Aneela, thanks Madhan, we should have both the jars in our plugin impl folder and make sure it works. Aneela, if you don't mind, can you do one experiment? Can you revert your change? Have the old httpcore in the hbase lib folder, but add the 4.2.5 in the ranger-impl folder (check under lib folder) and try it out? If it works, then we don't have to manually update the hbase libraries. Thanks Bosco
_____________________________ From: Aneela Saleem <ane...@platalytics.com> Sent: Sunday, December 6, 2015 5:09 AM Subject: Re: Hbase policy issue To: <user@ranger.incubator.apache.org> The issue was due to incompatible http-core version. Hbase by default has old version oh http-core. Replace old one with httpcore-4.4.2.jar that is compatible with httpclient-4.2.5.jar. On Sat, Dec 5, 2015 at 10:43 PM, Aneela Saleem <ane...@platalytics.com> wrote: Hi Madhan! In my Hadoop directory, The command find . -name "ranger-plugins-common*.jar" | xargs ls –l produces following output ./share/hadoop/hdfs/lib/ranger-hdfs-plugin-impl/ranger-plugins-common-0.5.0.jar And above authorization issue is resolved now. Thanks On Sat, Dec 5, 2015 at 10:33 PM, Madhan Neethiraj <mad...@apache.org> wrote: Aneela, Was the earlier issue with HBase authorization resolved now? This exception should not impact the authorization. Thanks, Madhan From: Aneela Saleem <ane...@platalytics.com> Reply-To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> Date: Saturday, December 5, 2015 at 9:28 AM To: " user@ranger.incubator.apache.org" < user@ranger.incubator.apache.org> Subject: Re: Hbase policy issue Hi Madhan! I reinstallled hbase plugin and checked the logs. Now the exception changed to following 2015-12-05 22:25:42,251 FATAL [org.apache.ranger.audit.queue.AuditBatchQueue0] destination.SolrAuditDestination: Can't connect to Solr server. URL=[ http://192.168.23.126:6083/solr/ranger_audits] java.lang.NoSuchFieldError: DEF_CONTENT_CHARSET at org.apache.http.impl.client.DefaultHttpClient.setDefaultHttpParams(DefaultHttpClient.java:175) at org.apache.http.impl.client.DefaultHttpClient.createHttpParams(DefaultHttpClient.java:158) at org.apache.http.impl.client.AbstractHttpClient.getParams(AbstractHttpClient.java:448) at org.apache.solr.client.solrj.impl.HttpClientUtil.setConnectionTimeout(HttpClientUtil.java:267) at org.apache.solr.client.solrj.impl.LBHttpSolrClient.setConnectionTimeout(LBHttpSolrClient.java:460) at org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:116) at org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:138) at org.apache.ranger.audit.queue.AuditBatchQueue.runDoAs(AuditBatchQueue.java:320) at org.apache.ranger.audit.queue.AuditBatchQueue$1.run(AuditBatchQueue.java:217) at org.apache.ranger.audit.queue.AuditBatchQueue$1.run(AuditBatchQueue.java:215) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1594) at org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:223) at java.lang.Thread.run(Thread.java:745) On Sat, Dec 5, 2015 at 9:58 PM, Hafiz Mujadid <hafizmujadi...@gmail.com> wrote: hi Madhan! I have compiled ranger master branch code. Both the hbase and hbase-admin have same versions. I have hbase version 1.1.2. Thanks On Sat, Dec 5, 2015 at 9:20 PM, Madhan Neethiraj <mad...@apache.org> wrote: Aneela, It looks like the Ranger HBase plugin used in this environment is from an earlier version than the Ranger Admin. Can you please send the version details to troubleshoot this further? While we look at fixing the issue in the code, you should be able to continue by using Ranger HBase plugin from the same version as Ranger Admin. Thanks, Madhan From: Aneela Saleem < ane...@platalytics.com> Reply-To: " user@ranger.incubator.apache.org" < user@ranger.incubator.apache.org> Date: Saturday, December 5, 2015 at 7:43 AM To: " user@ranger.incubator.apache.org" < user@ranger.incubator.apache.org> Subject: Hbase policy issue Hi! I have made a policy on hbase table emp with column family f1 and column name. I gave mike user the permission of read and roger have all permissions. But when i scan table using user mike or roger even. It does not allow ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user ‘roger',action: scannerOpen, tableName:emp, family:f1 No audits are being shown and hbase logs have following exception 2015-12-05 20:42:32,976 ERROR [Thread-75] util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to refresh policies. Will continue to use last known version of policies (-1) com.sun.jersey.api.client.ClientHandlerException: org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized field "isEnabled" (Class org.apache.ranger.plugin.model.RangerPolicy$RangerPolicyItem), not marked as ignorable at [Source: sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@28826668; line: 1, column: 938] (through reference chain: org.apache.ranger.plugin.util.ServicePolicies["policies"]->org.apache.ranger.plugin.model.RangerPolicy["policyItems"]->org.apache.ranger.plugin.model.RangerPolicyItem["isEnabled"]) at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:563) at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:506) at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:76) at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:205) at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:175) at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:154) Caused by: org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized field "isEnabled" (Class org.apache.ranger.plugin.model.RangerPolicy$RangerPolicyItem), not marked as ignorable at [Source: sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@28826668; line: 1, column: 938] (through reference chain: org.apache.ranger.plugin.util.ServicePolicies["policies"]->org.apache.ranger.plugin.model.RangerPolicy["policyItems"]->org.apache.ranger.plugin.model.RangerPolicyItem["isEnabled"]) at org.codehaus.jackson.map.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:53) at org.codehaus.jackson.map.deser.StdDeserializationContext.unknownFieldException(StdDeserializationContext.java:267) at org.codehaus.jackson.map.deser.std.StdDeserializer.reportUnknownProperty(StdDeserializer.java:673) at org.codehaus.jackson.map.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:659) at org.codehaus.jackson.map.deser.BeanDeserializer.handleUnknownProperty(BeanDeserializer.java:1365) at org.codehaus.jackson.map.deser.BeanDeserializer._handleUnknown(BeanDeserializer.java:725) at org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:703) at org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:580) at org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:217) at org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:194) at org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:30) at org.codehaus.jackson.map.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:299) at org.codehaus.jackson.map.deser.SettableBeanProperty$FieldProperty.deserializeAndSet(SettableBeanProperty.java:579) at org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:697) at org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:580) at org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:217) at org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:194) at org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:30) at org.codehaus.jackson.map.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:299) at org.codehaus.jackson.map.deser.SettableBeanProperty$FieldProperty.deserializeAndSet(SettableBeanProperty.java:579) at org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:697) at org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:580) at org.codehaus.jackson.map.ObjectMapper._readValue(ObjectMapper.java:2704) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1315) at org.codehaus.jackson.jaxrs.JacksonJsonProvider.readFrom(JacksonJsonProvider.java:419) at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:553) ... 5 more 2015-12-05 20:42:32,977 WARN [Thread-75] util.PolicyRefresher: cache file does not exist or not readble '/etc/ranger/hbasedev/policycache/hbaseRegional_hbasedev.json' Thanks -- Regards: HAFIZ MUJADID