Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Ranger HDFS Policy not Syncing - No Trusted Cert Found

Labels:
avatar
author-rank nicholas_pilegg
Visitor

Created ‎01-30-2017 04:43 PM

Hello,

After rolling out SSL to the Ranger Admin Page, I noticed my policy changes weren't syncing with the name nodes. I found I needed to setup the plugin for SSL. I followed these procedures (https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ch04s19s02s04s01.html) and had nothing. After looking at the namenode logs I see the error message saying:

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)

I am not quite sure where else to look.

Nick

3,152 Views
1 ACCEPTED SOLUTION

avatar
author-rank apappu author-rank
Guru

Created ‎01-30-2017 05:38 PM

@Nick Pileggi

Yes, you will have to put the Ranger Cert into HDFS truststore,. also by default it enables 2 way SSL between Ranger admin and HDFS plug-in.

Some time back I have written article here with complete steps.

https://community.hortonworks.com/articles/68150/configuring-ranger-ranger-hdfs-plugin-for-ssl-with....

View solution in original post

2,826 Views
0 Kudos
3 REPLIES 3

avatar
author-rank apappu author-rank
Guru

Created ‎01-30-2017 05:38 PM

@Nick Pileggi

Yes, you will have to put the Ranger Cert into HDFS truststore,. also by default it enables 2 way SSL between Ranger admin and HDFS plug-in.

Some time back I have written article here with complete steps.

https://community.hortonworks.com/articles/68150/configuring-ranger-ranger-hdfs-plugin-for-ssl-with....

2,827 Views
0 Kudos

avatar
author-rank vperiasamy author-rank
Guru

Created ‎01-30-2017 06:19 PM

If you enable SSL on ranger, you need to update the truststore.

Please refer http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/configure_ambari_ranger_...

2,826 Views
0 Kudos

avatar
author-rank nicholas_pilegg
Visitor

Created ‎01-30-2017 06:25 PM

@apappu

That was the hint I needed. It appears I had a keystore set for my HDFS ranger truststore. So no matter what I did, I would be unable to fix it. Once I corrected that issue, I see my namenode pulling the policy. Glad it was something stupid.

Nick

2,826 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements