Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

After Enabling Ranger with SSL, YARN & HDFS are not sync

After Enabling Ranger with SSL, YARN & HDFS are not sync

New Contributor

I have configured SSL with Ranger. Now ranger is started perfectly, but my resource manager UI is not reachable..

Belo is the error from /var/log/hadoop-yarn/yarn/yarn-yarn-resourcemanager-master1.log

ERROR util.PolicyRefresher (PolicyRefresher.java:loadPolicyfromPolicyAdmin(288)) - PolicyRefresher(serviceName=Prod_yarn): failed to refresh policies. Will continue to use last known version of policies (24)

6 REPLIES 6
Highlighted

Re: After Enabling Ranger with SSL, YARN & HDFS are not sync

Contributor

Hi @Harish More ,

I see you have two issues here.

As, you mentioned RM UI is not reachable, is it just RM UI is not accessible? Can u access HDFS UI?
Do you see any exceptions in RM logs?

Regarding policy sync.
Once you enabled Ranger SSL, did you configured Ranger Plugin SSL for each components for which you have enabled plugin.
Like example for HDFS: Configuring the Ranger HDFS Plugin for SSL

Re: After Enabling Ranger with SSL, YARN & HDFS are not sync

New Contributor

hi @Pravin Bhagade

Even HDFS UI is not accessible.

When I am trying to configure ranger hdfs and yarn plugin, using the link you have provided.

after hitting below command

keytool -genkey -keyalg RSA -alias rangerHdfsAgent -keystore ranger-plugin-keystore.jks -storepass myKeyFilePassword -validity 360 -keysize 2048

the error is Alias rangerHdfsAgent name is not available.

Re: After Enabling Ranger with SSL, YARN & HDFS are not sync

Contributor

Which doc you followed to configure HDFS SSL?

Regarding other error, You should see something like below when you hit the cmd. I java used by the keytool cmd.

[root@alpha ~]# /usr/jdk64/jdk1.8.0_112/bin/keytool -genkey -keyalg RSA -alias rangerHdfsAgent -keystore ranger-plugin-keystore.jks -storepass myKeyFilePassword -validity 360 -keysize 2048
What is your first and last name?
  [Unknown]:  
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]: 

Re: After Enabling Ranger with SSL, YARN & HDFS are not sync

New Contributor

Actually I have certificate available so i used below command.

keytool -importkeystore -srckeystore certificate.p12 -destkeystore /etc/ranger/admin/conf/ranger-plugin-keystore.jks -deststoretype pkcs12 -alias rangerHdfsAgent

Then that error comes

Re: After Enabling Ranger with SSL, YARN & HDFS are not sync

Contributor

Please share the correct cmd to avoid confusion.

Please use below cmd:

keytool -v -importkeystore -srckeystore eneCert.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS

Earlier you were passing incorrect deststoretype and no need of -alias this cmd.

or try below.

keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

Re: After Enabling Ranger with SSL, YARN & HDFS are not sync

New Contributor

Thank you for the reply. I will try this