Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Getting "404 Not Found" after restarting Ranger Usersync (Kerberized)

Highlighted

Getting "404 Not Found" after restarting Ranger Usersync (Kerberized)

New Contributor

Hi,

We have kerberized our cluster and also integrated with LDAP account.

When we restart the "Ranger Usersync", below error is observed and the sync is failing.

18 Dec 2018 12:17:23 INFO LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Using principal = rangerusersync/stg-agent001-stg-cloud009.XXXXX.nm2@XXXXXX.COM and keytab = /etc/security/keytabs/rangerusersync.service.keytab 18 Dec 2018 12:17:24 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to build Group List : com.sun.jersey.api.client.UniformInterfaceException: POST http://stg-agent001-stg-cloud009.xxxxxxx.nm2:6080/service/xusers/groups/ returned a response status of 404 Not Found

and

18 Dec 2018 12:17:24 INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0 18 Dec 2018 12:17:24 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add User : com.sun.jersey.api.client.UniformInterfaceException: POST http://stg-agent001-stg-cloud009.xxxxxxx.nm2:6080/service/xusers/ugsync/auditinfo/ returned a response status of 404 Not Found


Full logs:

18 Dec 2018 12:17:23  INFO LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Using principal = rangerusersync/stg-agent001-stg-cloud009.XXXXXX.nm2@XXXXXX.COM and keytab = /etc/security/keytabs/rangerusersync.service.keytab
18 Dec 2018 12:17:24 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to build Group List :
com.sun.jersey.api.client.UniformInterfaceException: POST http://stg-agent001-stg-cloud009.XXXXXX.nm2:6080/service/xusers/groups/ returned a response status of 404 Not Found
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:688)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getAddedGroupInfo(LdapPolicyMgrUserGroupBuilder.java:252)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$000(LdapPolicyMgrUserGroupBuilder.java:68)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$1.run(LdapPolicyMgrUserGroupBuilder.java:206)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$1.run(LdapPolicyMgrUserGroupBuilder.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addGroupInfo(LdapPolicyMgrUserGroupBuilder.java:202)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateGroup(LdapPolicyMgrUserGroupBuilder.java:180)
at org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getGroups(LdapDeltaUserGroupBuilder.java:722)
at org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:343)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
at java.lang.Thread.run(Thread.java:745)
18 Dec 2018 12:17:24 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add addorUpdate group info
18 Dec 2018 12:17:24 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() failed with exception: java.lang.Exception: Failed to add addorUpdate group info
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getGroups() group count: 1
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - User search is enabled and hence computing user membership.
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - extendedUserSearchFilter = (&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101120000Z)))
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181208171657Zand currentDeltaSyncTime = 1544289417000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: admin
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181113102826Zand currentDeltaSyncTime = 1542104906000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: hadoopadmin
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181207085230Zand currentDeltaSyncTime = 1544172750000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: ambari-server-ldap
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181207085230Zand currentDeltaSyncTime = 1544172750000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: hdfs-ldap
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181207085230Zand currentDeltaSyncTime = 1544172750000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: ambari-qa-ldap
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181217183001Zand currentDeltaSyncTime = 1545071401000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: shesh.kumar
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181121070529Zand currentDeltaSyncTime = 1542783929000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: csantana
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181127123558Zand currentDeltaSyncTime = 1543278958000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: saurabh.deshpande
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181127124814Zand currentDeltaSyncTime = 1543279694000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: achanta.vamsi
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181207085231Zand currentDeltaSyncTime = 1544172751000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: yarn-ats-ldap
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181128112251Zand currentDeltaSyncTime = 1543404171000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: krishnanvr
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - timeStampVal = 20181218110959Zand currentDeltaSyncTime = 1545131399000
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - Updating user count: 0, userName: rangerusersync
18 Dec 2018 12:17:24  INFO LdapDeltaUserGroupBuilder [UnixUserSyncThread] - LdapDeltaUserGroupBuilder.getUsers() completed with user count: 0
18 Dec 2018 12:17:24 ERROR LdapPolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add User :
com.sun.jersey.api.client.UniformInterfaceException: POST http://stg-agent001-stg-cloud009.XXXXXX.nm2:6080/service/xusers/ugsync/auditinfo/ returned a response status of 404 Not Found
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:688)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.getUserGroupAuditInfo(LdapPolicyMgrUserGroupBuilder.java:522)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.access$300(LdapPolicyMgrUserGroupBuilder.java:68)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$4.run(LdapPolicyMgrUserGroupBuilder.java:495)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$4.run(LdapPolicyMgrUserGroupBuilder.java:491)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addUserGroupAuditInfo(LdapPolicyMgrUserGroupBuilder.java:491)
at org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.postUserGroupAuditInfo(LdapPolicyMgrUserGroupBuilder.java:474)
at org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.updateSink(LdapDeltaUserGroupBuilder.java:358)
at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
at java.lang.Thread.run(Thread.java:745)
18 Dec 2018 12:17:24  INFO UserGroupSync [UnixUserSyncThread] - End: initial load of user/group from source==>sink
18 Dec 2018 12:17:24  INFO UserGroupSync [UnixUserSyncThread] - Done initializing user/group source and sink

I followed this link (Option 2) to add LDAP's crt file. Also Ranger is not SSL/TLS enabled service in my cluster (not even Ambari server in SSL enabled)

Any idea why I'm hitting "404" error ??? Please provide any technical assistance. It will be highly appreciated.

HDP Version: HDP-3.0.1.0

Thanks,

Shesh Kumar