Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ranger Tagsync Error: ERROR RangerCredentialProvider [Thread-9] - 72 Unable to get the Credential Provider from the Configuration

Labels:
avatar
author-rank abhishek_kumar
Contributor

Created ‎12-26-2017 01:33 PM

HI All,

Received same error as mention in article "https://community.hortonworks.com/content/supportkb/150685/error-rangercredentialprovider-thread-9-72-unable.html" by @emattos .

As mention in article update ranger-policymgr-ssl.xml file .But i didnt find any file like "ranger-policymgr-ssl.xml" after installation on rangertagsync .Also there is no jceks file for truststore .Can anybody help me on this .
I am using Ambari 2.4.2.0 and HDP 2.5.3

4,380 Views
0 Kudos
5 REPLIES 5

avatar
author-rank abhishek_kumar
Contributor

Created ‎12-26-2017 01:35 PM

full error

26 Dec 2017 17:25:20 ERROR RangerCredentialProvider [Thread-9] - 72 Unable to get the Credential Provider from the Configuration java.lang.IllegalArgumentException: The value of property hadoop.security.credential.provider.path must not be null at com.google.common.base.Preconditions.checkArgument(Preconditions.java:125) at org.apache.hadoop.conf.Configuration.set(Configuration.java:1140) at org.apache.hadoop.conf.Configuration.set(Configuration.java:1121) at org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.getCredentialProviders(RangerCredentialProvider.java:68) at org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.getCredentialString(RangerCredentialProvider.java:46) at org.apache.ranger.plugin.util.RangerRESTClient.getCredential(RangerRESTClient.java:370) at org.apache.ranger.plugin.util.RangerRESTClient.getTrustManagers(RangerRESTClient.java:311) at org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:190) at org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:177) at org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:157) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:198) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:194) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.uploadServiceTags(TagAdminRESTSink.java:169) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.access$000(TagAdminRESTSink.java:46) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:148) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:144) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.doUpload(TagAdminRESTSink.java:144) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.run(TagAdminRESTSink.java:249) at java.lang.Thread.run(Thread.java:745) 26 Dec 2017 17:25:20 ERROR TagAdminRESTSink [Thread-9] - 150 Upload of service-tags failed with message java.lang.IllegalArgumentException: SSLContext must not be null at com.sun.jersey.client.urlconnection.HTTPSProperties.<init>(HTTPSProperties.java:106) at org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:202) at org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:177) at org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:157) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:198) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:194) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.uploadServiceTags(TagAdminRESTSink.java:169) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.access$000(TagAdminRESTSink.java:46) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:148) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:144) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.doUpload(TagAdminRESTSink.java:144) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.run(TagAdminRESTSink.java:249) at java.lang.Thread.run(Thread.java:745)

3,963 Views
0 Kudos

avatar
author-rank dsharma author-rank
Guru

Created ‎12-26-2017 07:16 PM

you should check in Advanced ranger-tagsync-policymgr-ssl through ambari there you will find:

xasecure.policymgr.clientssl.keystore

xasecure.policymgr.clientssl.keystore.credential.file

xasecure.policymgr.clientssl.keystore.password

xasecure.policymgr.clientssl.truststore.credential.file

etc.

3,963 Views

avatar
author-rank abhishek_kumar
Contributor

Created on ‎12-27-2017 05:45 AM - edited ‎08-18-2019 02:50 AM

46439-tag.png

Hi Deepak,

Thanks for your answer ,But there is no such file in Ambari .

3,963 Views
0 Kudos

avatar
author-rank abhishek_kumar
Contributor

Created on ‎12-27-2017 05:51 AM - edited ‎08-18-2019 02:49 AM

only property i can see under Advance ranger-tagsync-ste . But there is property to enter truststore password .

46440-tag2.png

3,963 Views
0 Kudos

avatar
author-rank lvazquez
Expert Contributor

Created ‎01-18-2018 03:02 AM

Just in case this may save time to other people. The configuration included with HDP 2.5.x and Ambari 2.5 is not compatible with using Ranger Tagsync with SSL, so there is no "Advanced ranger-tagsync-policymgr-ssl" section or anything like that on Ranger (0.6.0) configuration from Ambari.

The first response above refers to the parameters included in the file ranger-tagsync-policymgr-ssl.xml included with Ambari 2.6 (y believe in HDP 2.6.x). This in included in the patch discussed in the following URL:

https://issues.apache.org/jira/browse/AMBARI-18874

There is an Ambari patch for HDP 2.5 but I was not able to make it work with Ambari 2.5 and Ranger 0.6.0 (included with HDP 2.5.6) so the way to make it work was to change include the file /etc/ranger/tagsync/conf/ranger-tagsync-policymgr-ssl.xml from the patch above edited by hand and in the section "Advanced ranger-tagsync-site" modify the parameter ranger.tagsync.dest.ranger.ssl.config.filename

which incredibly (and shamefully) points to a keystore!!! in the default HDP 2.5 configuration to point to this file like this:

ranger.tagsync.dest.ranger.ssl.config.filename=/etc/ranger/tagsync/conf/ranger-tagsync-policymgr-ssl.xml

After this you will also need to change the credentials store file at rangertagsync.jceks to include the keys ssltruststore and sslkeystore with the correct values. There are other articles on how to do this.

Hopefully in HDP 2.6 things are going to be easier 😞

3,963 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements