Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger Solr on HDP 2.3.4 unable to refresh policies

avatar
author-rank jstraub
Guru

Created ‎03-19-2016 08:17 AM

I just installed a new cluster on HDP 2.3.4 with Solr 5.2.1 including Kerberos + Ranger Solr Plugin. Following this article https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html

However when I enable the Ranger Solr Plugin and restart solr I am seeing the following error: 

632300 [Thread-15] WARN  org.apache.ranger.plugin.util.PolicyRefresher  [   ] – cache file does not exist or not readble 'null'
662301 [Thread-15] ERROR org.apache.ranger.plugin.util.PolicyRefresher  [   ] – PolicyRefresher(serviceName=null): failed to refresh policies. Will continue to use last known version of policies (-1)
com.sun.jersey.api.client.ClientHandlerException: java.lang.IllegalArgumentException: URI is not absolute
        at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:151)
        at com.sun.jersey.api.client.Client.handle(Client.java:648)
        at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680)
        at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
        at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507)
        at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:73)
        at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:205)
        at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:175)
        at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:154)
Caused by: java.lang.IllegalArgumentException: URI is not absolute
        at java.net.URI.toURL(URI.java:1088)
        at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:159)
        at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
        ... 8 more

This is what it looks like on HDP 2.3.2 

INFO  - 2016-03-15 16:54:50.478; [   ] org.apache.ranger.plugin.util.PolicyRefresher; PolicyRefresher(serviceName=mycluster_solr): found updated version. lastKnownVersion=-1; newVersion=61

On 2.3.4 the serviceName is not replaced by the actual repository name, which was set in the install.properties file. On 2.3.2 the serviceName is replaced by the repository name <clustername>_solr.

Looks like a bug :(

Anyone seen this issue before? Any possible workaround?

3,504 Views
1 ACCEPTED SOLUTION

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎03-21-2016 06:38 AM

Please check the value for property " ranger.plugin.solr.policy.rest.url" in ranger-solr-security.xml in the solr conf folder.

This should have the right value for the ranger admin. You can put the right value and restart solr plugin.

Not sure why the enabling of ranger solr plugin didnt update the right value. Did you see any exception in when you enabled solr plugin. May be you can try reinstalling it will be debug on the enable script to see if there are any exceptions and let us know.

View solution in original post

2,651 Views
4 REPLIES 4

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎03-21-2016 06:38 AM

Please check the value for property " ranger.plugin.solr.policy.rest.url" in ranger-solr-security.xml in the solr conf folder.

This should have the right value for the ranger admin. You can put the right value and restart solr plugin.

Not sure why the enabling of ranger solr plugin didnt update the right value. Did you see any exception in when you enabled solr plugin. May be you can try reinstalling it will be debug on the enable script to see if there are any exceptions and let us know.

2,652 Views

avatar
author-rank jstraub
Guru

Created ‎04-06-2016 03:14 PM

@Ramesh Mani I have checked your recommendation. Unfortunately it didnt help, any other ideas?

2,651 Views
0 Kudos

avatar
author-rank jstraub
Guru

Created ‎05-03-2016 06:35 AM

@Ramesh Mani Thanks for the help and fixing the issue! Enabling the plugin basically changed the owner of /opt/solr/server/solr-webapp/webapp/WEB-INF/classes to root:root, changing it back to solr:solr solved the problem 😉

2,651 Views
0 Kudos

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎03-21-2016 11:16 PM

@Jonas Straub Also please check that conf folder where there ranger config is there in the class path of the solr process. This might be the case for you.

2,651 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements