Hi all,

Using TCPDUMP, I investigated a little bit more, and I found that there
isn't any call from the host I make my "hdfs crypto -createZone -keyName
test_lchanel -path /user/lchanel" to the port 9292 of the host where Ranger
KMS is located.
So it seems it is a configuration or runtime problem.

Does anyone have an idea about where to investigate next ?

Thanks,


Loïc

Loïc CHANEL
System Big Data engineer
MS&T - WASABI - Worldline (Villeurbanne, France)

2016-09-13 11:20 GMT+02:00 Loïc Chanel <loic.cha...@telecomnancy.net>:

> Hi all,
>
> As I was trying to test Ranger KMS, I encountered some troubles.
> I created a AES-128 key with ranger KMS named test_lchanel, and as I
> wanted to use it to encrypt my home repository using : hdfs crypto
> -createZone -keyName test_lchanel -path /user/lchanel, I got the following
> exception :
>
> 16/09/13 11:11:26 WARN retry.RetryInvocationHandler: Exception while
> invoking ClientNamenodeProtocolTranslatorPB.createEncryptionZone over
> null. Not retrying because try once and fail.
> org.apache.hadoop.ipc.RemoteException(org.apache.
> hadoop.security.authorize.AuthorizationException):
>         at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1552)
>         at org.apache.hadoop.ipc.Client.call(Client.java:1496)
>         at org.apache.hadoop.ipc.Client.call(Client.java:1396)
>         at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.
> invoke(ProtobufRpcEngine.java:233)
>         at com.sun.proxy.$Proxy10.createEncryptionZone(Unknown Source)
>         at org.apache.hadoop.hdfs.protocolPB.
> ClientNamenodeProtocolTranslatorPB.createEncryptionZone(
> ClientNamenodeProtocolTranslatorPB.java:1426)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:497)
>         at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(
> RetryInvocationHandler.java:278)
>         at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(
> RetryInvocationHandler.java:194)
>         at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(
> RetryInvocationHandler.java:176)
>         at com.sun.proxy.$Proxy11.createEncryptionZone(Unknown Source)
>         at org.apache.hadoop.hdfs.DFSClient.createEncryptionZone(
> DFSClient.java:3337)
>         at org.apache.hadoop.hdfs.DistributedFileSystem.
> createEncryptionZone(DistributedFileSystem.java:2233)
>         at org.apache.hadoop.hdfs.client.HdfsAdmin.createEncryptionZone(
> HdfsAdmin.java:307)
>         at org.apache.hadoop.hdfs.tools.CryptoAdmin$CreateZoneCommand.
> run(CryptoAdmin.java:142)
>         at org.apache.hadoop.hdfs.tools.CryptoAdmin.run(CryptoAdmin.
> java:73)
>         at org.apache.hadoop.hdfs.tools.CryptoAdmin.main(CryptoAdmin.
> java:82)
> RemoteException:
>
> As I know CPU must support AES to use such things, I checked on each
> server's ILO admin interface and it seems my CPU support AES-128. In
> addition, hadoop checknative returns a correct result :
>
> 16/09/13 11:16:48 INFO bzip2.Bzip2Factory: Successfully loaded &
> initialized native-bzip2 library system-native
> 16/09/13 11:16:48 INFO zlib.ZlibFactory: Successfully loaded & initialized
> native-zlib library
> Native library checking:
> hadoop:  true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libhadoop.so.1.0.0
> zlib:    true /lib64/libz.so.1
> snappy:  true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libsnappy.so.1
> lz4:     true revision:99
> bzip2:   true /lib64/libbz2.so.1
> openssl: true /usr/lib64/libcrypto.so
>
> Does someone see where my problem might come from ?
>
> Thanks,
>
>
> Loïc
>
> Loïc CHANEL
> System Big Data engineer
> MS&T - WASABI - Worldline (Villeurbanne, France)
>

Reply via email to