Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger Admin is failing to Install

Labels:
avatar
author-rank pardeep_kumar
Guru

Created ‎01-05-2016 08:58 PM

Below is the error I am getting: ( Its HDP2.3.2, Ambari2.1.2.1, Umask is set to 0027 and Ambari Server/Agent runs as non-root user)

stderr:   /var/lib/ambari-agent/data/errors-1353.txt


Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py", line 124, in <module>
    RangerAdmin().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 216, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py", line 45, in install
    self.configure(env)
  File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py", line 103, in configure
    ranger('ranger_admin')
  File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py", line 40, in ranger
    setup_ranger_admin(rolling_upgrade=rolling_upgrade)
  File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py", line 129, in setup_ranger_admin
    do_keystore_setup(rolling_upgrade=rolling_upgrade)
  File "/var/lib/ambari-agent/cache/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py", line 250, in do_keystore_setup
    sudo=True
  File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 154, in __init__
    self.env.run()
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 152, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 118, in run_action
    provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 260, in action_run
    tries=self.resource.tries, try_sleep=self.resource.try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 70, in inner
    result = function(command, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 92, in checked_call
    tries=tries, try_sleep=try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 140, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 291, in _call
    raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of '/usr/hdp/current/ranger-admin/ranger_credential_helper.py -l '/usr/hdp/current/ranger-admin/cred/lib/*' -f /etc/ranger/admin/rangeradmin.jceks -k rangeradmin -v 3TMhrVMym4t7Ufg2 -c 1' returned 1. sudo: unable to execute /usr/hdp/current/ranger-admin/ranger_credential_helper.py: Permission denied


