Re: Error Setting up Ranger-Admin

[Don Bosco Durai]

Good. I already typed it, so let me paste it for the benefit of others. We need 
to update the doc also. If you don’t mind, can you create a JIRA to track this?

  1.  Go to RangerAdmin UI -> AccessManager (first menu tab is already opened 
by default)
  2.  Click on “+” in the HDFS panel title
  3.  Enter Service Name: e.g. “${cluster_name}_hdfs. Cluster name could be 
anything. You can call the repo “test_hdfs” if you want to
  4.  UserName: ranger  (doesn’t matter whether it exists because you are not 
using kerberos)
  5.  Password: ranger (doesn’t matter what you give)
  6.  Namenode URL: hdfs://<namenode_host>:8020
  7.  Authorization Enabled: No
  8.  Authentication Type: Simple
  9.  Rest you can leave it as default.

Save this screen. Then use the same name e.g “test_hdfs” in your 
install.properties for enabling Ranger in HDFS. Then restart namenode.

Is the plugin request showing up in the Audit->Plugin tab?

If the plugin is showing up, then that means authorization and auditing is 
already working.

For configuring policies, we need to configure UserSync. The install/configure 
process is same for all processes. You need to update the install.properties 
with the appropriate values.
Set  SYNC_SOURCE = ldap
And check the section "Table: LDAP/AD Properties with sample values” for 
reference values.

Please note that for using LDAP within Hadoop, you need to configure Hadoop 
core-site.xml to use LDAP. You might be already knowing it. Just want to make 
sure.

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Tuesday, July 28, 2015 at 11:13 AM
To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Error Setting up Ranger-Admin

Luckily i have created the service myself. Thanks for your timely help.

Can you please tell me now what should be the next step. I want to explore all 
the functionality i.e.,

sync LDAP contacts
perform authorization etc

On Tue, Jul 28, 2015 at 11:07 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
There are no errors in NameNode logs.

Can you please tell me how to create service/repo using Ranger Admin?

On Tue, Jul 28, 2015 at 10:48 PM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
Yes, this is link I was about to redirect you to.

Sorry, I might have assumed incorrectly on your initial question. ./setup.sh is 
called only for installing RangerAdmin. Good it seems you have made progress on 
installing RangerAdmin.

I also assume, your ./enable-hdfs-plugin.sh went through fine.

Looking into the Apache Ranger document, it seems it doesn’t explicitly call 
out to create a repo/service for HDFS in RangerAdmin. In the install.properties 
for HDFS, what value have you given for the property “REPOSITORY_NAME”? You 
need to create a service/repo in RangerAdmin with the same name.

Also, after you restart HDFS namenode, can you check the namenode logs for any 
error?

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Tuesday, July 28, 2015 at 10:16 AM

To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Error Setting up Ranger-Admin

And i'm using following link for installation:

https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation

I'm upto Enabling Ranger HDFS Plugins section (e)

  *   You can verify by logging into the Ranger Admin Web interface ­> Audit > 
Agents.
  *   You can verify the plugin is communicating to Ranger admin in 
Audit-­>plugins tab

where i don't see any audits ensuring hdfs plugin is communicating to Ranger 
Admin.

On Tue, Jul 28, 2015 at 10:11 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
I'm planning to secure HDFS and i'm using Knox for authentication using REST 
API.

Yes i'm still able to access the RangerAdmin UI. I'm just curious how to sync 
LDAP contacts in APache Ranger.

Secondly if the document is related to 0.4 and i'm linked with 0.5, then how 
should i proceed? Do you have any fruitful link, i should follow? (being a 
novice)

On Tue, Jul 28, 2015 at 10:04 PM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
Aneela

The document you linked is for Apache Ranger 0.4. There subtle changes in 
Apache Ranger 0.5.

Just curious, how you were able to access RangerAdmin UI? Did the installation 
continued after the install failure?

Also, can you give additional information of your env? I can try reproducing it.

Also, which components are you planning secure? (HDFS, Hive, Hbase, Solr, YARN, 
Storm, etc)

Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Tuesday, July 28, 2015 at 5:19 AM
To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Re: Error Setting up Ranger-Admin

And secondly my Ranger UI does not Match the UI as shown in the following link:

http://pivotalhd.docs.pivotal.io/docs/ranger-user-guide.html#Item1.4.2

There is no Policy Manager Tab and no Manage Repository Thing.

On Tue, Jul 28, 2015 at 5:17 PM, Aneela Saleem 
<ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote:
Hi Bosco,

I did as you suggested but still getting same error.

On Tue, Jul 28, 2015 at 4:49 AM, Don Bosco Durai 
<bo...@apache.org<mailto:bo...@apache.org>> wrote:
The properties file looks good..

I am not sure whether it is because of python 2.7. Is it possible for you to 
use python 2.6?

Try changing the below to where 2.6 is installed.

PYTHON_COMMAND_INVOKER=python


Thanks

Bosco


From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>>
Reply-To: 
"user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Date: Monday, July 27, 2015 at 2:02 PM
To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" 
<user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>>
Subject: Error Setting up Ranger-Admin

Hi all,

I have followed this link

https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation

But when i run ./setupsh, i get the following error at the end:

Traceback (most recent call last):
  File "update_property.py", line 40, in <module>
    
write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value)
  File "update_property.py", line 21, in write_properties_to_xml
    if(os.path.isfile(xml_path)):
  File "/usr/lib/python2.7/genericpath.py", line 29, in isfile
    st = os.stat(path)
TypeError: coercing to Unicode: need string or buffer, NoneType found
2015-07-28 01:38:57,308  [E] Update property failed for:

Attached is the install.proprties file.

I'm new to Apache Knox, can anyone please guide me. I'm having troubles in 
installing Apache Ranger.

Thanks