Created 01-05-2016 08:58 PM
Below is the error I am getting: ( Its HDP2.3.2, Ambari2.1.2.1, Umask is set to 0027 and Ambari Server/Agent runs as non-root user)
stderr: /var/lib/ambari-agent/data/errors-1353.txt Traceback (most recent call last): File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py", line 124, in <module> RangerAdmin().execute() File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 216, in execute method(env) File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py", line 45, in install self.configure(env) File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py", line 103, in configure ranger('ranger_admin') File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py", line 40, in ranger setup_ranger_admin(rolling_upgrade=rolling_upgrade) File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py", line 129, in setup_ranger_admin do_keystore_setup(rolling_upgrade=rolling_upgrade) File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py", line 250, in do_keystore_setup sudo=True File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 154, in __init__ self.env.run() File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 152, in run self.run_action(resource, action) File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 118, in run_action provider_action() File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 260, in action_run tries=self.resource.tries, try_sleep=self.resource.try_sleep) File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 70, in inner result = function(command, **kwargs) File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 92, in checked_call tries=tries, try_sleep=try_sleep) File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 140, in _call_wrapper result = _call(command, **kwargs_copy) File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 291, in _call raise Fail(err_msg) resource_management.core.exceptions.Fail: Execution of '/usr/hdp/current/ranger-admin/ranger_credential_helper.py -l '/usr/hdp/current/ranger-admin/cred/lib/*' -f /etc/ranger/admin/rangeradmin.jceks -k rangeradmin -v 3TMhrVMym4t7Ufg2 -c 1' returned 1. sudo: unable to execute /usr/hdp/current/ranger-admin/ranger_credential_helper.py: Permission denied stdout: /var/lib/ambari-agent/data/output-1353.txt 2016-01-05 16:40:31,916 - Skipping creation of User and Group as host is sys prepped or ignore_groupsusers_create flag is on 2016-01-05 16:40:31,917 - Directory['/tmp/hbase-hbase'] {'owner': 'hbase_qa', 'recursive': True, 'mode': 0775, 'cd_access': 'a'} 2016-01-05 16:40:32,043 - Skipping setting uid for hbase user as host is sys prepped 2016-01-05 16:40:32,044 - Group['hdfs_qa'] {'ignore_failures': True} 2016-01-05 16:40:32,045 - User['hdfs_qa'] {'ignore_failures': True, 'groups': [u'hadoop_qa_grp', u'hdfs_qa']} 2016-01-05 16:40:32,046 - Modifying user hdfs_qa 2016-01-05 16:40:32,067 - Directory['/etc/hadoop'] {'mode': 0755} 2016-01-05 16:40:32,107 - Directory['/var/lib/ambari-agent/tmp/hadoop_java_io_tmpdir'] {'owner': 'hdfs_qa', 'group': 'hadoop_qa_grp', 'mode': 0777} 2016-01-05 16:40:32,172 - Repository['HDP-2.3'] {'base_url': 'http://public-repo-1.hortonworks.com/HDP/centos7/2.x/updates/2.3.2.0', 'action': ['create'], 'components': [u'HDP', 'main'], 'repo_template': '[{{repo_id}}]\nname={{repo_id}}\n{% if mirror_list %}mirrorlist={{mirror_list}}{% else %}baseurl={{base_url}}{% endif %}\n\npath=/\nenabled=1\ngpgcheck=0', 'repo_file_name': 'HDP', 'mirror_list': None} 2016-01-05 16:40:32,182 - File['/etc/yum.repos.d/HDP.repo'] {'content': InlineTemplate(...)} 2016-01-05 16:40:32,238 - Repository['HDP-UTILS-1.1.0.20'] {'base_url': 'http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/centos7', 'action': ['create'], 'components': [u'HDP-UTILS', 'main'], 'repo_template': '[{{repo_id}}]\nname={{repo_id}}\n{% if mirror_list %}mirrorlist={{mirror_list}}{% else %}baseurl={{base_url}}{% endif %}\n\npath=/\nenabled=1\ngpgcheck=0', 'repo_file_name': 'HDP-UTILS', 'mirror_list': None} 2016-01-05 16:40:32,243 - File['/etc/yum.repos.d/HDP-UTILS.repo'] {'content': InlineTemplate(...)