Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Ranger admin error when creating service repo in Knox plugin

Ranger admin error when creating service repo in Knox plugin

Labels:
nhgodwal
Explorer

Created ‎03-08-2018 08:08 PM

I am trying to enable Ranger Knox plugin. I created a service called 'knoxdev' and test connection is successful. But still I am not able to see service 'knoxdev' in audit->Plugins tab.

- The knox url tested in connection is:- https://localhost:8443/gateway/admin/api/v1/topologies

- The authorization provider I am using in admin topology is AclsAuthz. If I change it to XAsecurePDPknox then I do not get get successful connection. Need to know what provider should be used.

I have hdfs plugin enabled too and service created for same as 'hadoopdev'. I am able to see 'hadoodev' in audit->Plugins tab but not 'knoxdev'.

Then I checked gateway.log and gateway-audit.log. I can see response code as 200.

Then I checked ranger_admin.log, and there I find this error:

ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:130) - Unable to decrypt password due to error
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:936)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
        at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
        at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:115)
        at org.apache.ranger.services.knox.client.KnoxClient.getTopologyList(KnoxClient.java:79)
        at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:406)
        at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:402)
        at org.apache.ranger.services.knox.client.KnoxClient.timedTask(KnoxClient.java:431)
        at org.apache.ranger.services.knox.client.KnoxClient.getKnoxResources(KnoxClient.java:410)
        at org.apache.ranger.services.knox.client.KnoxClient.connectionTest(KnoxClient.java:315)
        at org.apache.ranger.services.knox.client.KnoxResourceMgr.validateConfig(KnoxResourceMgr.java:43)
        at org.apache.ranger.services.knox.RangerServiceKnox.validateConfig(RangerServiceKnox.java:56)
        at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
        at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
        at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
2018-03-08 18:23:16,315 [timed-executor-pool-0] INFO  apache.ranger.services.knox.client.KnoxClient (KnoxClient.java:81) - Password decryption failed; trying knox connection with received password string

Can anyone help?

Reply
750 Views
3 REPLIES 3
Highlighted

Re: Ranger admin error when creating service repo in Knox plugin

gcunha
Contributor

Created ‎03-13-2018 09:29 AM

Hi @GN_Exp,

If you are using Oracle JDK, check if you have JCE installed for your Java version.

You can follow this Support KB regarding on how to check if JCE is installed and how to install:

https://community.hortonworks.com/content/supportkb/48974/how-to-check-if-jce-is-unlimited.html

Hope it helps.

Gonçalo

Reply
463 Views
Highlighted

Re: Ranger admin error when creating service repo in Knox plugin

vperiasamy
Guru

Created ‎03-13-2018 06:07 PM

Auth provider should be XAsecurePDPknox for Ranger to be enabled.

Knox plugin does not download policies upon initialization, hence you are not seeing that in Audit plugins. Upon first request to Knox (you can use curl to trigger any knox url), knox plugin will download the policies from ranger admin.

Reply
463 Views
0 Kudos
Highlighted

Re: Ranger admin error when creating service repo in Knox plugin

massoudm
Explorer

Created ‎05-16-2019 12:01 AM

Did this issue get resolved?

I'm using HDP 3.1 with Ranger 1.2.0, and I have the correct Unlimited JCE, but still get this error when using the test connection button.

Reply
463 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera JDBC 2.6.20 Driver for Apache Impala Released
Product Announcements
Transition to private repositories for CDH, HDP and HDF
Product Announcements
[ANNOUNCE] New Applied ML Research from Cloudera Fast Forward: Few-Shot Text Classification
Product Announcements
[ANNOUNCE] New JDBC 2.6.13 Driver for Apache Hive Released
Product Announcements
[ANNOUNCE] Refreshed Research from Cloudera Fast Forward: Semantic Image Search and Federated Learning
View More Announcements