Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Ranger KMS get key list says " Connection refused: Please check the KMS provider URL"

Explorer

CentOS 6 / ambari 2.5.0 + ranger 0.7.1 with kerberos enable.

when try to get key list thru ranger admin web ui, an error popped up:

"Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running"

I checked KMS service, which is up and running.

KMS service log only got one ERROR: "RangerKMSDB - DB Flavor could not be determined" which i think is not important.

thank you for your help!

1 ACCEPTED SOLUTION

Explorer

Turn out my kms ranger repo not config correctly.

Thank you Geoffrey

View solution in original post

4 REPLIES 4

Mentor

@kiwi z

Can you see any error messages in /var/log/ranger/kms/catalina.out thats the startup logfile. If you see message about InvalidKeyException like below

java.security.InvalidKeyException:Illegal key size        
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)

That indicates JCE issue so install JDK JCE and that should resolve the issue distribute and install JCE on all nodes.

HTH

Explorer

Turn out my kms ranger repo not config correctly.

Thank you Geoffrey

Mentor

@kiwi z

Could you share your solution so that other members who encounter the same situation could have a quick solution

Explorer

In Ranger Admin Web for KMS, at service management section, you can config ranger kms provider url, which is not correct on automatically creation.