Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Ranger KMS not Decrypting Files

avatar
author-rank nicholas_pilegg
Contributor

Created ‎12-08-2016 02:11 PM

Hello,

I have been trying to pull some data from our SQL Server into hdfs via sqoop. The destination point is an encrypted zone (/secure/). The files are written and when I pull the files with hdfs dfs -get /secure/[folder imported] I am getting gibberish when I open the files. My first though was I couldn't decrypt the file, but when I look at the audit logs in Ranger, I am seeing the access type decrypteek for my user on the read and the write. Below is the sqoop query. Any insights would be great.

sqoop import \

-D sqoop.test.import.rootDir=hdfs://popul/secure/ \

--target-dir hdfs://popul/secure/intest/ \

--connect "jdbc:sqlserver://[serverip]:1433;database=[database]" \

--username [sqoopuser] \

--password [password] \

--table S_Elg \

--fields-terminated-by "|" \

--columns "col1, col2, col3" \

--split-by ElgKey \

-- --schema ACC

P.S. when I run this query in a non encrypted zone, everything works as expected.

Nick

1,439 Views
1 ACCEPTED SOLUTION

avatar
author-rank nicholas_pilegg
Contributor

Created ‎12-21-2016 02:47 PM

@Ryan Cicak

After staring at this with a hortonworks engineer (who was onsite for an unrelated reason), we figured out the problem. The whole time Ranger KMS was doing its job, but I had enabled compression on my mapper outputs with these changes:

mapreduce.map.output.compresstrue

mapreduce.output.fileoutputformat.compress

true

When I pulled the outputs of my sqoop job they looked like binary, but in reality they were just compressed. After deflating them everything is working correctly.

Nick

View solution in original post

1,220 Views
0 Kudos
2 REPLIES 2

avatar
author-rank RyanCicak author-rank
Guru

Created ‎12-17-2016 08:14 PM

Hi @Nick Pileggi

Can you verify the user trying to read the file has the Decrypt EEK permission in Ranger KMS? You can use my article here as a reference

Is your cluster Kerberized?

1,220 Views
0 Kudos

avatar
author-rank nicholas_pilegg
Contributor

Created ‎12-21-2016 02:47 PM

@Ryan Cicak

After staring at this with a hortonworks engineer (who was onsite for an unrelated reason), we figured out the problem. The whole time Ranger KMS was doing its job, but I had enabled compression on my mapper outputs with these changes:

mapreduce.map.output.compresstrue

mapreduce.output.fileoutputformat.compress

true

When I pulled the outputs of my sqoop job they looked like binary, but in reality they were just compressed. After deflating them everything is working correctly.

Nick

1,221 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements