Support Questions

shashi_vish123 · ‎05-05-2016

I am using HDP sandbox with Ranger KMS installed as KMS Server. I fired below command on sandbox.

hadoop key create testKey

I got below exception as a result.

testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:root not allowed to do 'CREATE_KEY' on 'testKey'

I am not able to create key for creating encryption zone. Do I need specific user for doing this.

Any pointer on this?

Note : I have kerberos enabled cluster.

shashi_vish123 · ‎05-06-2016

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

View solution in original post

ravi1 · ‎05-05-2016

Take a look at KMS documentation

If you are sandbox, login to ranger as keyadmin/keyadmin, select sandbox_kms and add a key from there.

shashi_vish123 · ‎05-06-2016

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

Cloudera Community

Support Questions

HDFS Encryption Error | root not allowed to do 'CREATE_KEY'

Encryption mechanism in NiFi 2.0

Using Transparent Data Encryption in HDFS (Non-Ke...

HDFS encryption confusion

HDFS Encrypted zone intra-cluster transfer automat...

HDFS DN is writing into root-vg after disk failure

Logical Disk Encryption - Data at Rest Encryption

Unable to put files in HDFS Encrypted Zone

HDFS KMS encryption on the existing hdfs directory

org.apache.hadoop.security.authorize.Authorization...

SmartSense cannot create encrypted bundles when am...