Support Questions

Eduardohahn · ‎06-28-2021

Hi folks

We installed Streams Messaging Manager (SMM) on CDP 7.1.4, and when access de UI we received this error:

"An exception with message [Not authorized] was thrown while processing request."

We checked ranger privilegies, but we believe that some privilege is necessary.

thanks for help.

Eduardo

Eduardohahn · ‎07-09-2021

Hi @Bender

Correct, our cluster is not kerberized yet.

Is it possible connect SMM without kerberos?

thanks

Eduardo

View solution in original post

GangWar · ‎06-29-2021

@Eduardohahn I would suggest to check the and verify that "Authentication.provider.url" in configuration is accurate.

Then see if you this is accessible via Knox or without it. Based on that you can paste the logs here and get some help.

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Eduardohahn · ‎06-29-2021

Hi @GangWar

I dont see this "Authentication.provider.url" in SMM configuration screen.

Here the log when I try access SMM:

2021-06-29 14:26:48,694 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting Roles; service not found. secureMode=false, user=streamsmsgmgr (auth:SIMPLE), response=404, serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}, lastKnownRoleVersion=-1, lastActivationTimeInMillis=0
2021-06-29 14:26:48,694 ERROR org.apache.ranger.plugin.util.RangerRolesProvider: RangerRolesProvider(serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}): failed to find service. Will clean up local cache of roles (-1)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: {{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}
at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdated(RangerAdminRESTClient.java:273)
at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRolesFromAdmin(RangerRolesProvider.java:183)
at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRoles(RangerRolesProvider.java:123)
at org.apache.ranger.plugin.util.PolicyRefresher.loadRoles(PolicyRefresher.java:493)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:207)
2021-06-29 14:26:48,696 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=streamsmsgmgr (auth:SIMPLE), response=404, serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}, lastKnownVersion=-1, lastActivationTimeInMillis=0
2021-06-29 14:26:48,696 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}): failed to find service. Will clean up local cache of policies (-1)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: {{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}
at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:191)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:306)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:246)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:208)
2021-06-29 14:26:52,256 INFO com.hortonworks.smm.kafka.services.metric.cache.MetricsCache: TimePeriod : LAST_SIX_HOURS, BrokerId : 1546333277 fetched 5 descriptors with 723 metric points
2021-06-29 14:26:52,349 DEBUG com.hortonworks.smm.kafka.webservice.common.SMMGenericExceptionMapper: Exception translation: ex.class: class com.hortonworks.smm.kafka.services.security.AuthorizationException, ex: com.hortonworks.smm.kafka.services.security.AuthorizationException: Not authorized, stacktrace: com.hortonworks.smm.kafka.services.security.AuthorizationException: Not authorized
at com.hortonworks.smm.kafka.services.security.auth.SMMSecurityContextRequestFilter.filter(SMMSecurityContextRequestFilter.java:53)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68)
at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:318)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)

Thanks for your attention

Eduardo

Bender · ‎07-09-2021

Hello @Eduardohahn ,

based on the exception, SMM is configured to use Ranger for authorization, but SMM cannot communicate with Ranger (404 exception). Is your cluster kerberized already? Without kerberos, it is expected to fail.

The exception shows "auth:SIMPLE", which suggests to me that the cluster is not kerberized.

Kind regards:

Ferenc

Ferenc Erdelyi, Technical Solutions Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Eduardohahn · ‎07-09-2021

Hi @Bender

Correct, our cluster is not kerberized yet.

Is it possible connect SMM without kerberos?

thanks

Eduardo

Support Questions

ERROR "An exception with message [Not authorized] was thrown while processing request." on Streams Messaging Manager SMM on CDP