Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger HDFS Policy not Syncing - No Trusted Cert Found

Labels:
avatar
author-rank nicholas_pilegg
Contributor

Created ‎01-30-2017 04:43 PM

Hello,

After rolling out SSL to the Ranger Admin Page, I noticed my policy changes weren't syncing with the name nodes. I found I needed to setup the plugin for SSL. I followed these procedures (https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ch04s19s02s04s01.html) and had nothing. After looking at the namenode logs I see the error message saying:

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)

I am not quite sure where else to look.

Nick

2,079 Views
1 ACCEPTED SOLUTION

avatar
author-rank apappu author-rank
Guru

Created ‎01-30-2017 05:38 PM

@Nick Pileggi

Yes, you will have to put the Ranger Cert into HDFS truststore,. also by default it enables 2 way SSL between Ranger admin and HDFS plug-in.

Some time back I have written article here with complete steps.

https://community.hortonworks.com/articles/68150/configuring-ranger-ranger-hdfs-plugin-for-ssl-with....

View solution in original post

1,753 Views
0 Kudos
3 REPLIES 3

avatar
author-rank apappu author-rank
Guru

Created ‎01-30-2017 05:38 PM

@Nick Pileggi

Yes, you will have to put the Ranger Cert into HDFS truststore,. also by default it enables 2 way SSL between Ranger admin and HDFS plug-in.

Some time back I have written article here with complete steps.

https://community.hortonworks.com/articles/68150/configuring-ranger-ranger-hdfs-plugin-for-ssl-with....

1,754 Views
0 Kudos

avatar
author-rank vperiasamy author-rank
Guru

Created ‎01-30-2017 06:19 PM

If you enable SSL on ranger, you need to update the truststore.

Please refer http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/configure_ambari_ranger_...

1,753 Views
0 Kudos

avatar
author-rank nicholas_pilegg
Contributor

Created ‎01-30-2017 06:25 PM

@apappu

That was the hint I needed. It appears I had a keystore set for my HDFS ranger truststore. So no matter what I did, I would be unable to fix it. Once I corrected that issue, I see my namenode pulling the policy. Glad it was something stupid.

Nick

1,753 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements