Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Is there a way to force Ranger user-sync to run manually?

Solved Go to solution

Is there a way to force Ranger user-sync to run manually?

...Well, short of restarting Ranger of course. I have ranger.usersync.sleeptimeinmillisbetweensynccycle=60000, but after adding a new user in LDAP, sometimes it appears in Ranger quickly, and sometimes not even after 15 minutes.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Is there a way to force Ranger user-sync to run manually?

@Predrag Minovic Do a

vi /etc/ranger/usersync/conf/ranger-ugsync-site.xml

What is in your ranger.usersync.source.impl.class property?

2596-screen-shot-2016-03-04-at-12952-am.png

Yes try in a chron job run for Unix:

java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder

OR for LDAP

java -Dlogdir=/var/log/ranger/usersync -cp  "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
7 REPLIES 7

Re: Is there a way to force Ranger user-sync to run manually?

Restarting is the only way

Re: Is there a way to force Ranger user-sync to run manually?

@Predrag Minovic Do a

vi /etc/ranger/usersync/conf/ranger-ugsync-site.xml

What is in your ranger.usersync.source.impl.class property?

2596-screen-shot-2016-03-04-at-12952-am.png

Yes try in a chron job run for Unix:

java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder

OR for LDAP

java -Dlogdir=/var/log/ranger/usersync -cp  "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder

Re: Is there a way to force Ranger user-sync to run manually?

This looks promising, I'll try it very soon.

Re: Is there a way to force Ranger user-sync to run manually?

New Contributor

@Ancil McBarnett

Trying to run this, but I'm getting ( Ranger 0.5.0.2.4 )

# java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.4.0.0-169.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder Exception in thread "main" java.lang.UnsupportedClassVersionError: org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder : Unsupported major.minor version 51.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:643) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:277) at java.net.URLClassLoader.access$000(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:212) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:323) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:268) Could not find the main class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder. Program will exit.

Re: Is there a way to force Ranger user-sync to run manually?

Expert Contributor

The correct class for LDAP/AD is

org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder

Re: Is there a way to force Ranger user-sync to run manually?

Contributor

Hi @Predrag Minovic,

You can set the interval of UserSync by ranger.usersync.sleeptimeinmillisbetweensynccycle, but there's a minimum value for each UserSync source.

Please check https://github.com/apache/incubator-ranger/blob/master/ugsync/src/main/java/org/apache/ranger/unixus...

and grep this code by "UGSYNC_SLEEP_TIME_IN_MILLIS_BETWEEN_CYCLE_LDAP_DEFAULT_VALUE".

In UNIX, 1 minute, but in LDAP, 1 hour.

I think this is the reason of "sometimes not even after 15 minutes."

Re: Is there a way to force Ranger user-sync to run manually?

Explorer

Hello,

I have the same problem, as they say spends a lot of time and does not synchronize with the AD, only way restarting the service. But I wanted to know if there was any way to do it manually and force the synchronize.

 

I found a way but I wanted to know if they have a less invasive way

 

https://sugan.fun/2018/08/06/quick-modify-jar-class/

 

Greetings