Hello ! I send you this mail, because on one of my cluster, I installed ranger and activated the ssl. I checked the logs in ranger usersync and I saw the following error : ### (...) 08 Jul 2016 17:58:24 INFO UnixAuthenticationService [main] - Starting User Sync Service! 08 Jul 2016 17:58:24 INFO UnixAuthenticationService [main] - Enabling Unix Auth Service! 08 Jul 2016 17:58:24 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder created 08 Jul 2016 17:58:24 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex 08 Jul 2016 17:58:24 INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex 08 Jul 2016 17:58:24 INFO UserGroupSyncConfig [UnixUserSyncThread] - Sleep Time Between Cycle can not be lower than [3600000] millisec. resetting to min value. 08 Jul 2016 17:58:24 INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.ldapusersync.process.PolicyMgrUserGroupBuilder 08 Jul 2016 17:58:24 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: java.lang.RuntimeException: Unable to create SSLConext for communication to policy manager at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getClient(PolicyMgrUserGroupBuilder.java:742)
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildGroupList(PolicyMgrUserGroupBuilder.java:335) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:156) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:152) at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:51) at java.lang.Thread.run(Thread.java:745) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.getClient(PolicyMgrUserGroupBuilder.java:696) ... 5 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 8 more 08 Jul 2016 17:58:24 DEBUG UserGroupSync [UnixUserSyncThread] - Sleeping for [3600000] milliSeconds (...) ### I followed the procedure to allow ranger usersync and ranger admin to communicate through SSL. The passwords are OK in the xml files (the passwords appear in clear in the configuration files !!). But each time I start usersync, it keeps raising this error. I don't know what to do, because the keystores and their passwords are good. I tried 5 times and I was reaaally careful with these passwords. Any help please ? By seeing this error, may you tell me exactly which store is concerned here ? BR. Lune
