Support Questions

Find answers, ask questions, and share your expertise

Ranger KMS get key list says " Connection refused: Please check the KMS provider URL"

avatar
Explorer

CentOS 6 / ambari 2.5.0 + ranger 0.7.1 with kerberos enable.

when try to get key list thru ranger admin web ui, an error popped up:

"Connection refused : Please check the KMS provider URL and whether the Ranger KMS is running"

I checked KMS service, which is up and running.

KMS service log only got one ERROR: "RangerKMSDB - DB Flavor could not be determined" which i think is not important.

thank you for your help!

1 ACCEPTED SOLUTION

avatar
Explorer

Turn out my kms ranger repo not config correctly.

Thank you Geoffrey

View solution in original post

4 REPLIES 4

avatar
Master Mentor

@kiwi z

Can you see any error messages in /var/log/ranger/kms/catalina.out thats the startup logfile. If you see message about InvalidKeyException like below

java.security.InvalidKeyException:Illegal key size        
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)

That indicates JCE issue so install JDK JCE and that should resolve the issue distribute and install JCE on all nodes.

HTH

avatar
Explorer

Turn out my kms ranger repo not config correctly.

Thank you Geoffrey

avatar
Master Mentor

@kiwi z

Could you share your solution so that other members who encounter the same situation could have a quick solution

avatar
Explorer

In Ranger Admin Web for KMS, at service management section, you can config ranger kms provider url, which is not correct on automatically creation.