As he's the superdamin user, he should be able to do so, right ? If not, how can I test this ?
Loïc CHANEL System Big Data engineer MS&T - WASABI - Worldline (Villeurbanne, France) 2016-09-16 16:20 GMT+02:00 Velmurugan Periasamy <vperias...@hortonworks.com> : > Loïc: > > Can you make sure hdfs user has permissions for key operations > (especially GENERATE_EEK and GET_METADATA) and try again? > > Thank you, > Vel > > From: Loïc Chanel <loic.cha...@telecomnancy.net> > Reply-To: "user@ranger.incubator.apache.org" < > user@ranger.incubator.apache.org> > Date: Friday, September 16, 2016 at 8:53 AM > To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org> > Subject: Re: Exception while creating encryption zone > > Hi all, > > Using TCPDUMP, I investigated a little bit more, and I found that there > isn't any call from the host I make my "hdfs crypto -createZone -keyName > test_lchanel -path /user/lchanel" to the port 9292 of the host where > Ranger KMS is located. > So it seems it is a configuration or runtime problem. > > Does anyone have an idea about where to investigate next ? > > Thanks, > > > Loïc > > Loïc CHANEL > System Big Data engineer > MS&T - WASABI - Worldline (Villeurbanne, France) > > 2016-09-13 11:20 GMT+02:00 Loïc Chanel <loic.cha...@telecomnancy.net>: > >> Hi all, >> >> As I was trying to test Ranger KMS, I encountered some troubles. >> I created a AES-128 key with ranger KMS named test_lchanel, and as I >> wanted to use it to encrypt my home repository using : hdfs crypto >> -createZone -keyName test_lchanel -path /user/lchanel, I got the following >> exception : >> >> 16/09/13 11:11:26 WARN retry.RetryInvocationHandler: Exception while >> invoking ClientNamenodeProtocolTranslatorPB.createEncryptionZone over >> null. Not retrying because try once and fail. >> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop. >> security.authorize.AuthorizationException): >> at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1552) >> at org.apache.hadoop.ipc.Client.call(Client.java:1496) >> at org.apache.hadoop.ipc.Client.call(Client.java:1396) >> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke( >> ProtobufRpcEngine.java:233) >> at com.sun.proxy.$Proxy10.createEncryptionZone(Unknown Source) >> at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTran >> slatorPB.createEncryptionZone(ClientNamenodeProtocolTranslat >> orPB.java:1426) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce >> ssorImpl.java:62) >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe >> thodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:497) >> at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMeth >> od(RetryInvocationHandler.java:278) >> at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(Ret >> ryInvocationHandler.java:194) >> at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(Ret >> ryInvocationHandler.java:176) >> at com.sun.proxy.$Proxy11.createEncryptionZone(Unknown Source) >> at org.apache.hadoop.hdfs.DFSClient.createEncryptionZone(DFSCli >> ent.java:3337) >> at org.apache.hadoop.hdfs.DistributedFileSystem.createEncryptio >> nZone(DistributedFileSystem.java:2233) >> at org.apache.hadoop.hdfs.client.HdfsAdmin.createEncryptionZone >> (HdfsAdmin.java:307) >> at org.apache.hadoop.hdfs.tools.CryptoAdmin$CreateZoneCommand.r >> un(CryptoAdmin.java:142) >> at org.apache.hadoop.hdfs.tools.CryptoAdmin.run(CryptoAdmin.jav >> a:73) >> at org.apache.hadoop.hdfs.tools.CryptoAdmin.main(CryptoAdmin.ja >> va:82) >> RemoteException: >> >> As I know CPU must support AES to use such things, I checked on each >> server's ILO admin interface and it seems my CPU support AES-128. In >> addition, hadoop checknative returns a correct result : >> >> 16/09/13 11:16:48 INFO bzip2.Bzip2Factory: Successfully loaded & >> initialized native-bzip2 library system-native >> 16/09/13 11:16:48 INFO zlib.ZlibFactory: Successfully loaded & >> initialized native-zlib library >> Native library checking: >> hadoop: true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libhadoop.so.1.0.0 >> zlib: true /lib64/libz.so.1 >> snappy: true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libsnappy.so.1 >> lz4: true revision:99 >> bzip2: true /lib64/libbz2.so.1 >> openssl: true /usr/lib64/libcrypto.so >> >> Does someone see where my problem might come from ? >> >> Thanks, >> >> >> Loïc >> >> Loïc CHANEL >> System Big Data engineer >> MS&T - WASABI - Worldline (Villeurbanne, France) >> > >
