Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Is there a way to force Ranger user-sync to run manually?

Labels:
avatar
author-rank pminovic author-rank
Master Guru

Created ‎03-04-2016 06:04 AM

...Well, short of restarting Ranger of course. I have ranger.usersync.sleeptimeinmillisbetweensynccycle=60000, but after adding a new user in LDAP, sometimes it appears in Ranger quickly, and sometimes not even after 15 minutes.

14,792 Views
2 ACCEPTED SOLUTIONS

avatar
author-rank vperiasamy author-rank
Guru

Created ‎03-04-2016 06:13 AM

Restarting is the only way

View solution in original post

10,224 Views

avatar
author-rank amcbarnett
Guru

Created on ‎03-04-2016 06:38 AM - edited ‎08-19-2019 04:27 AM

@Predrag Minovic Do a 

vi /etc/ranger/usersync/conf/ranger-ugsync-site.xml

What is in your ranger.usersync.source.impl.class property?

2596-screen-shot-2016-03-04-at-12952-am.png

Yes try in a chron job run for Unix:

java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder

OR for LDAP

java -Dlogdir=/var/log/ranger/usersync -cp  "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder

View solution in original post

10,224 Views
8 REPLIES 8

avatar
author-rank vperiasamy author-rank
Guru

Created ‎03-04-2016 06:13 AM

Restarting is the only way

10,225 Views

avatar
author-rank amcbarnett
Guru

Created on ‎03-04-2016 06:38 AM - edited ‎08-19-2019 04:27 AM

@Predrag Minovic Do a 

vi /etc/ranger/usersync/conf/ranger-ugsync-site.xml

What is in your ranger.usersync.source.impl.class property?

2596-screen-shot-2016-03-04-at-12952-am.png

Yes try in a chron job run for Unix:

java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder

OR for LDAP

java -Dlogdir=/var/log/ranger/usersync -cp  "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
10,225 Views

avatar
author-rank pminovic author-rank
Master Guru

Created ‎03-04-2016 07:07 AM

This looks promising, I'll try it very soon.

10,224 Views

avatar
author-rank ladowny1
Explorer

Created ‎05-16-2016 04:45 PM

@Ancil McBarnett

Trying to run this, but I'm getting ( Ranger 0.5.0.2.4 )

# java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.4.0.0-169.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder Exception in thread "main" java.lang.UnsupportedClassVersionError: org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder : Unsupported major.minor version 51.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:643) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:277) at java.net.URLClassLoader.access$000(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:212) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:323) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:268) Could not find the main class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder. Program will exit.

10,224 Views
0 Kudos

avatar
author-rank frank93
Super Collaborator

Created ‎01-13-2017 08:22 AM

The correct class for LDAP/AD is

org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
10,224 Views
0 Kudos

avatar
author-rank toide author-rank
Contributor

Created ‎09-11-2018 02:21 AM

Hi @Predrag Minovic,

You can set the interval of UserSync by ranger.usersync.sleeptimeinmillisbetweensynccycle, but there's a minimum value for each UserSync source.

Please check https://github.com/apache/incubator-ranger/blob/master/ugsync/src/main/java/org/apache/ranger/unixus...

and grep this code by "UGSYNC_SLEEP_TIME_IN_MILLIS_BETWEEN_CYCLE_LDAP_DEFAULT_VALUE".

In UNIX, 1 minute, but in LDAP, 1 hour.

I think this is the reason of "sometimes not even after 15 minutes."

10,224 Views
0 Kudos

avatar
author-rank Peruvian81
Explorer

Created on ‎09-09-2019 01:58 AM - edited ‎09-09-2019 02:05 AM

Hello,

I have the same problem, as they say spends a lot of time and does not synchronize with the AD, only way restarting the service. But I wanted to know if there was any way to do it manually and force the synchronize.

 

I found a way but I wanted to know if they have a less invasive way

 

https://sugan.fun/2018/08/06/quick-modify-jar-class/

 

Greetings

10,118 Views
0 Kudos

avatar
fzsombor author-rank
Cloudera Employee

Created on ‎06-14-2021 08:13 AM - edited ‎06-14-2021 08:16 AM

A bit late to the party, but hope the following will help.

 

By calling the main functions of the classes, 

UnixUserGroupBuilder, PolicyMgrUserGroupBuilder or LdapUserGroupBuilder

is not going to work, since the main classes of these are only initializing the classes. In order to start the actual sync, the function updateSink needs to be called. During startup this is handled by the class

org.apache.ranger.usergroupsync.UserGroupSync

thus, calling its main function will trigger the syncing using the configuration that you set in your cluster.

 

A complete example for triggering the usersync manually could be:

java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-1.2.0.3.1.5.135-2.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.usergroupsync.UserGroupSync

for HDP and

java -Dlogdir=/var/log/ranger/usersync -cp "/opt/cloudera/parcels/CDH/lib/ranger-usersync/dist/unixusersync-2.1.7.1.7.0-460.jar:/opt/cloudera/parcels/CDH/lib/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.usergroupsync.UserGroupSync

for CDP.

6,757 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements