Ranger KMS fails with below error message. Looks "kmsdev" service is not
added in x_service.
Any pointers on why this service is not added into Ranger Admin when
starting Ranger KMS.
2020-12-30 12:02:07,749 INFO RangerBasePlugin - Created PolicyRefresher
Thread(PolicyRefresher(serviceName=kmsdev)-23)
2020-12-30 12:02:08,025 ERROR RangerAdminRESTClient - Error getting Roles;
service not found. secureMode=true, user=rangerkms/rangerh...@example.com
(auth:KERBEROS), response=404, serviceName=kmsdev, lastKnownRoleVersion=-1,
lastActivationTimeInMillis=0
2020-12-30 12:02:08,028 ERROR RangerRolesProvider -
RangerRolesProvider(serviceName=kmsdev): failed to find service. Will clean
up local cache of roles (-1)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: kmsdev
at
org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at
org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdated(RangerAdminRESTClient.java:273)
at
org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRolesFromAdmin(RangerRolesProvider.java:183)
at
org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRoles(RangerRolesProvider.java:123)
at
org.apache.ranger.plugin.util.PolicyRefresher.loadRoles(PolicyRefresher.java:493)
at
org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:143)
at
org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:185)
at
org.apache.ranger.authorization.kms.authorizer.RangerKMSPlugin.init(RangerKmsAuthorizer.java:347)
at
org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.init(RangerKmsAuthorizer.java:304)
at
org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.<init>(RangerKmsAuthorizer.java:128)
at
org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.<init>(RangerKmsAuthorizer.java:154)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at
org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.init(RangerKmsAuthorizer.java:71)
at
org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.<init>(RangerKmsAuthorizer.java:51)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at
org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
at
org.apache.hadoop.crypto.key.kms.server.KMSWebApp.getAcls(KMSWebApp.java:240)
at
org.apache.hadoop.crypto.key.kms.server.KMSWebApp.contextInitialized(KMSWebApp.java:139)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5128)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5653)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1689)
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1679)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2020-12-30 12:02:08,056 ERROR RangerAdminRESTClient - Error getting
policies; service not found. secureMode=true, user=rangerkms/
rangerh...@example.com (auth:KERBEROS), response=404, serviceName=kmsdev,
lastKnownVersion=-1, lastActivationTimeInMillis=0
Below are the configs related to kmsdev service:
ranger-kms-security.xml
************************
<configuration>
<property>
<name>ranger.plugin.kms.policy.cache.dir</name>
<value>/etc/ranger/kmsdev/policycache</value>
</property>
<property>
<name>ranger.plugin.kms.policy.pollIntervalMs</name>
<value>30000</value>
</property>
<property>
<name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
<value>/usr/local/ranger-2.1.0-kms/ews/webapp/WEB-INF/classes/conf/ranger-policymgr-ssl.xml</value>
</property>
<property>
<name>ranger.plugin.kms.policy.rest.url</name>
<value>http://rangerhost:6080</value>
</property>
<property>
<name>ranger.plugin.kms.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
</property>
<property>
<name>ranger.plugin.kms.service.name</name>
<value>kmsdev</value>
</property>
</configuration>
/etc/ranger/kmsdev/policycache/kms_kmsdev.json
***********************************************
{"serviceName":"kmsdev","policies":[],"serviceDef":{"name":"kms","displayName":"kms","implClass":"org.apache.ranger.services.kms.RangerServiceKMS","label":"KMS","description":"KMS","options":{"ui.pages":"encryption","security.allowed.roles":"keyadmin"},"configs":[{"itemId":1,"name":"provider","type":"string","mandatory":true,"label":"KMS
URL"},{"itemId":2,"name":"username","type":"string","mandatory":true,"label":"Username"},{"itemId":3,"name":"password","type":"password","mandatory":true,"label":"Password"}],"resources":[{"itemId":1,"name":"keyname","type":"string","level":10,"parent":"","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"false"},"validationRegEx":"","validationMessage":"","uiHint":"","label":"Key
Name","description":"Key
Name","accessTypeRestrictions":[]}],"accessTypes":[{"itemId":1,"name":"create","label":"Create","impliedGrants":[]},{"itemId":2,"name":"delete","label":"Delete","impliedGrants":[]},{"itemId":3,"name":"rollover","label":"Rollover","impliedGrants":[]},{"itemId":4,"name":"setkeymaterial","label":"Set
Key
Material","impliedGrants":[]},{"itemId":5,"name":"get","label":"Get","impliedGrants":[]},{"itemId":6,"name":"getkeys","label":"Get
Keys","impliedGrants":[]},{"itemId":7,"name":"getmetadata","label":"Get
Metadata","impliedGrants":[]},{"itemId":8,"name":"generateeek","label":"Generate
EEK","impliedGrants":[]},{"itemId":9,"name":"decrypteek","label":"Decrypt
EEK","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]},"id":7,"isEnabled":true},"auditMode":"audit-default"}(base)
[root@sl73caeqaapq041 conf]#
