Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Cannot Create Key in Ranger KMS

Labels:
avatar
author-rank yjiang
Expert Contributor

Created ‎05-27-2016 08:44 AM

keyadmin user failed to create keys in Ranger KMS. Found the below in kms-audit.log:

2016-05-27 05:58:59,555 UNAUTHENTICATED RemoteHost:10.0.0.163 Method:POST URL:http://xxx:9292/kms/v1/keys?user.name=keyadmin ErrorMsg:'Authentication required'

This is a Kerberos enabled cluster. Following the install document, I have already created keyadmin principal in Kerberos and did the setting in Ranger KMS to use kerberos authentication. I was able to log in into Ranger KMS, but failed creating keys with above UNAUTHENTICATED error.

Although I have keyadmin user created on Ranger user sync node and configured Ranger usersync to use Unix sync, but I couldn't find keyadmin user in Ranger User tab. I am not sure if this relates to the KMS error.

Any idea to solve this?

Thanks,

3,535 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank yjiang
Expert Contributor

Created ‎05-28-2016 01:33 AM

I solved this issue by change username to keyadmin@REALM.COM from Ranger KMS repository config UI directly.

Configuring this in Ambari Ranger KMS UI and restarting Ranger and Ranger KMS services didn't apply to the actual KMS repository config property.

View solution in original post

3,063 Views
0 Kudos
6 REPLIES 6

avatar
author-rank rpathak author-rank
Guru

Created ‎05-27-2016 10:49 AM

Hi @yjiang

Can you try restarting all Ranger services.

Both Ranger KMS and Ranger Admin.

Also verify from Ranger KMS UI that you can see correct principal in Ranger KMS repository configuration.

It should be something like keyadmin@REALM.COM

Login using keyadmin user. Also share screenshots of your configuration.

3,063 Views
0 Kudos

avatar
author-rank yjiang
Expert Contributor

Created ‎05-27-2016 04:53 PM

Hi @Rahul Pathak

I tried restarting all Ranger services but it didn't change the status.

I attached my configuration.

kms-repo-conf.png

ranger-users.png

ranger-permission.png

3,063 Views
0 Kudos

avatar
author-rank yjiang
Expert Contributor

Created ‎05-28-2016 01:33 AM

I solved this issue by change username to keyadmin@REALM.COM from Ranger KMS repository config UI directly.

Configuring this in Ambari Ranger KMS UI and restarting Ranger and Ranger KMS services didn't apply to the actual KMS repository config property.

3,064 Views
0 Kudos

avatar
author-rank avijeetd
Super Collaborator

Created ‎08-18-2016 12:46 PM

@yjiang

Hi, I am having this issue, can you please describe where you changed the username. I have put it in the Ranger-kms / Config / Advanced-kms-properties as keyadmin@REALM.COM

But it is not working, and same error persists.

Thanks for your help.

Avijeet

3,063 Views
0 Kudos

avatar
author-rank vi1
Explorer

Created ‎01-25-2023 01:04 AM

Hey I am getting error while adding new key to ranger kms web UI..it is saying HTTP STATUS 401-UNAUTHORIZED

 

2,064 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎01-25-2023 02:19 AM

@vi1, as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
2,044 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements