Support Questions

rania_triki93 · ‎09-14-2018

Hello,

In Kerberized environments, i installed ranger KMS.

ranger.service.https.attrib.ssl.enabled = false

But while running a test connection for the service: i'm getting :

Connection Failed.
Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.

org.apache.ranger.plugin.client.HadoopException: {
"RemoteException" : {
"message" : "User:ranger not allowed to do 'GET_KEYS'",
"exception" : "AuthorizationException",
"javaClassName" : "org.apache.hadoop.security.authorize.AuthorizationException"
}
}.
{
"RemoteException" : {
"message" : "User:ranger not allowed to do 'GET_KEYS'",
"exception" : "AuthorizationException",
"javaClassName" : "org.apache.hadoop.security.authorize.AuthorizationException"
}
}.

Cluster is Kerberized/LDAP (freeIPA).

Not sure what to do then,

Thanks for your help,

jsensharma · ‎09-14-2018

@ranya triki

Can you please check the core-site configuration inside the Ambari UI to verify if you have setup the ranger kms proxyusers properly or not?

hadoop.proxyuser.kms.users=*
hadoop.proxyuser.kms.hosts=*
hadoop.proxyuser.kms.groups=*

And then restart ranger KMS + HDFS services.

n_cherukula · ‎03-31-2020

Verified proxyuser in kms-site, everything looks good as described, still the issue remains same. please advise

mallniya · ‎04-10-2020

In my case:

 <property>
<name>hadoop.kms.security.authorization.manager</name>
<value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
</property>

in kms-site.xml + Ranger KMS daemon restart helped.

Support Questions

Ranger KMS : connection failed on "test connection" button