Created 09-14-2018 03:05 AM
Hello,
In Kerberized environments, i installed ranger KMS.
ranger.service.https.attrib.ssl.enabled = false
But while running a test connection for the service: i'm getting :
Connection Failed. Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info. org.apache.ranger.plugin.client.HadoopException: { "RemoteException" : { "message" : "User:ranger not allowed to do 'GET_KEYS'", "exception" : "AuthorizationException", "javaClassName" : "org.apache.hadoop.security.authorize.AuthorizationException" } }. { "RemoteException" : { "message" : "User:ranger not allowed to do 'GET_KEYS'", "exception" : "AuthorizationException", "javaClassName" : "org.apache.hadoop.security.authorize.AuthorizationException" } }.
Cluster is Kerberized/LDAP (freeIPA).
Not sure what to do then,
Thanks for your help,
Created 09-14-2018 03:11 AM
Can you please check the core-site configuration inside the Ambari UI to verify if you have setup the ranger kms proxyusers properly or not?
hadoop.proxyuser.kms.users=* hadoop.proxyuser.kms.hosts=* hadoop.proxyuser.kms.groups=*
And then restart ranger KMS + HDFS services.
Created 03-31-2020 06:17 AM
Verified proxyuser in kms-site, everything looks good as described, still the issue remains same. please advise
Created on 04-10-2020 07:54 AM - edited 04-10-2020 07:59 AM
In my case:
<property>
<name>hadoop.kms.security.authorization.manager</name>
<value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
</property>
in kms-site.xml + Ranger KMS daemon restart helped.