Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger admin error when creating service repo in Knox plugin

Highlighted

Ranger admin error when creating service repo in Knox plugin

Labels:
nhgodwal
New Contributor

Created ‎03-08-2018 08:08 PM

I am trying to enable Ranger Knox plugin. I created a service called 'knoxdev' and test connection is successful. But still I am not able to see service 'knoxdev' in audit->Plugins tab.

- The knox url tested in connection is:- https://localhost:8443/gateway/admin/api/v1/topologies

- The authorization provider I am using in admin topology is AclsAuthz. If I change it to XAsecurePDPknox then I do not get get successful connection. Need to know what provider should be used.

I have hdfs plugin enabled too and service created for same as 'hadoopdev'. I am able to see 'hadoodev' in audit->Plugins tab but not 'knoxdev'.

Then I checked gateway.log and gateway-audit.log. I can see response code as 200.

Then I checked ranger_admin.log, and there I find this error:

ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:130) - Unable to decrypt password due to error
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:936)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
        at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
        at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
        at javax.crypto.Cipher.doFinal(Cipher.java:2165)
        at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:115)
        at org.apache.ranger.services.knox.client.KnoxClient.getTopologyList(KnoxClient.java:79)
        at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:406)
        at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:402)
        at org.apache.ranger.services.knox.client.KnoxClient.timedTask(KnoxClient.java:431)
        at org.apache.ranger.services.knox.client.KnoxClient.getKnoxResources(KnoxClient.java:410)
        at org.apache.ranger.services.knox.client.KnoxClient.connectionTest(KnoxClient.java:315)
        at org.apache.ranger.services.knox.client.KnoxResourceMgr.validateConfig(KnoxResourceMgr.java:43)
        at org.apache.ranger.services.knox.RangerServiceKnox.validateConfig(RangerServiceKnox.java:56)
        at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
        at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
        at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
2018-03-08 18:23:16,315 [timed-executor-pool-0] INFO  apache.ranger.services.knox.client.KnoxClient (KnoxClient.java:81) - Password decryption failed; trying knox connection with received password string

Can anyone help?

Reply
308 Views
3 REPLIES 3

Re: Ranger admin error when creating service repo in Knox plugin

gcunha
Contributor

Created ‎03-13-2018 09:29 AM

Hi @GN_Exp,

If you are using Oracle JDK, check if you have JCE installed for your Java version.

You can follow this Support KB regarding on how to check if JCE is installed and how to install:

https://community.hortonworks.com/content/supportkb/48974/how-to-check-if-jce-is-unlimited.html

Hope it helps.

Gonçalo

Reply
21 Views

Re: Ranger admin error when creating service repo in Knox plugin

vperiasamy
Guru

Created ‎03-13-2018 06:07 PM

Auth provider should be XAsecurePDPknox for Ranger to be enabled.

Knox plugin does not download policies upon initialization, hence you are not seeing that in Audit plugins. Upon first request to Knox (you can use curl to trigger any knox url), knox plugin will download the policies from ranger admin.

Reply
21 Views
0 Kudos

Re: Ranger admin error when creating service repo in Knox plugin

massoudm
New Contributor

Created ‎05-16-2019 12:01 AM

Did this issue get resolved?

I'm using HDP 3.1 with Ranger 1.2.0, and I have the correct Unlimited JCE, but still get this error when using the test connection button.

Reply
21 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here