Hi Fabien: 1] Can you make sure to accept Ambari recommended values (when using internal infra solr or external solr) and confirm the ranger audit configs are updated properly and restart the service.
2] Can you share the errors you see on ranger kms and ranger admin logs? Also share the screenshots/configs of the KMS service config on Ranger UI. Thank you, Vel From: fabien VIROT <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Friday, May 12, 2017 at 5:40 AM To: "[email protected]" <[email protected]> Subject: TR: Some problems with Ranger, Ranger KMS Hello, I am currently working on integrating Security feature on Ranger and Ranger KMS and I'm facing some problems. First I got a problem with ranger audit with solr. I have two solr server running (one solr and one infra solr) and Ranger is using the wrong solr url and I got the following log msg : 2017-05-12 07:26:15,165 [http-bio-6182-exec-2] ERROR apache.solr.client.solrj.impl.CloudSolrClient (CloudSolrClient.java:903) - Request to collection ranger_audits failed due to (400) org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://tpcrmm03s.priv.atos.fr:8983/solr/ranger_audits: sort param field can't be found: evtTime, retry? 0 2017-05-12 07:26:15,166 [http-bio-6182-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:78) - Error from Solr server. org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://tpcrmm03s.priv.atos.fr:8983/solr/ranger_audits: sort param field can't be found: evtTime 2017-05-12 07:26:15,167 [http-bio-6182-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:160) - Error running query. query=q=*:*&fq=evtTime:[2017-05-11T22:00:00Z+TO+NOW]&sort=evtTime+desc&start =0&rows=25&_stateVer_=ranger_audits:39, response=null 2017-05-12 07:26:15,167 [http-bio-6182-exec-2] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request failed. loginId=admin, logMessage=Error running query javax.ws.rs.WebApplicationException In my config ranger should use my solr running on port 8886 and not on solr on port 8983 but as you can see he use the wrong one and I don't understand why. I got a second problem with ranger KMS when I want to see my key list on the web UI I got the folowing error : WARN BaseAuditHandler - failed to log audit event: {"repoType":7,"repo":"cluster_crm_kms","reqUser":"keyadmin","evtTime":"2017- 05-04 16:42:54.054","access":"getkeys","resType":"keyname","action":"getkeys","res ult":1,"policy":2,"enforcer":"ranger-acl","cliIP":"0:0:0:0:0:0:0:1","agentHo st":"tpcrmm01s","logType":"RangerAudit","id":"ba43beb3-4d4d-4eee-a05b-5a9a5e 6ca1ba-0","seq_num":1,"event_count":1,"event_dur_ms":1,"tags":[]} org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from server at http://tpcrmm03s.priv.atos.fr:8983/solr/ranger_audits: java.lang.NullPointerException INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request failed. loginId=keyadmin, logMessage=Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:326) - Operation error. response=VXResponse={org.apache.ranger.view.VXResponse@f96f4fdstatusCode={1} msgDesc={Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running} messageList={[VXMessage={org.apache.ranger.view.VXMessage@4c2abeeename={ERRO R_SYSTEM} rbKey={xa.error.system} message={System Error. Please try later.} objectId={null} fieldName={null} }]} } ERROR org.apache.ranger.common.ServiceUtil (ServiceUtil.java:1375) - Unauthorized access. No common name for certificate set. Please check your service config On my ranger kms config I have Specified my Common name for certificate, all my ranger's plugins and ranger are in SSL mode and my KMS database is working. I'm working on Ambari 2.5.0.3 and HDP-2.6.0.3 . If you want more precision or log files tell me. Thanks by advance for your help Fabien VIROT
