Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ranger KMS service not visible in Ranger Admin UI

avatar
Expert Contributor

Hello All,

 

I have just added a Ranger KMS service to a newly built CDP Cluster. When attempted to create key, got error stating "user not allowed to do create key".

 

I thought it must be related to providing privs to the user in Ranger policies for KMS service and hence, logged in to the Ranger Admin UI where I can't see Ranger KMS service itself.


I can see the plugin is enabled and responding in the plugins tab, cm_kms policy is syncing as per plugin status tab. However, service is not there. 

 

Any suggestions please.

 

Thanks

snm1523

1 ACCEPTED SOLUTION

avatar
Master Collaborator

@snm1523As per the description I see that while you are creating the key getting following error.  "user not allowed to do create key".

 

Solution: 

1. To see the cm_kms you need to login with keyadmin user in Ranger Admin. Did you tried logging in with "keyadmin" user?

Or 

2. Please login to the Ranger webUI as admin and under Settings --> Users/Groups/Roles and search 'User Name: rangerkms' Click on the rangekms user, then under roles add the keyadmin role. Save, then resume the upgrade in CM.


If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

View solution in original post

1 REPLY 1

avatar
Master Collaborator

@snm1523As per the description I see that while you are creating the key getting following error.  "user not allowed to do create key".

 

Solution: 

1. To see the cm_kms you need to login with keyadmin user in Ranger Admin. Did you tried logging in with "keyadmin" user?

Or 

2. Please login to the Ranger webUI as admin and under Settings --> Users/Groups/Roles and search 'User Name: rangerkms' Click on the rangekms user, then under roles add the keyadmin role. Save, then resume the upgrade in CM.


If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.