Hello ! I found that the problem was coming from the password for the usersync truststore. I tried to set up a new one and now it works fine.
BR. Lune. On Wed, May 11, 2016 at 5:59 PM, Lune Silver <lunescar.ran...@gmail.com> wrote: > hello ! > > I enabled the ssl for ranger admin successfully, but now I have a problem > to set up the SSL for usersync. > > I followed the following doc : > > https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/configure_ambari_ranger_ssl_self_signed_cert_usersync.html > > But unfortunately, I still have one problem in the usersync log : > ### > 11 May 2016 14:20:29 INFO UnixAuthenticationService [main] - Starting > User Sync Service! > 11 May 2016 14:20:29 INFO UnixAuthenticationService [main] - Enabling > Unix Auth Service! > 11 May 2016 14:20:30 INFO UserGroupSync [UnixUserSyncThread] - > initializing sink: > org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder > 11 May 2016 14:20:30 ERROR UserGroupSync [UnixUserSyncThread] - Failed to > initialize UserGroup source/sink. Will retry after 60000 milliseconds. > Error details: > java.lang.RuntimeException: Unable to create SSLConext for communication > to policy manager > at > org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getClient(PolicyMgrUserGroupBuilder.java:729) > at > org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildGroupList(PolicyMgrUserGroupBuilder.java:335) > at > org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:156) > at > org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:152) > at > org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:51) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.io.IOException: Keystore was tampered with, or password > was incorrect > at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) > at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) > at java.security.KeyStore.load(KeyStore.java:1214) > at > org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getClient(PolicyMgrUserGroupBuilder.java:706) > ... 5 more > Caused by: java.security.UnrecoverableKeyException: Password verification > failed > at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) > ... 8 more > ### > > The error is clear enough, there is a problem with a password, but which > one ? > > I set up a password PWD1 for the keystore of ranger admin. > I used the same password PWD1 for the alias rangeradmin in the keystore of > range admin. > > I set up a different password PWD2 for the keystore of usersync. > I set up a different password PWD3 for the trustore of usersync. > I set up a specific password PWD4 for ranger local admin. > And I set up a different password for the Ranger Admin username for > Ambari > > Do you know which password is concerned by this error message please ? > > BR. > > Lune. >
