Created 10-17-2017 10:43 AM
Hi,
I am new to Hbase and Ambari. I am exploring options for user authentication in phoenix via Rangers services.Right now I am stuck with Ranger admin UI which is not opening even though the port 6080 is open.
Steps:
1. Created test ambari cluster, with one master, one zookeeper, one node.
2. Installed Ranger services through ambari UI
3. Set up mysql in master where Rangers services are installed
4. Created Ranger user and ranger database in mysql
Right now , trying to open the Ranger Admin UI from quick links which opens at `http://<masters-hostname>:6080` , but the page does not open (Have stopped the firewall to test if it works, but no luck) says "Site cant be reached, <hostname> is taking too long time to respond". I have checked logs in /var/log/ranger/admin/xa_portal.log . I dont see any error in logs, only below warn i can see.
WARN org.apache.hadoop.fs.ChecksumFileSystem$ChecksumFSInputChecker (ChecksumFileSystem.java:165) - Problem opening checksum file: file:/etc/ranger/admin/rangeradmin.jceks. Ignoring exception: java.io.FileNotFoundException: /etc/ranger/admin/.rangeradmin.jceks.crc (Permission denied)
Could anybody please help me on this issue.
Thanks
Created 10-17-2017 10:44 AM
You might be hitting this issue [1] https://issues.apache.org/jira/browse/RANGER-1073 , Please let us know which version of HDP/Ranger are you using?
Please check if the mentioned file exist and has the following permission (group as "hadoop"):
# ls -lart /etc/ranger/admin/.rangeradmin.jceks.crc -rw-r----- 1 knox hadoop 16 Apr 19 18:46 /etc/ranger/admin/.rangeradmin.jceks.crc
.
For Ranger SSL setup you might want to refer:
Created 10-17-2017 10:52 AM
@Jay SenSharma versions: HDP-2.5.3.0 and Ranger: 0.6.0
and for the permissions i got as below:
# ls -lart /etc/ranger/admin/.rangeradmin.jceks.crc -rw-r----- 1 root root 12 Oct 17 09:30 /etc/ranger/admin/.rangeradmin.jceks.cr
Created 10-17-2017 11:26 AM
Actually the mentioned lines from the "xa_portal.log" are WARNING messages (Not Error) and can be ignored. That should not cause the Ranger failure.
Do you see any additional error in your ranger logs?
.
Also can you please check if the port 6080 is opened on the host where Ranger is running?
# netstat -tnlpa | grep 608
.
And also please check if the Hostname (Ranger Admin Hostname) is resolving from the machine where you are trying to open the Ranger Admin UI and the port is accessible form the machine where the browser is opened? Following test is to isolate any Network/Firewall Issue.
# nc -v $RANGER_HOST 6080 (OR) # telnet $RANGER_HOST 6080
Created 10-18-2017 09:19 AM
@Jay SenSharma Hi Jay, I did not find any errors in the ranger logs. And netstat -tnlpa | grep 6080 did not return any output.
Also I tried do telnet from the machine where the browser is opened i,e my local, it says
# telnet $RANGER_HOST 6080 Connecting To 10.193.5.45...Could not open connection to the host, on port 6080: Connect failed
I actually, tried to ping from my local to those Linux VMs (Ambari, Host, Zookeeper, Node) it says Request timed out, even though all VMs are up and running. Is it related to my local system's firewall issue ?
Created 11-15-2017 08:23 AM
Apologies for late response on this thread.
As we see that the Ranger port 6080 is not opened yet so it may be either a firewall issue which is blocking the Port access (OR) it may be due to some Ranger issue that the port is not getting opened, In that case looking at the ranger logs will help.