stdout:   /var/lib/ambari-agent/data/output-1353.txt


2016-01-05 16:40:31,916 - Skipping creation of User and Group as host is sys prepped or ignore_groupsusers_create flag is on
2016-01-05 16:40:31,917 - Directory['/tmp/hbase-hbase'] {'owner': 'hbase_qa', 'recursive': True, 'mode': 0775, 'cd_access': 'a'}
2016-01-05 16:40:32,043 - Skipping setting uid for hbase user as host is sys prepped
2016-01-05 16:40:32,044 - Group['hdfs_qa'] {'ignore_failures': True}
2016-01-05 16:40:32,045 - User['hdfs_qa'] {'ignore_failures': True, 'groups': [u'hadoop_qa_grp', u'hdfs_qa']}
2016-01-05 16:40:32,046 - Modifying user hdfs_qa
2016-01-05 16:40:32,067 - Directory['/etc/hadoop'] {'mode': 0755}
2016-01-05 16:40:32,107 - Directory['/var/lib/ambari-agent/tmp/hadoop_java_io_tmpdir'] {'owner': 'hdfs_qa', 'group': 'hadoop_qa_grp', 'mode': 0777}
2016-01-05 16:40:32,172 - Repository['HDP-2.3'] {'base_url': 'http://public-repo-1.hortonworks.com/HDP/centos7/2.x/updates/2.3.2.0', 'action': ['create'], 'components': [u'HDP', 'main'], 'repo_template': '[{{repo_id}}]\nname={{repo_id}}\n{% if mirror_list %}mirrorlist={{mirror_list}}{% else %}baseurl={{base_url}}{% endif %}\n\npath=/\nenabled=1\ngpgcheck=0', 'repo_file_name': 'HDP', 'mirror_list': None}
2016-01-05 16:40:32,182 - File['/etc/yum.repos.d/HDP.repo'] {'content': InlineTemplate(...)}
2016-01-05 16:40:32,238 - Repository['HDP-UTILS-1.1.0.20'] {'base_url': 'http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/centos7', 'action': ['create'], 'components': [u'HDP-UTILS', 'main'], 'repo_template': '[{{repo_id}}]\nname={{repo_id}}\n{% if mirror_list %}mirrorlist={{mirror_list}}{% else %}baseurl={{base_url}}{% endif %}\n\npath=/\nenabled=1\ngpgcheck=0', 'repo_file_name': 'HDP-UTILS', 'mirror_list': None}
2016-01-05 16:40:32,243 - File['/etc/yum.repos.d/HDP-UTILS.repo'] {'content': InlineTemplate(...)}
2016-01-05 16:40:32,296 - Package['unzip'] {}
2016-01-05 16:40:32,478 - Skipping installation of existing package unzip
2016-01-05 16:40:32,479 - Package['curl'] {}
2016-01-05 16:40:32,920 - Skipping installation of existing package curl
2016-01-05 16:40:32,921 - Package['hdp-select'] {}
2016-01-05 16:40:33,212 - Skipping installation of existing package hdp-select
2016-01-05 16:40:33,418 - Package['ranger_2_3_*-admin'] {}
2016-01-05 16:40:33,669 - Skipping installation of existing package ranger_2_3_*-admin
2016-01-05 16:40:33,669 - Package['ranger_2_3_*-usersync'] {}
2016-01-05 16:40:33,714 - Skipping installation of existing package ranger_2_3_*-usersync
2016-01-05 16:40:33,718 - File['/var/lib/ambari-agent/tmp/postgresql.jar'] {'content': DownloadSource('https://hdpqamgmt0.hdpqa.test.com:8443/resources//postgres-jdbc-driver.jar'), 'mode': 0644}
2016-01-05 16:40:33,752 - Not downloading the file from <a href="https://hdpqamgmt0.hdpqa.test.com:8443/resources//postgres-jdbc-driver.jar,">https://hdpqamgmt0.hdpqa.test.com:8443/resou...</a> because /var/lib/ambari-agent/tmp/postgres-jdbc-driver.jar already exists
2016-01-05 16:40:33,837 - Directory['/usr/share/java'] {'recursive': True, 'mode': 0755, 'cd_access': 'a'}
2016-01-05 16:40:33,959 - Execute[('cp', '--remove-destination', '/var/lib/ambari-agent/tmp/postgresql.jar', '/usr/share/java/postgresql.jar')] {'path': ['/bin', '/usr/bin/'], 'sudo': True}
2016-01-05 16:40:33,973 - File['/usr/share/java/postgresql.jar'] {'mode': 0644}
2016-01-05 16:40:34,027 - Changing permission for /usr/share/java/postgresql.jar from 640 to 644
2016-01-05 16:40:34,040 - Execute[('cp', '--remove-destination', '/var/lib/ambari-agent/tmp/postgresql.jar', '/usr/hdp/current/ranger-admin/ews/lib')] {'path': ['/bin', '/usr/bin/'], 'sudo': True}
2016-01-05 16:40:34,055 - File['/usr/hdp/current/ranger-admin/ews/lib/postgresql.jar'] {'mode': 0644}
2016-01-05 16:40:34,107 - Changing permission for /usr/hdp/current/ranger-admin/ews/lib/postgresql.jar from 640 to 644
2016-01-05 16:40:34,120 - ModifyPropertiesFile['/usr/hdp/current/ranger-admin/install.properties'] {'owner': 'ranger_qa', 'properties': ...}
2016-01-05 16:40:34,150 - Modifying existing properties file: /usr/hdp/current/ranger-admin/install.properties
2016-01-05 16:40:34,165 - File['/usr/hdp/current/ranger-admin/install.properties'] {'owner': 'ranger_qa', 'content': ..., 'group': None, 'mode': None, 'encoding': 'utf-8'}
2016-01-05 16:40:34,223 - Writing File['/usr/hdp/current/ranger-admin/install.properties'] because contents don't match
2016-01-05 16:40:34,250 - Setting up Ranger DB and DB User
2016-01-05 16:40:34,251 - Execute['python /usr/hdp/current/ranger-admin/dba_script.py -q'] {'logoutput': True, 'environment': {'RANGER_ADMIN_HOME': '/usr/hdp/current/ranger-admin', 'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_40'}, 'user': 'ranger_qa'}
2016-01-05 16:40:34,554  [I] Running DBA setup script. QuiteMode:True
2016-01-05 16:40:34,554  [I] Using Java:/usr/jdk64/jdk1.8.0_40/bin/java
2016-01-05 16:40:34,554  [I] DB FLAVOR:POSTGRES
2016-01-05 16:40:34,554  [I] DB Host:hdpqadb0.hdpqa.test.com
2016-01-05 16:40:34,554  [I] ---------- Creating Ranger Admin db user ---------- 
2016-01-05 16:40:34,910  [I] Verifying user ranger
2016-01-05 16:40:35,229  [I] Postgres user ranger already exists.
2016-01-05 16:40:35,229  [I] ---------- Creating Ranger Admin database ----------
2016-01-05 16:40:35,229  [I] Verifying database ranger
2016-01-05 16:40:35,541  [I] Database ranger already exists.
2016-01-05 16:40:35,541  [I] ---------- Granting permission to Ranger Admin db user ----------
2016-01-05 16:40:35,541  [I] Granting privileges TO user 'ranger' on db 'ranger'
2016-01-05 16:41:01,565  [I] Granting privileges TO user 'ranger' on db 'ranger' Done
2016-01-05 16:41:01,565  [I] ---------- Verifying/Creating audit user --------- 
2016-01-05 16:41:01,566  [I] ---------- Setup audit user ----------
2016-01-05 16:41:01,886  [I] Verifying user ranger
2016-01-05 16:41:02,226  [I] Postgres user ranger already exists.
2016-01-05 16:41:02,556  [I] Verifying user rangerlogger
2016-01-05 16:41:02,875  [I] Postgres user rangerlogger already exists.
2016-01-05 16:41:02,876  [I] Verifying database ranger_audit
2016-01-05 16:41:03,188  [I] Database ranger_audit already exists.
2016-01-05 16:41:03,188  [I] Granting privileges TO user 'ranger' on db 'ranger_audit'
