Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Knox not downloading Ranger polices

Labels:
avatar
author-rank Hadoop16
Contributor

Created ‎05-08-2024 10:37 PM

I'm able to list Knox topologies in Ranger and created Ranger policy for webhdfs. Ran the script ranger-knox-plugin.sh and created ranger-security, audits and policymgr-ssl xmls.
Configured one topology for webhdfs in knox and added below
<provider>
<role>authorization</role>
<name>XASecurePDPKnox</name>
<enabled>true</enabled>
</provider>

When I run curl to webhdfs I'm getting 403 error and I could see in Ranger audits access is denied by ranger-acl.

I could nail it down to policy not getting downloaded from Ranger but don't see any error in Knox gateway.log even after setting the logging to debug.

Knox is enabled with self-signed and ranger with no ssl. I imported knox cert to Ranger cacert.

Am I missing any steps in Knox configuration that could be preventing the policy download?

Any help is appreciated!

127 Views
0 Kudos
1 REPLY 1

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎05-09-2024 12:11 AM

Hello @Hadoop16  Can you try adding public group to the ranger knox policy and then run webhdfs curl command

116 Views
0 Kudos
webinar banner
Announcements
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
Community Announcements
May 2024 Community Highlights
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
What's New @ Cloudera
Cloudera Operational Database (COD) has updated the instanc...
What's New @ Cloudera
Cloudera Operational Database (COD) supports configuring roo...
View More Announcements
meetups banner