Created 12-26-2017 01:33 PM
HI All,
Received same error as mention in article "https://community.hortonworks.com/content/supportkb/150685/error-rangercredentialprovider-thread-9-72-unable.html" by @emattos .
As mention in article update ranger-policymgr-ssl.xml file .But i didnt find any file like "ranger-policymgr-ssl.xml" after installation on rangertagsync .Also there is no jceks file for truststore .Can anybody help me on this .
I am using Ambari 2.4.2.0 and HDP 2.5.3
Created 12-26-2017 01:35 PM
full error
26 Dec 2017 17:25:20 ERROR RangerCredentialProvider [Thread-9] - 72 Unable to get the Credential Provider from the Configuration java.lang.IllegalArgumentException: The value of property hadoop.security.credential.provider.path must not be null at com.google.common.base.Preconditions.checkArgument(Preconditions.java:125) at org.apache.hadoop.conf.Configuration.set(Configuration.java:1140) at org.apache.hadoop.conf.Configuration.set(Configuration.java:1121) at org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.getCredentialProviders(RangerCredentialProvider.java:68) at org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.getCredentialString(RangerCredentialProvider.java:46) at org.apache.ranger.plugin.util.RangerRESTClient.getCredential(RangerRESTClient.java:370) at org.apache.ranger.plugin.util.RangerRESTClient.getTrustManagers(RangerRESTClient.java:311) at org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:190) at org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:177) at org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:157) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:198) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:194) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.uploadServiceTags(TagAdminRESTSink.java:169) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.access$000(TagAdminRESTSink.java:46) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:148) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:144) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.doUpload(TagAdminRESTSink.java:144) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.run(TagAdminRESTSink.java:249) at java.lang.Thread.run(Thread.java:745) 26 Dec 2017 17:25:20 ERROR TagAdminRESTSink [Thread-9] - 150 Upload of service-tags failed with message java.lang.IllegalArgumentException: SSLContext must not be null at com.sun.jersey.client.urlconnection.HTTPSProperties.<init>(HTTPSProperties.java:106) at org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:202) at org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:177) at org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:157) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:198) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.createWebResource(TagAdminRESTSink.java:194) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.uploadServiceTags(TagAdminRESTSink.java:169) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.access$000(TagAdminRESTSink.java:46) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:148) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink$1.run(TagAdminRESTSink.java:144) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.doUpload(TagAdminRESTSink.java:144) at org.apache.ranger.tagsync.sink.tagadmin.TagAdminRESTSink.run(TagAdminRESTSink.java:249) at java.lang.Thread.run(Thread.java:745)
Created 12-26-2017 07:16 PM
you should check in Advanced ranger-tagsync-policymgr-ssl through ambari there you will find:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore.credential.file
etc.
Created on 12-27-2017 05:45 AM - edited 08-18-2019 02:50 AM
Hi Deepak,
Thanks for your answer ,But there is no such file in Ambari .
Created on 12-27-2017 05:51 AM - edited 08-18-2019 02:49 AM
only property i can see under Advance ranger-tagsync-ste . But there is property to enter truststore password .
Created 01-18-2018 03:02 AM
Just in case this may save time to other people. The configuration included with HDP 2.5.x and Ambari 2.5 is not compatible with using Ranger Tagsync with SSL, so there is no "Advanced ranger-tagsync-policymgr-ssl" section or anything like that on Ranger (0.6.0) configuration from Ambari.
The first response above refers to the parameters included in the file ranger-tagsync-policymgr-ssl.xml included with Ambari 2.6 (y believe in HDP 2.6.x). This in included in the patch discussed in the following URL:
https://issues.apache.org/jira/browse/AMBARI-18874
There is an Ambari patch for HDP 2.5 but I was not able to make it work with Ambari 2.5 and Ranger 0.6.0 (included with HDP 2.5.6) so the way to make it work was to change include the file /etc/ranger/tagsync/conf/ranger-tagsync-policymgr-ssl.xml from the patch above edited by hand and in the section "Advanced ranger-tagsync-site" modify the parameter ranger.tagsync.dest.ranger.ssl.config.filename
which incredibly (and shamefully) points to a keystore!!! in the default HDP 2.5 configuration to point to this file like this:
ranger.tagsync.dest.ranger.ssl.config.filename=/etc/ranger/tagsync/conf/ranger-tagsync-policymgr-ssl.xml
After this you will also need to change the credentials store file at rangertagsync.jceks to include the keys ssltruststore and sslkeystore with the correct values. There are other articles on how to do this.
Hopefully in HDP 2.6 things are going to be easier 😞