Support Questions
Find answers, ask questions, and share your expertise

Ranger group policy issue

Ranger group policy issue

Explorer

Hi,

We are facing issues in Ranger group policy enforcement, but the user level policy enforcement is working fine. We are using AZURE wasb storage as a HDFS filesystem and integrated server login with LDAP using SSSD. In additon i have enabled Hadoop Group mapping to LDAP. I'm not sure what i'm missing here.

In addition to the above, when trying to get the hdfs group information the below error is thrown. Will this be an issue with Ranger group policy enforcement? Any guidance would be helpful.

# hdfs groups hadoop Exception in thread "main" java.lang.IllegalArgumentException: Invalid URI for NameNode address (check fs.defaultFS): wasb://xyz@xyz is not of scheme 'hdfs'. at org.apache.hadoop.hdfs.server.namenode.NameNode.getAddress(NameNode.java:530) at org.apache.hadoop.hdfs.NameNodeProxies.createProxy(NameNodeProxies.java:176) at org.apache.hadoop.hdfs.NameNodeProxies.createProxy(NameNodeProxies.java:147) at org.apache.hadoop.hdfs.tools.GetGroups.getUgmProtocol(GetGroups.java:87) at org.apache.hadoop.tools.GetGroupsBase.run(GetGroupsBase.java:71) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:90) at org.apache.hadoop.hdfs.tools.GetGroups.main(GetGroups.java:96)

2 REPLIES 2

Re: Ranger group policy issue

Expert Contributor
@Cibi Chakaravarthi

Can you please verify if the group name from "hdfs groups" is the exact match with the one configured in Ranger policy? Ranger group name and/or username are case sensitive while enforcing policies.

Thanks,

Sailaja.

Re: Ranger group policy issue

Explorer

@spolavarapu

Yes, i'm just checking for the 'hadoop' group and i'm getting the above error that "Invalid URI for NameNode address (check fs.defaultFS): wasb://xyz@xyz is not of scheme 'hdfs'."