Support Questions
Find answers, ask questions, and share your expertise

Error creating Ranger repository after kerberos integration


having an error after enabling kerberos on HDF stack. Enabled kafka ranger plugin and restarted kafka. getting messages below

when I check the path, it looks like the client kerberos cc file is created with kafka:hadoop permissions & I can use klist to check that it appears valid. It looks like this is an issue with the Ranger UI site not accepting the kerberos TGT

2018-04-02 08:55:36,133 - Repository creation failed 2018-04-02 08:56:06,160 - checked_call['/usr/bin/kinit -c /var/lib/ambari-agent/tmp/curl_krb_cache/ranger_admin_calls_kafka_cc_12337536370f7a202550f5ffcbb478eb -kt /etc/security/keytabs/kafka.service.keytab kafka/ > /dev/null'] {'user': 'kafka'} 2018-04-02 08:56:06,254 - checked_call returned (0, '') 2018-04-02 08:56:06,255 - call[' su kafka -l -s /bin/bash -c 'curl --location-trusted -k --negotiate -u : -b /var/lib/ambari-agent/tmp/cookies/e3590509-62a8-4d79-8e34-e63d4e8dd705 -c /var/lib/ambari-agent/tmp/cookies/e3590509-62a8-4d79-8e34-e63d4e8dd705 '"'"''"'"' --connect-timeout 10 --max-time 12 -X GET 1>/tmp/tmpKpySPR 2>/tmp/tmpCu42_h''] {'quiet': False, 'env': {'KRB5CCNAME': '/var/lib/ambari-agent/tmp/curl_krb_cache/ranger_admin_calls_kafka_cc_12337536370f7a202550f5ffcbb478eb'}} 2018-04-02 08:56:06,350 - call returned (0, '') 2018-04-02 08:56:06,351 - call['/usr/bin/klist -s /var/lib/ambari-agent/tmp/curl_krb_cache/ranger_admin_calls_kafka_cc_12337536370f7a202550f5ffcbb478eb'] {'user': 'kafka'} 2018-04-02 08:56:06,427 - call returned (0, '') 2018-04-02 08:56:06,429 - call[' su kafka -l -s /bin/bash -c 'curl --location-trusted -k --negotiate -u : -b /var/lib/ambari-agent/tmp/cookies/03e5f985-e8d9-4137-b64a-35ad4ad2e90b -c /var/lib/ambari-agent/tmp/cookies/03e5f985-e8d9-4137-b64a-35ad4ad2e90b --connect-timeout 10 --max-time 12 -H '"'"'Content-Type: application/json'"'"' -X POST -d '"'"'{"assetType": "1", "name": "test_kafka", "repositoryType": "kafka", "configs": {"username": "admin", "": "kafka", "ambari.service.check.user": "ambari-qa", "": "kafka", "zookeeper.connect": ",,", "password": "x7KsV487fs8aQdN7", "commonNameForCertificate": ""}, "type": "kafka", "isEnabled": "true", "description": "kafka repo"}'"'"' 1>/tmp/tmpSUfkfC 2>/tmp/tmpwMO3Z6''] {'quiet': False, 'env': {'KRB5CCNAME': '/var/lib/ambari-agent/tmp/curl_krb_cache/ranger_admin_calls_kafka_cc_12337536370f7a202550f5ffcbb478eb'}} 2018-04-02 08:56:06,517 - call returned (0, '') 2018-04-02 08:56:06,518 - Repository creation failed


Can you check if there are any errors in ranger admin logs? That should give clue on why repository creation failed.


I don't see any errors in /var/log/ranger/admin/xa_portal.log when I restart kafka & recreate the error. Am I looking in the wrong spot? I've tried setting it from info to debug per and still don't see anything logged here when I recreate the problem

; ;