} 2016-01-05 16:40:32,296 - Package['unzip'] {} 2016-01-05 16:40:32,478 - Skipping installation of existing package unzip 2016-01-05 16:40:32,479 - Package['curl'] {} 2016-01-05 16:40:32,920 - Skipping installation of existing package curl 2016-01-05 16:40:32,921 - Package['hdp-select'] {} 2016-01-05 16:40:33,212 - Skipping installation of existing package hdp-select 2016-01-05 16:40:33,418 - Package['ranger_2_3_*-admin'] {} 2016-01-05 16:40:33,669 - Skipping installation of existing package ranger_2_3_*-admin 2016-01-05 16:40:33,669 - Package['ranger_2_3_*-usersync'] {} 2016-01-05 16:40:33,714 - Skipping installation of existing package ranger_2_3_*-usersync 2016-01-05 16:40:33,718 - File['/var/lib/ambari-agent/tmp/postgresql.jar'] {'content': DownloadSource('https://hdpqamgmt0.hdpqa.test.com:8443/resources//postgres-jdbc-driver.jar'), 'mode': 0644} 2016-01-05 16:40:33,752 - Not downloading the file from <a href="https://hdpqamgmt0.hdpqa.test.com:8443/resources//postgres-jdbc-driver.jar,">https://hdpqamgmt0.hdpqa.test.com:8443/resou...</a> because /var/lib/ambari-agent/tmp/postgres-jdbc-driver.jar already exists 2016-01-05 16:40:33,837 - Directory['/usr/share/java'] {'recursive': True, 'mode': 0755, 'cd_access': 'a'} 2016-01-05 16:40:33,959 - Execute[('cp', '--remove-destination', '/var/lib/ambari-agent/tmp/postgresql.jar', '/usr/share/java/postgresql.jar')] {'path': ['/bin', '/usr/bin/'], 'sudo': True} 2016-01-05 16:40:33,973 - File['/usr/share/java/postgresql.jar'] {'mode': 0644} 2016-01-05 16:40:34,027 - Changing permission for /usr/share/java/postgresql.jar from 640 to 644 2016-01-05 16:40:34,040 - Execute[('cp', '--remove-destination', '/var/lib/ambari-agent/tmp/postgresql.jar', '/usr/hdp/current/ranger-admin/ews/lib')] {'path': ['/bin', '/usr/bin/'], 'sudo': True} 2016-01-05 16:40:34,055 - File['/usr/hdp/current/ranger-admin/ews/lib/postgresql.jar'] {'mode': 0644} 2016-01-05 16:40:34,107 - Changing permission for /usr/hdp/current/ranger-admin/ews/lib/postgresql.jar from 640 to 644 2016-01-05 16:40:34,120 - ModifyPropertiesFile['/usr/hdp/current/ranger-admin/install.properties'] {'owner': 'ranger_qa', 'properties': ...} 2016-01-05 16:40:34,150 - Modifying existing properties file: /usr/hdp/current/ranger-admin/install.properties 2016-01-05 16:40:34,165 - File['/usr/hdp/current/ranger-admin/install.properties'] {'owner': 'ranger_qa', 'content': ..., 'group': None, 'mode': None, 'encoding': 'utf-8'} 2016-01-05 16:40:34,223 - Writing File['/usr/hdp/current/ranger-admin/install.properties'] because contents don't match 2016-01-05 16:40:34,250 - Setting up Ranger DB and DB User 2016-01-05 16:40:34,251 - Execute['python /usr/hdp/current/ranger-admin/dba_script.py -q'] {'logoutput': True, 'environment': {'RANGER_ADMIN_HOME': '/usr/hdp/current/ranger-admin', 'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_40'}, 'user': 'ranger_qa'} 2016-01-05 16:40:34,554 [I] Running DBA setup script. QuiteMode:True 2016-01-05 16:40:34,554 [I] Using Java:/usr/jdk64/jdk1.8.0_40/bin/java 2016-01-05 16:40:34,554 [I] DB FLAVOR:POSTGRES 2016-01-05 16:40:34,554 [I] DB Host:hdpqadb0.hdpqa.test.com 2016-01-05 16:40:34,554 [I] ---------- Creating Ranger Admin db user ---------- 2016-01-05 16:40:34,910 [I] Verifying user ranger 2016-01-05 16:40:35,229 [I] Postgres user ranger already exists. 2016-01-05 16:40:35,229 [I] ---------- Creating Ranger Admin database ---------- 2016-01-05 16:40:35,229 [I] Verifying database ranger 2016-01-05 16:40:35,541 [I] Database ranger already exists. 2016-01-05 16:40:35,541 [I] ---------- Granting permission to Ranger Admin db user ---------- 2016-01-05 16:40:35,541 [I] Granting privileges TO user 'ranger' on db 'ranger' 2016-01-05 16:41:01,565 [I] Granting privileges TO user 'ranger' on db 'ranger' Done 2016-01-05 16:41:01,565 [I] ---------- Verifying/Creating audit user --------- 2016-01-05 16:41:01,566 [I] ---------- Setup audit user ---------- 2016-01-05 16:41:01,886 [I] Verifying user ranger 2016-01-05 16:41:02,226 [I] Postgres user ranger already exists. 2016-01-05 16:41:02,556 [I] Verifying user rangerlogger 2016-01-05 16:41:02,875 [I] Postgres user rangerlogger already exists. 2016-01-05 16:41:02,876 [I] Verifying database ranger_audit 2016-01-05 16:41:03,188 [I] Database ranger_audit already exists. 2016-01-05 16:41:03,188 [I] Granting privileges TO user 'ranger' on db 'ranger_audit' 2016-01-05 16:41:05,068 [I] Granting privileges TO user 'ranger' on db 'ranger_audit' Done 2016-01-05 16:41:05,068 [I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- 2016-01-05 16:41:05,231 - Execute['python /usr/hdp/current/ranger-admin/db_setup.py'] {'logoutput': True, 'environment': {'PATH': '/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/ambari_qa@hdpqa.test.com/.local/bin:/home/ambari_qa@hdpqa.test.com/bin:/var/lib/ambari-agent', 'RANGER_ADMIN_HOME': '/usr/hdp/current/ranger-admin', 'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_40'}, 'user': 'ranger_qa'} 2016-01-05 16:41:05,341 [I] DB FLAVOR :POSTGRES 2016-01-05 16:41:05,342 [I] --------- Verifying Ranger DB connection --------- 2016-01-05 16:41:05,342 [I] Checking connection 2016-01-05 16:41:05,664 [I] connection success 2016-01-05 16:41:05,664 [I] --------- Verifying Ranger DB tables --------- 2016-01-05 16:41:05,664 [I] Verifying table x_portal_user in database ranger 2016-01-05 16:41:05,979 [I] Table x_portal_user already exists in database ranger 2016-01-05 16:41:05,980 [I] --------- Verifying upgrade history table --------- 2016-01-05 16:41:05,980 [I] Verifying table x_db_version_h in database ranger 2016-01-05 16:41:06,304 [I] Table x_db_version_h already exists in database ranger 2016-01-05 16:41:06,304 [I] --------- Applying Ranger DB patches --------- 2016-01-05 16:41:06,304 [I] No patches to apply! 2016-01-05 16:41:06,304 [I] --------- Starting Audit Operation --------- 2016-01-05 16:41:06,304 [I] --------- Check admin user connection --------- 2016-01-05 16:41:06,305 [I] Checking connection 2016-01-05 16:41:06,659 [I] connection success 2016-01-05 16:41:06,659 [I] --------- Check audit user connection --------- 2016-01-05 16:41:06,659 [I] Checking connection 2016-01-05 16:41:06,965 [I] connection success 2016-01-05 16:41:06,966 [I] --------- Check table --------- 2016-01-05 16:41:06,966 [I] Verifying table xa_access_audit in database ranger_audit 2016-01-05 16:41:07,287 [I] Table xa_access_audit already exists in database ranger_audit 2016-01-05 16:41:07,287 [I] Granting permission to rangerlogger 2016-01-05 16:41:07,287 [I] Granting select and usage privileges to Postgres audit user 'rangerlogger' on XA_ACCESS_AUDIT_SEQ 2016-01-05 16:41:07,589 [I] Granting insert privileges to Postgres audit user 'rangerlogger' on XA_ACCESS_AUDIT table 2016-01-05 16:41:07,886 [I] --------- Applying Audit DB patches --------- 2016-01-05 16:41:07,886 [I] No patches to apply! 2016-01-05 16:41:07,897 - Directory['/usr/hdp/current/ranger-admin/conf'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp', 'recursive': True} 2016-01-05 16:41:07,941 - File['/usr/lib/ambari-agent/DBConnectionVerification.jar'] {'content': DownloadSource('https://hdpqamgmt0.hdpqa.test.com:8443/resources/DBConnectionVerification.jar'), 'mode': 0644} 2016-01-05 16:41:07,969 - Not downloading the file from <a href="https://hdpqamgmt0.hdpqa.test.com:8443/resources/DBConnectionVerification.jar,">https://hdpqamgmt0.hdpqa.test.com:8443/resou...</a> because /var/lib/ambari-agent/tmp/DBConnectionVerification.jar already exists 2016-01-05 16:41:08,012 - Execute['/usr/jdk64/jdk1.8.0_40/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/postgresql.jar:/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/lib/* org.apache.ambari.server.DBConnectionVerification 'jdbc:postgresql://hdpqadb0.hdpqa.test.com:5432/ranger' ranger [PROTECTED] org.postgresql.Driver'] {'environment': {}, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 5, 'try_sleep': 10} 2016-01-05 16:41:08,370 - Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf', '/usr/hdp/current/ranger-admin/conf')] {'not_if': 'ls /usr/hdp/current/ranger-admin/conf', 'sudo': True, 'only_if': 'ls /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf'} 2016-01-05 16:41:08,376 - Skipping Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf', '/usr/hdp/current/ranger-admin/conf')] due to not_if 2016-01-05 16:41:08,377 - Execute[('chown', '-R', u'ranger_qa:ranger_qa_grp', '/usr/hdp/current/ranger-admin/')] {'sudo': True} 2016-01-05 16:41:08,402 - Directory['/var/log/ranger/admin'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp'} 2016-01-05 16:41:08,443 - File['/usr/hdp/current/ranger-admin/conf/ranger-admin-default-site.xml'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp'} 2016-01-05 16:41:08,496 - File['/usr/hdp/current/ranger-admin/conf/security-applicationContext.xml'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp'} 2016-01-05 16:41:08,546 - Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh', '/usr/bin/ranger-admin')] {'not_if': 'ls /usr/bin/ranger-admin', 'sudo': True, 'only_if': 'ls /usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh'} 2016-01-05 16:41:08,551 - Skipping Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh', '/usr/bin/ranger-admin')] due to not_if 2016-01-05 16:41:08,551 - XmlConfig['ranger-admin-site.xml'] {'group': 'ranger_qa_grp', 'conf_dir': '/usr/hdp/current/ranger-admin/conf', 'mode': 0644, 'configuration_attributes': {}, 'owner': 'ranger_qa', 'configurations': ...} 2016-01-05 16:41:08,565 - Generating config: /usr/hdp/current/ranger-admin/conf/ranger-admin-site.xml 2016-01-05 16:41:08,566 - File['/usr/hdp/current/ranger-admin/conf/ranger-admin-site.xml'] {'owner': 'ranger_qa', 'content': InlineTemplate(...), 'group': 'ranger_qa_grp', 'mode': 0644, 'encoding': 'UTF-8'} 2016-01-05 16:41:08,686 - Directory['/usr/hdp/current/ranger-admin/conf/ranger_jaas'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp', 'mode': 0700} 2016-01-05 16:41:08,738 - Execute[('/usr/hdp/current/ranger-admin/ranger_credential_helper.py', '-l', '/usr/hdp/current/ranger-admin/cred/lib/*', '-f', u'/etc/ranger/admin/rangeradmin.jceks', '-k', u'rangeradmin', '-v', [PROTECTED], '-c', '1')] {'logoutput': True, 'environment': {'RANGER_ADMIN_HOME': '/usr/hdp/current/ranger-admin', 'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_40'}, 'sudo': True} sudo: unable to execute /usr/hdp/current/ranger-admin/ranger_credential_helper.py: Permission denied
Created 01-13-2016 02:57 AM
This issue was resolved. Root cause of the issue was that customer had symlinked /usr/hdp to /opt/hadoop/usr/hdp and as per discussion with Ranger Engg., that apparently is not supported currently. Once, I removed symlink and reverted back to /usr/hdp, issue got fixed.
unlink /usr/hdp cp -rp /opt/hadoop/usr/* /usr/ rm -rf /opt/hadoop/usr
Created 01-05-2016 08:58 PM
@Pardeep check this /usr/hdp/current/ranger-admin/ranger_credential_helper.py: Permission denied
Created 01-05-2016 08:58 PM
[root@hdpqamgmt0 ~]# ls -ltr /usr/hdp/current/ranger-admin/ranger_credential_helper.py -r-xr--r-- 1 ranger_qa ranger_qa_grp 3087 Sep 30 23:39 /usr/hdp/current/ranger-admin/ranger_credential_helper.py
Created 01-05-2016 08:58 PM
@Neeraj Sabharwal See permission looks correct to me.
Created 01-05-2016 08:58 PM
@Pardeep I guess we need to do more troubleshooting. See this http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.0.0/bk_Ambari_Security_Guide/content/_commands.h...
Created 01-05-2016 08:58 PM
I have even tried changing permission to 777. But no success.
Created 01-05-2016 08:58 PM
Thats already done @Neeraj Sabharwal
Created 01-05-2016 10:37 PM
please grant read and execute permission for all py files under /usr/hdp/current/ranger-admin folders (and sub-folders) and try again. Since the umask was set to 0027, it did not grant execute permission for OTHERS which is required for ambari user to execute these scripts.
Created 01-13-2016 02:57 AM
This issue was resolved. Root cause of the issue was that customer had symlinked /usr/hdp to /opt/hadoop/usr/hdp and as per discussion with Ranger Engg., that apparently is not supported currently. Once, I removed symlink and reverted back to /usr/hdp, issue got fixed.
unlink /usr/hdp cp -rp /opt/hadoop/usr/* /usr/ rm -rf /opt/hadoop/usr
Created 03-19-2018 01:14 PM
Not sure about deleting the whole folder.
Sometimes for this kind of issue you can try reinstalling ranger_{{ version }}-admin.