2016-01-05 16:41:05,068  [I] Granting privileges TO user 'ranger' on db 'ranger_audit' Done
2016-01-05 16:41:05,068  [I] ---------- Ranger Policy Manager DB and User Creation Process Completed..  ---------- 
2016-01-05 16:41:05,231 - Execute['python /usr/hdp/current/ranger-admin/db_setup.py'] {'logoutput': True, 'environment': {'PATH': '/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/ambari_qa@hdpqa.test.com/.local/bin:/home/ambari_qa@hdpqa.test.com/bin:/var/lib/ambari-agent', 'RANGER_ADMIN_HOME': '/usr/hdp/current/ranger-admin', 'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_40'}, 'user': 'ranger_qa'}
2016-01-05 16:41:05,341  [I] DB FLAVOR :POSTGRES
2016-01-05 16:41:05,342  [I] --------- Verifying Ranger DB connection ---------
2016-01-05 16:41:05,342  [I] Checking connection
2016-01-05 16:41:05,664  [I] connection success
2016-01-05 16:41:05,664  [I] --------- Verifying Ranger DB tables ---------
2016-01-05 16:41:05,664  [I] Verifying table x_portal_user in database ranger
2016-01-05 16:41:05,979  [I] Table x_portal_user already exists in database ranger
2016-01-05 16:41:05,980  [I] --------- Verifying upgrade history table ---------
2016-01-05 16:41:05,980  [I] Verifying table x_db_version_h in database ranger
2016-01-05 16:41:06,304  [I] Table x_db_version_h already exists in database ranger
2016-01-05 16:41:06,304  [I] --------- Applying Ranger DB patches ---------
2016-01-05 16:41:06,304  [I] No patches to apply!
2016-01-05 16:41:06,304  [I] --------- Starting Audit Operation ---------
2016-01-05 16:41:06,304  [I] --------- Check admin user connection ---------
2016-01-05 16:41:06,305  [I] Checking connection
2016-01-05 16:41:06,659  [I] connection success
2016-01-05 16:41:06,659  [I] --------- Check audit user connection ---------
2016-01-05 16:41:06,659  [I] Checking connection
2016-01-05 16:41:06,965  [I] connection success
2016-01-05 16:41:06,966  [I] --------- Check table ---------
2016-01-05 16:41:06,966  [I] Verifying table xa_access_audit in database ranger_audit
2016-01-05 16:41:07,287  [I] Table xa_access_audit already exists in database ranger_audit
2016-01-05 16:41:07,287  [I] Granting permission to rangerlogger
2016-01-05 16:41:07,287  [I] Granting select and usage privileges to Postgres audit user 'rangerlogger' on XA_ACCESS_AUDIT_SEQ
2016-01-05 16:41:07,589  [I] Granting insert privileges to Postgres audit user 'rangerlogger' on XA_ACCESS_AUDIT table
2016-01-05 16:41:07,886  [I] --------- Applying Audit DB patches ---------
2016-01-05 16:41:07,886  [I] No patches to apply!
2016-01-05 16:41:07,897 - Directory['/usr/hdp/current/ranger-admin/conf'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp', 'recursive': True}
2016-01-05 16:41:07,941 - File['/usr/lib/ambari-agent/DBConnectionVerification.jar'] {'content': DownloadSource('https://hdpqamgmt0.hdpqa.test.com:8443/resources/DBConnectionVerification.jar'), 'mode': 0644}
2016-01-05 16:41:07,969 - Not downloading the file from <a href="https://hdpqamgmt0.hdpqa.test.com:8443/resources/DBConnectionVerification.jar,">https://hdpqamgmt0.hdpqa.test.com:8443/resou...</a> because /var/lib/ambari-agent/tmp/DBConnectionVerification.jar already exists
2016-01-05 16:41:08,012 - Execute['/usr/jdk64/jdk1.8.0_40/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/share/java/postgresql.jar:/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/lib/* org.apache.ambari.server.DBConnectionVerification 'jdbc:postgresql://hdpqadb0.hdpqa.test.com:5432/ranger' ranger [PROTECTED] org.postgresql.Driver'] {'environment': {}, 'path': ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], 'tries': 5, 'try_sleep': 10}
2016-01-05 16:41:08,370 - Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf', '/usr/hdp/current/ranger-admin/conf')] {'not_if': 'ls /usr/hdp/current/ranger-admin/conf', 'sudo': True, 'only_if': 'ls /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf'}
2016-01-05 16:41:08,376 - Skipping Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf', '/usr/hdp/current/ranger-admin/conf')] due to not_if
2016-01-05 16:41:08,377 - Execute[('chown', '-R', u'ranger_qa:ranger_qa_grp', '/usr/hdp/current/ranger-admin/')] {'sudo': True}
2016-01-05 16:41:08,402 - Directory['/var/log/ranger/admin'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp'}
2016-01-05 16:41:08,443 - File['/usr/hdp/current/ranger-admin/conf/ranger-admin-default-site.xml'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp'}
2016-01-05 16:41:08,496 - File['/usr/hdp/current/ranger-admin/conf/security-applicationContext.xml'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp'}
2016-01-05 16:41:08,546 - Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh', '/usr/bin/ranger-admin')] {'not_if': 'ls /usr/bin/ranger-admin', 'sudo': True, 'only_if': 'ls /usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh'}
2016-01-05 16:41:08,551 - Skipping Execute[('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh', '/usr/bin/ranger-admin')] due to not_if
2016-01-05 16:41:08,551 - XmlConfig['ranger-admin-site.xml'] {'group': 'ranger_qa_grp', 'conf_dir': '/usr/hdp/current/ranger-admin/conf', 'mode': 0644, 'configuration_attributes': {}, 'owner': 'ranger_qa', 'configurations': ...}
2016-01-05 16:41:08,565 - Generating config: /usr/hdp/current/ranger-admin/conf/ranger-admin-site.xml
2016-01-05 16:41:08,566 - File['/usr/hdp/current/ranger-admin/conf/ranger-admin-site.xml'] {'owner': 'ranger_qa', 'content': InlineTemplate(...), 'group': 'ranger_qa_grp', 'mode': 0644, 'encoding': 'UTF-8'}
2016-01-05 16:41:08,686 - Directory['/usr/hdp/current/ranger-admin/conf/ranger_jaas'] {'owner': 'ranger_qa', 'group': 'ranger_qa_grp', 'mode': 0700}
2016-01-05 16:41:08,738 - Execute[('/usr/hdp/current/ranger-admin/ranger_credential_helper.py', '-l', '/usr/hdp/current/ranger-admin/cred/lib/*', '-f', u'/etc/ranger/admin/rangeradmin.jceks', '-k', u'rangeradmin', '-v', [PROTECTED], '-c', '1')] {'logoutput': True, 'environment': {'RANGER_ADMIN_HOME': '/usr/hdp/current/ranger-admin', 'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_40'}, 'sudo': True}
sudo: unable to execute /usr/hdp/current/ranger-admin/ranger_credential_helper.py: Permission denied
9,289 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pardeep_kumar
Guru

