Support Questions

shashi_vish123 · ‎05-05-2016

I am using HDP sandbox with Ranger KMS installed as KMS Server. I fired below command on sandbox.

hadoop key create testKey

I got below exception as a result.

testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:root not allowed to do 'CREATE_KEY' on 'testKey'

I am not able to create key for creating encryption zone. Do I need specific user for doing this.

Any pointer on this?

Note : I have kerberos enabled cluster.

shashi_vish123 · ‎05-06-2016

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

View solution in original post

ravi1 · ‎05-05-2016

Take a look at KMS documentation

If you are sandbox, login to ranger as keyadmin/keyadmin, select sandbox_kms and add a key from there.

shashi_vish123 · ‎05-06-2016

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

Cloudera Community

Support Questions

HDFS Encryption Error | root not allowed to do 'CREATE_KEY'

Using Transparent Data Encryption in HDFS (Non-Ke...

HDFS encryption confusion

HDFS Encrypted zone intra-cluster transfer automat...

HDFS DN is writing into root-vg after disk failure

Unable to put files in HDFS Encrypted Zone

HDFS KMS encryption on the existing hdfs directory

SmartSense cannot create encrypted bundles when am...

Max number of databases and tables allowed in Hive...

LogSearch - Roles allowed property

Authentication errors from Ambari view copying dat...