Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Does it need to ues Kerberos when install Ranger-storm plugin?

Labels:
avatar
author-rank 409556965
Explorer

Created ‎10-06-2016 09:16 AM

Hi ALL:

We have successfully installed Storm Plugin for apache ranger, and we are also able to create policies within ranger, the problem is that when we click the Connection Test button after add a storm service,we got a error about Kerberos.The error report is that:

org.apache.ranger.plugin.client.HadoopException: executeUnderKerberos: Login failure using given configuration parameters, username : `admin`..

executeUnderKerberos: Login failure using given configuration parameters, username : `admin`.. kerberos.example.com: Name or service not known.

Hadoop Version:2.7.2

Ranger Version: 0.62

Storm Version:1.0.0

Any ideas or help in this regard will be appreciated.

Thanks in advance.

Regards,

Benny

3,382 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank mvaradkar author-rank
Contributor

Created ‎10-06-2016 10:02 AM

To enable ranger-storm-plugin need to have kerberos environment. Refer: Enabling Storm Plugin

Also link /etc/hadoop/conf/core-site.xml under /etc/storm/conf

View solution in original post

3,032 Views
7 REPLIES 7

avatar
author-rank 409556965
Explorer

Created ‎10-06-2016 09:20 AM

we can see the plugin on Ranger admin in Audit >plugins tab

3,032 Views
0 Kudos

avatar
author-rank mvaradkar author-rank
Contributor

Created ‎10-06-2016 10:02 AM

To enable ranger-storm-plugin need to have kerberos environment. Refer: Enabling Storm Plugin

Also link /etc/hadoop/conf/core-site.xml under /etc/storm/conf

3,033 Views

avatar
author-rank 409556965
Explorer

Created ‎10-06-2016 01:34 PM

@mvaradkar Thank you very much for you reply.we will follow you advice,and holp it will helps to solve the problem.thank you again.

3,032 Views
0 Kudos

avatar
author-rank sshimpi
Super Guru

Created ‎10-06-2016 11:01 AM

@hu bai Pls follow steps as per given on - https://github.com/abajwa-hw/security-workshops/blob/master/Setup-ranger-23.md#setup-storm-plugin-fo...

3,032 Views

avatar
author-rank 409556965
Explorer

Created ‎10-06-2016 01:23 PM

@Sagar Shimpi Thank you very much for you reply.Because I am a student ,I should study apache ranger wihtout Ambari. It also help for my work and thank you again for you reply.

3,032 Views
0 Kudos

avatar
author-rank emaxwell author-rank
Guru

Created ‎10-08-2016 03:30 AM

@hu bai

Contrary to popular belief, it is not necessary to enable Kerberos to use the Ranger plugin. Kerberos is for authentication, while Ranger does authorization. You can use other authentication techniques to identify the user, if you choose. Kerberos is a very secure and reliable way of authenticating a user, and that is why is is frequently used. However, you can use Unix auth or LDAP authentication in your cluster to identify the user. The username which submits the Storm topology is the one used for authorization with Ranger. Ranger will then use its policy information to determine what the user is allowed to do.

3,032 Views

avatar
author-rank aervits
Master Mentor

Created ‎11-04-2016 05:18 PM

@emaxwell just heard from engineering, in case of Storm, kerberos is required for Ranger authorization.

3,032 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements