00:00Z+TO+NOW]&sort=evtTime+desc&start=0&rows=25&_stateVer_=ranger_audits:39, response=null 2017-05-12 07:26:15,167 [http-bio-6182-exec-2] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request failed. loginId=admin, logMessage=Error running query javax.ws.rs.WebApplicationException In my config ranger should use my solr running on port 8886 and not on solr on port 8983 but as you can see he use the wrong one and I don't understand why. I got a second problem with ranger KMS when I want to see my key list on the web UI I got the folowing error : WARN BaseAuditHandler - failed to log audit event: {"repoType":7,"repo":"cluster_crm_kms","reqUser":"keyadmin","evtTime":"2017-05-04 16:42:54.054","access":"getkeys","resType":"keyname","action":"getkeys","result":1,"policy":2,"enforcer":"ranger-acl","cliIP":"0:0:0:0:0:0:0:1","agentHost":"tpcrmm01s","logType":"RangerAudit","id":"ba43beb3-4d4d-4eee-a05b-5a9a5e6ca1ba-0","seq_num":1,"event_count":1,"event_dur_ms":1,"tags":[]} org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from server at http://tpcrmm03s.priv.atos.fr:8983/solr/ranger_audits: java.lang.NullPointerException INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request failed. loginId=keyadmin, logMessage=Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:326) - Operation error. response=VXResponse={org.apache.ranger.view.VXResponse@f96f4fdstatusCode={1} msgDesc={Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running} messageList={[VXMessage={org.apache.ranger.view.VXMessage@4c2abeeename={ERROR_SYSTEM} rbKey={xa.error.system} message={System Error. Please try later.} objectId={null} fieldName={null} }]} } ERROR org.apache.ranger.common.ServiceUtil (ServiceUtil.java:1375) - Unauthorized access. No common name for certificate set. Please check your service config On my ranger kms config I have Specified my Common name for certificate, all my ranger's plugins and ranger are in SSL mode and my KMS database is working. I'm working on Ambari 2.5.0.3 and HDP-2.6.0.3 . If you want more precision or log files tell me. Thanks by advance for your help Fabien VIROT
