Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ranger UserSync - Failed to initialize UserGroup source/sink

avatar
Explorer

I have a Ranger (v1.1.0) and UserSync integration with LDAP. All of a sudden I am seeing user-sync error and new user/groups are not getting syn'd. Looks like something is timing-out but not sure what and how to fix that.

Error logs when default log4j.rootLogger = info,logFile

 

10 Mar 2021 01:50:55  INFO UnixAuthenticationService [main] - Starting User Sync Service!
10 Mar 2021 01:50:55  INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.username.regex
10 Mar 2021 01:50:55  INFO AbstractMapper [UnixUserSyncThread] - Initializing for ranger.usersync.mapping.groupname.regex
10 Mar 2021 01:50:55  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder created
10 Mar 2021 01:50:55  INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
10 Mar 2021 01:50:56  WARN NativeCodeLoader [UnixUserSyncThread] - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
10 Mar 2021 01:50:57  INFO PolicyMgrUserGroupBuilder [UnixUserSyncThread] - valid cookie saved 
10 Mar 2021 01:51:00  INFO UnixAuthenticationService [main] - Enabling Unix Auth Service!
10 Mar 2021 01:51:01  INFO UnixAuthenticationService [main] - Disabling Protocol: [TLSv1.3]
10 Mar 2021 01:51:01  INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.2]
10 Mar 2021 01:51:01  INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1.1]
10 Mar 2021 01:51:01  INFO UnixAuthenticationService [main] - Enabling Protocol: [TLSv1]
10 Mar 2021 01:51:01  INFO UnixAuthenticationService [main] - Enabling Protocol: [SSLv2Hello]
10 Mar 2021 01:52:00 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: 
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
	at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
	at com.google.gson.Gson.fromJson(Gson.java:803)
	at com.google.gson.Gson.fromJson(Gson.java:768)
	at com.google.gson.Gson.fromJson(Gson.java:717)
	at com.google.gson.Gson.fromJson(Gson.java:689)
	at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserList(PolicyMgrUserGroupBuilder.java:627)
	at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:230)
	at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:198)
	at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:51)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
	at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374)
	at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165)
	... 9 more

 

 

Error logs when set log4j.rootLogger = debug,logFile

 

...
10 Mar 2021 03:17:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.buildGroupList()
10 Mar 2021 03:17:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.buildUserList()
10 Mar 2021 03:17:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.cookieBasedGetEntity()
10 Mar 2021 03:17:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()
10 Mar 2021 03:18:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()
10 Mar 2021 03:18:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.cookieBasedGetEntity()
10 Mar 2021 03:18:06 DEBUG PolicyMgrUserGroupBuilder [UnixUserSyncThread] - RESPONSE: [<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
</body>
</html>
]
10 Mar 2021 03:18:06 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: 
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
	at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
	at com.google.gson.Gson.fromJson(Gson.java:803)
	at com.google.gson.Gson.fromJson(Gson.java:768)
	at com.google.gson.Gson.fromJson(Gson.java:717)
	at com.google.gson.Gson.fromJson(Gson.java:689)
	at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserList(PolicyMgrUserGroupBuilder.java:627)
	at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:230)
	at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:198)
	at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:51)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
	at com.google.gson.stream.JsonReader.beginObject(JsonReader.java:374)
	at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:165)
	... 9 more

 

 

I searched the community but did not find anything related to my error. Would really appreciate if someone can point me to the right direction/link or if any additional details needed. Thank you in advance.

1 ACCEPTED SOLUTION

avatar
Explorer

Turns out that 504 error was coming in from my Load Balancer which had the default of 60 secs. Updating that to a higher value made my user-sync to run completely without any errors. 

View solution in original post

4 REPLIES 4

avatar
Explorer

@shah1 

Your user sync is expecting JSON string to begin with an object opening brace. e.g.

{  But the string you are passing is starting with an open quote " or something else

Check the User or Group config some parameters should be in curly braces

 

Hope that helps

avatar
Explorer

In my logs, I see all the groups from the ranger database are pulled but when it later tries to pull users it gets the below response which is getting passed and fails. Thus the error makes sense, it was expecting an object. 
Actual response:

 

 

[<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
</body>
</html>
]

 

 

 

Expected response:

 

 

[{"startIndex":0,"pageSize":1000,"totalCount":2021,"resultSize":1000, ...}]

 

 


I checked my install.properties files and nothing looks suspicious there. Mostly looks like the user-pull api that gets called under the hood is failing or timings out. Why is usersync can pull groups but not users? Also what end-point its trying to call? I can test that explicitly

cc: @jackass 

avatar
Explorer

Thanks @jackass for helping on this. 

avatar
Explorer

Turns out that 504 error was coming in from my Load Balancer which had the default of 60 secs. Updating that to a higher value made my user-sync to run completely without any errors.