Ranger group policy issue

ccibi75 · ‎11-09-2017

Hi,

We are facing issues in Ranger group policy enforcement, but the user level policy enforcement is working fine. We are using AZURE wasb storage as a HDFS filesystem and integrated server login with LDAP using SSSD. In additon i have enabled Hadoop Group mapping to LDAP. I'm not sure what i'm missing here.

In addition to the above, when trying to get the hdfs group information the below error is thrown. Will this be an issue with Ranger group policy enforcement? Any guidance would be helpful.

# hdfs groups hadoop Exception in thread "main" java.lang.IllegalArgumentException: Invalid URI for NameNode address (check fs.defaultFS): wasb://xyz@xyz is not of scheme 'hdfs'. at org.apache.hadoop.hdfs.server.namenode.NameNode.getAddress(NameNode.java:530) at org.apache.hadoop.hdfs.NameNodeProxies.createProxy(NameNodeProxies.java:176) at org.apache.hadoop.hdfs.NameNodeProxies.createProxy(NameNodeProxies.java:147) at org.apache.hadoop.hdfs.tools.GetGroups.getUgmProtocol(GetGroups.java:87) at org.apache.hadoop.tools.GetGroupsBase.run(GetGroupsBase.java:71) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:90) at org.apache.hadoop.hdfs.tools.GetGroups.main(GetGroups.java:96)

spolavarapu · ‎11-09-2017

@Cibi Chakaravarthi

Can you please verify if the group name from "hdfs groups" is the exact match with the one configured in Ranger policy? Ranger group name and/or username are case sensitive while enforcing policies.

Thanks,

Sailaja.

ccibi75 · ‎11-10-2017

@spolavarapu

Yes, i'm just checking for the 'hadoop' group and i'm getting the above error that "Invalid URI for NameNode address (check fs.defaultFS): wasb://xyz@xyz is not of scheme 'hdfs'."