Hi Ramesh, Thanks for reply.
Yes, auto lookup is not a compulsory for hive plugin to work, it's an additional part. Hive plugin is able to fetch policies from ranger. We'll definitely try with 2 way ssl and let you know. Just another little doubt was that we are using 1 way ssl between ranger-admin and ranger-db and that works fine. Is 2 way ssl must for auto lookup to work ? On Thu, 10 Jan 2019 at 00:00, Ramesh Mani <rm...@hortonworks.com> wrote: > Hi Sanket, > > Since the issue is just auto lookup of the ranger tables / columns in SSL > environment, it might be mostly the configuration. Note that its not > necessary that the auto lookup should function correctly for ranger hive > plugin to work. It just a convenience for looking up the resource. But if > you want to configure it correctly check that 2 way SSL between the Ranger > Admin and HiveServer2 Ranger plugin is configured correctly with trusted > properly imported. > > Please check this out. > > https://www.youtube.com/watch?v=Y9MzcyAj3jg > > Thanks, > Ramesh > > From: Don Bosco Durai <bo...@apache.org> > Reply-To: "user@ranger.apache.org" <user@ranger.apache.org> > Date: Wednesday, January 9, 2019 at 4:36 AM > To: "user@ranger.apache.org" <user@ranger.apache.org> > Subject: Re: ranger fails to connect with hive metastore > > Check the jdbc.url property in the Ranger/Hive Service config. It should > be the same as what you would have used with beeline on command line. > > > > Bosco > > > > > > *From: *Sanket Gaykar <sanketgaykar....@gmail.com> > *Reply-To: *<user@ranger.apache.org> > *Date: *Wednesday, January 9, 2019 at 4:31 AM > *To: *<user@ranger.apache.org> > *Subject: *Re: ranger fails to connect with hive metastore > > > > Can someone please address this issue. > > > > On Fri, 4 Jan 2019 at 17:42, Sanket Gaykar <sanketgaykar....@gmail.com> > wrote: > > Hi, > > We have a dedicate instance for Apache Ranger, where we run the > ranger-admin service, also we have installed the Ranger hive plugin on the > instance where HiveServer2 is running. Below are the configurations we have: > > > > 1. Ranger(Ranger-Admin) running on SSL and Kerberos. > 2. HiveServer2 running on SSL and Kerberos. > 3. Hive Metastore (mysql) runs only SSL. > > Web Ui has the following configurations: > > Service name : hive > > Active status: enabled > > Username: admin > > Password: *** > > > > Extra configurations: > > > > hive.site.file.path: /etc/hive/conf/hive-site.xml > > policy.auth.download.users: hive > > tag.auth.download.users:hive > > enable.hive.metastore.lookup: true > > > > However when ranger tries to connect to Hive Metastore when using auto > suggest while creating policies we get the following error: > > > > SASL negotiation failure. No common protection layer between client and > server. > > > > > > > > > > > >
