Created 04-25-2022 12:39 AM
I set up a Haproxy service:
listen ranger_admin
bind 0.0.0.0:6080
mode tcp
server ranger_node1:6080
server ranger_node2:6080
Then I refer to the document,
from 32 steps to the end.
I found the Ranger authorization invalid.
Namenode log error:
WARN client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(182)) - Error getting policies. secureMode=true, user=nn/node1@TEST.COM (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=Captain_hadoop
WARN client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServiceTagsIfUpdated(365)) - Error getting tags. secureMode=true, user=nn/node1@TEST.COM (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=Captain_hadoop
Ranger admin access log error:
"GET /service/plugins/secure/policies/download/Captain_hadoop?lastKnownVersion=8&lastActivationTime=1650799134085&pluginId=hdfs@node1-Captain_hadoop&clusterName=Captain&supportsPolicyDeltas=false HTTP/1.1" 401 - "-" "Java/1.8.0_202"
May I ask how to solve this situation,Is there any kind person who can help? Thank you very much!
Created on 12-12-2022 02:00 AM - edited 12-12-2022 02:01 AM
Thank you! After seeing your help, I checked this document and then solved the problem, thanks again.
Created 08-11-2022 07:18 AM
Hello Ken, from the snippet it seems the plugin is trying to download policies but fails with 401 response.
Can you please make sure we have the HTTP Principal of each of the Ranger Admin and load-balancer nodes to the Spnego keytab file and also check if we have the correct keytab and principal values in Ranger configs?
Created on 12-12-2022 02:00 AM - edited 12-12-2022 02:01 AM
Thank you! After seeing your help, I checked this document and then solved the problem, thanks again.
Created 12-12-2022 09:14 PM
@ken_zz, Thank you for your participation in Cloudera Community. I'm happy to see you resolved your issue. Please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.
Regards,
Vidya Sargur,