Support Questions
Find answers, ask questions, and share your expertise

Re: Does Ranger 0.5 work without Solr?

hi @Sagar Shimpi I checked "Audit" -> "Plugins" and there I have "Test1_hdfs" as service name ("Test1_hdfs" is my repository name) with "Http Response Code" 200. The "Plugin Id" is "kms@ranger-Test1_hdfs" which I am not sure whether it is correct or not.

Secondly, I also get a message "Connected Successfully" when I try to do "Test Connection".

Attaching the /var/log/ranger/admin/xa_portal.log logs, xa-portal.txt

Also, I can see the logs in /var/log/hadoop/hdfs location in the namenode which means logs are getting stored but not available in the UI.

Thanks again for your reply.

Re: Does Ranger 0.5 work without Solr?

@Pooja Kamle There is some issue with then plugin id it seems. Not sure if thats the right info its displaying. OK, pls follow below steps to debug -

  1. Make sure you json file here - /etc/ranger/Test1_hdfs/policycache/
  2. Is there kerberos enabled on cluster?
  3. Are the HDFS policies working ?
  4. is it possible to delete repository from Ranger UI -> disable plugin from HDFS service->Restart HDFS service and re-enable the plugin ?
  5. If Not, Please enable the the debug mode in ranger. Please follow below steps to enable debug and then try accessing audit by creating / deleting HDFS policies and upload latest xa-portal.log.

Edit "/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/log4j.xml"

and replace "info" to "debug" for all search with the file and restart ranger.

Re: Does Ranger 0.5 work without Solr?

With Ranger 0.5 you have the possibility to store your audit log in HDFS, DB or Solr. Going forward we are moving away from DB Audit Logs and Solr will be the default/preferred destination for audit logs.

Since you have checked ranger.audit.source.type already, make sure you also enabled "Audit to DB" in your ranger-hdfs-audit configuration (Ambari->HDFS->Config).

Did you check the DB configuration in your ranger config, are the user,db and password correct?

Are policies syncing to the Namenodes of your cluster? (Check via Ranger->Audit->plugins or the Namenodes /etc/ranger/<repository name>/policycache)

Also check your Namenode log (/var/log/hadoop/hdfs/hadoop-hdfs-namenode....log) for errors regarding ranger.

Re: Does Ranger 0.5 work without Solr?

@Jonas Straub: Thanks for your reply. I have checked and "Audit to DB" is enabled. The username and password also seem to be correct. But, this path is empty -> etc/ranger/<repository name>/policycache. There is nothing in policycache. I can see the logs in /var/log/hadoop/hdfs location in the namenode which means logs are getting stored but not available in the UI. Its very odd because I have followed same procedure for HDP 2.2 and Ranger 0.4. And it is all fine. Any suggestions?

Re: Does Ranger 0.5 work without Solr?

Rising Star
@Pooja Kamle

Yes - Ranger 0.5.0 works with either Solr or DB. Following the answers provide by @Sagar Shimpi and @Jonas Straub, here are a few other things that you should check.

First, determine if the issue is at the DB or WebUI level by checking the database directly (to see if audits are actually being captured):

  1. Query the Ranger Audit table to verify data exists (assuming MySQL as DB):
$ mysql -u root 
use ranger_audit;
SELECT * FROM xa_access_audit LIMIT 10;

If you don't see any recent audit data in the table above:

  1. Double check your DB connection configs via Ambari Ranger tab
  2. If this is a multi-node cluster, ensure that your DB connection isn't defined with 'localhost' as hostname - this is a common mistake because the 'Test Connection' will still pass if Ranger is local, but audits will fail to be captured from other nodes.
  3. Ensure that you restarted all relevant master services (namenode, HiveServer2, HBase master etc) - If you enabled audit via the Ranger tab it's possible that Ambari won't warn you that these services need to be restarted for audit capture to take effect.

If you can see recent audit data in the table above and just not in the Ranger WebUI:

  1. Ensure ranger.audit.source.type = db
  2. Try removing the filter in the Ranger WebUI so all audit data is searched

Let me know how it goes

Re: Does Ranger 0.5 work without Solr?

Hi, @Laurence Da Luz Thanks for your reply.

1. I checked the database as you told and found out that no logs are stored in the "ranger_audit" table because when I query "SELECT * FROM xa_access_audit LIMIT 10" I get output as "Empty set (0.00 sec)"

2. I also checked the db connection and it is defined with hostname and not with "localhost". So, I don't think this is an issue.

3. I also checked the namenode logs in /var/log/hadoop/hdfs location and found out that logs are getting generated as I can see logs in "hdfs-audit.log" file.

4. In the Ranger UI, I cannot see any plugins under Audit->Plugins tab. It says "No plugin found!".

I am attaching 'hadoop-hdfs-namenode-master.log' and 'xa_portal.log' files for your reference.

Also, there is a log file in /var/log/ranger/admin location called 'xa_portal_sql.log'. There I see some NullPointer Exception. Attaching that file also.

Please provide your valuable suggestions if you find what exactly the issue is.