Created ‎01-13-2016 02:57 AM

This issue was resolved. Root cause of the issue was that customer had symlinked /usr/hdp to /opt/hadoop/usr/hdp and as per discussion with Ranger Engg., that apparently is not supported currently. Once, I removed symlink and reverted back to /usr/hdp, issue got fixed.

unlink /usr/hdp

cp -rp /opt/hadoop/usr/* /usr/

rm -rf  /opt/hadoop/usr

View solution in original post

6,958 Views
0 Kudos
10 REPLIES 10

avatar
author-rank sapek_92
New Contributor

Created ‎06-06-2018 01:00 PM

Hi,

I had similar issue when I try install Ranger on HDP 2.5.0.3. Ambari app are working on ambari (non-root) account. I also moved hdp directory do annother disk and created symlink.

Error what I got:
2018-06-05 10:25:43,096 - Execute[(u'/opt/java/jdk1.8.0/bin/java', '-cp', u'/usr/hdp/current/ranger-admin/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', u'rangeradmin', '-value', [PROTECTED], '-provider', u'jceks://file/etc/ranger/admin/rangeradmin.jceks')] {'logoutput': True, 'environment': {'JAVA_HOME': u'/opt/java/jdk1.8.0'}, 'sudo': True}
Sorry, user ambari is not allowed to execute '/opt/java/jdk1.8.0/bin/java -cp /usr/hdp/current/ranger-admin/cred/lib/* org.apache.ranger.credentialapi.buildks create rangeradmin -value O6gZHKsVNcEMVAZSvjZo

Solution:

I detected when I logged in ambari user I could run java, but when run sudo java I got similar error like above.
The solution was to add and entry to /etc/sudoers:
ambari ALL=(ALL) NOPASSWD:SETENV: /bin/java *

2,569 Views
0 Kudos
Announcements
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
What's New @ Cloudera
Updates to the HDFS clusters on AWS environments to add supp...
What's New @ Cloudera
Enhancements to the create-database command
Community Announcements
September 2024 Community Highlights
View More Announcements