Hi all, Using TCPDUMP, I investigated a little bit more, and I found that there isn't any call from the host I make my "hdfs crypto -createZone -keyName test_lchanel -path /user/lchanel" to the port 9292 of the host where Ranger KMS is located. So it seems it is a configuration or runtime problem.
Does anyone have an idea about where to investigate next ? Thanks, Loïc Loïc CHANEL System Big Data engineer MS&T - WASABI - Worldline (Villeurbanne, France) 2016-09-13 11:20 GMT+02:00 Loïc Chanel <loic.cha...@telecomnancy.net>: > Hi all, > > As I was trying to test Ranger KMS, I encountered some troubles. > I created a AES-128 key with ranger KMS named test_lchanel, and as I > wanted to use it to encrypt my home repository using : hdfs crypto > -createZone -keyName test_lchanel -path /user/lchanel, I got the following > exception : > > 16/09/13 11:11:26 WARN retry.RetryInvocationHandler: Exception while > invoking ClientNamenodeProtocolTranslatorPB.createEncryptionZone over > null. Not retrying because try once and fail. > org.apache.hadoop.ipc.RemoteException(org.apache. > hadoop.security.authorize.AuthorizationException): > at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1552) > at org.apache.hadoop.ipc.Client.call(Client.java:1496) > at org.apache.hadoop.ipc.Client.call(Client.java:1396) > at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker. > invoke(ProtobufRpcEngine.java:233) > at com.sun.proxy.$Proxy10.createEncryptionZone(Unknown Source) > at org.apache.hadoop.hdfs.protocolPB. > ClientNamenodeProtocolTranslatorPB.createEncryptionZone( > ClientNamenodeProtocolTranslatorPB.java:1426) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:497) > at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod( > RetryInvocationHandler.java:278) > at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke( > RetryInvocationHandler.java:194) > at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke( > RetryInvocationHandler.java:176) > at com.sun.proxy.$Proxy11.createEncryptionZone(Unknown Source) > at org.apache.hadoop.hdfs.DFSClient.createEncryptionZone( > DFSClient.java:3337) > at org.apache.hadoop.hdfs.DistributedFileSystem. > createEncryptionZone(DistributedFileSystem.java:2233) > at org.apache.hadoop.hdfs.client.HdfsAdmin.createEncryptionZone( > HdfsAdmin.java:307) > at org.apache.hadoop.hdfs.tools.CryptoAdmin$CreateZoneCommand. > run(CryptoAdmin.java:142) > at org.apache.hadoop.hdfs.tools.CryptoAdmin.run(CryptoAdmin. > java:73) > at org.apache.hadoop.hdfs.tools.CryptoAdmin.main(CryptoAdmin. > java:82) > RemoteException: > > As I know CPU must support AES to use such things, I checked on each > server's ILO admin interface and it seems my CPU support AES-128. In > addition, hadoop checknative returns a correct result : > > 16/09/13 11:16:48 INFO bzip2.Bzip2Factory: Successfully loaded & > initialized native-bzip2 library system-native > 16/09/13 11:16:48 INFO zlib.ZlibFactory: Successfully loaded & initialized > native-zlib library > Native library checking: > hadoop: true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libhadoop.so.1.0.0 > zlib: true /lib64/libz.so.1 > snappy: true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libsnappy.so.1 > lz4: true revision:99 > bzip2: true /lib64/libbz2.so.1 > openssl: true /usr/lib64/libcrypto.so > > Does someone see where my problem might come from ? > > Thanks, > > > Loïc > > Loïc CHANEL > System Big Data engineer > MS&T - WASABI - Worldline (Villeurbanne, France) >
