Hello Ranger Community, I have a question to ask. I am seeing null pointer exception in the case of no policies available to be pulled in hive and hdfs ranger 2.1 version but im using trino and kafka with ranger 2.3 or ranger 3.0.0-snapshot and there i have not faced any such issue has this issue been fixed for hive and hdfs in 2.3/3.0.0 as well should i bother upgrading to it for this reason?
On Fri, 9 Jun 2023 at 12:59, Jialiang Cai <jialiangca...@gmail.com> wrote: > Hello Ranger community, I have a question to ask. In Ranger version > 1.x,when Kerberos is enabled and Ranger plugin is subsequently activated, > HDP uses the component's own principal, such as the HDFS user's principal, > to communicate with Ranger to create HDFS service and policy. > > However, in Ranger 2.3 and Ranger 2.4, this action no longer works and an > error is reported: "rangerlookup specified in policy does not exist in > ranger admin”. > > To reproduce this issue, one can install Ranger after enabling Kerberos in > the cluster, activate the plugin, and then restart > the component. After restarting, it can be observed in the Ranger UI that > the service and policy have not been created. The error message can be > found in the service start log in Ambari UI and in the Ranger admin log. > > Manually creating a rangerlookup user in the Ranger UI and then restarting > the component will automatically create the corresponding service and > policy. > > Here is the command to create the service and policy after Ranger is > enabled > > ``` > /var/lib/ambari-agent/ambari-sudo.sh su hbase -l -s /bin/bash -c 'curl > --location-trusted -k --negotiate -u : -b > /var/lib/ambari-agent/tmp/cookies/227537ab-6202-444d-b908-b64a4e2c8e64 -c > /var/lib/ambari-agent/tmp/cookies/227537ab-6202-444d-b908-b64a4e2c8e64 > http://gs-server-13481:6080/service/public/v2/api/service > --connect-timeout 10 --max-time 12 -H '"'"'Content-Type: > application/json'"'"' -X POST -d '"'"'{"isEnabled": "true", "type": > "hbase", "configs": {"username": "hbase", "policy.grantrevoke.auth.users": > "hbase", "hadoop.security.authentication": "kerberos", > "default-policy.1.policyItem.1.users": "ambari-qa", "default-policy.1.name": > "Service Check User Policy for Hbase", > "default-policy.1.policyItem.1.accessTypes": "read,write,create", > "hbase.security.authentication": "kerberos", > "setup.additional.default.policies": "true", "tag.download.auth.users": > "hbase", "commonNameForCertificate": "", > "hbase.zookeeper.property.clientPort": "2181", "hbase.zookeeper.quorum": > "gs-server-13481,gs-server-13482,gs-server-13806", > "default-policy.1.resource.table": "ambarismoketest", > "zookeeper.znode.parent": "/hbase-secure", "password": "hbase", > "policy.download.auth.users": "hbase", "hbase.master.kerberos.principal": > "hbase/_h...@gdhthreetwo.com", "default-policy.1.resource.column": "*", > "default-policy.1.resource.column-family": "*"}, "name": > "GdhThreeTwo_hbase", "description": "hbase repo"}'"'"' 1>/tmp/tmpP7nnJT > 2>/tmp/tmp3kBHCP' > ```
