Hi Sanket, Since the issue is just auto lookup of the ranger tables / columns in SSL environment, it might be mostly the configuration. Note that its not necessary that the auto lookup should function correctly for ranger hive plugin to work. It just a convenience for looking up the resource. But if you want to configure it correctly check that 2 way SSL between the Ranger Admin and HiveServer2 Ranger plugin is configured correctly with trusted properly imported.
Please check this out. https://www.youtube.com/watch?v=Y9MzcyAj3jg Thanks, Ramesh From: Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Wednesday, January 9, 2019 at 4:36 AM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: Re: ranger fails to connect with hive metastore Check the jdbc.url property in the Ranger/Hive Service config. It should be the same as what you would have used with beeline on command line. Bosco From: Sanket Gaykar <sanketgaykar....@gmail.com<mailto:sanketgaykar....@gmail.com>> Reply-To: <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Wednesday, January 9, 2019 at 4:31 AM To: <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: Re: ranger fails to connect with hive metastore Can someone please address this issue. On Fri, 4 Jan 2019 at 17:42, Sanket Gaykar <sanketgaykar....@gmail.com<mailto:sanketgaykar....@gmail.com>> wrote: Hi, We have a dedicate instance for Apache Ranger, where we run the ranger-admin service, also we have installed the Ranger hive plugin on the instance where HiveServer2 is running. Below are the configurations we have: 1. Ranger(Ranger-Admin) running on SSL and Kerberos. 2. HiveServer2 running on SSL and Kerberos. 3. Hive Metastore (mysql) runs only SSL. Web Ui has the following configurations: Service name : hive Active status: enabled Username: admin Password: *** Extra configurations: hive.site.file.path: /etc/hive/conf/hive-site.xml policy.auth.download.users: hive tag.auth.download.users:hive enable.hive.metastore.lookup: true However when ranger tries to connect to Hive Metastore when using auto suggest while creating policies we get the following error: SASL negotiation failure. No common protection layer between client and server.
