Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ranger hive plugin issue - Unable to get client certificate. serviceName=hive

avatar
Contributor

Hi all

I have hdp 2.6.3 with ranger security ssl enabled and plugins(hdfs, yarn and hive) enabled

hive plugin not works here is hiveserver2.log:

2018-02-16 17:34:00,920 WARN  [Thread-14]: client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(162)) - Error getting policies. secureMode=false, user=hive (auth:SIMPLE), response={"httpStatusCode":400,"statusCode":0}, serviceName=hive

and /var/log/ranger/admin/xa_portal.log:

2018-02-16 08:27:59,754 [http-bio-6182-exec-28] ERROR org.apache.ranger.common.ServiceUtil (ServiceUtil.java:1359) - Requested Service not found. serviceName=hive

I am almost 99% sure that all configurations have done correctly from ambari(because other plugins are working properly), also searched on google wondering what I have missed, but was not able to find useful information

P.S. I have configured ranger.plugin.hive.policy.rest.ssl.config.file = /usr/hdp/current/hive-client/conf/conf.server/ranger-policymgr-ssl.xml

which conatins all information about keystores and truststores, also I am sure that keystore file passwords are correct(checked many times)

here is the file ranger-policymgr-ssl.xml

  <configuration>
    
    <property>
      <name>xasecure.policymgr.clientssl.keystore</name>
      <value>/etc/security/key.jks</value>
    </property>
    
    <property>
      <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
      <value>jceks://file/etc/ranger/hive/cred.jceks</value>
    </property>
    
    <property>
      <name>xasecure.policymgr.clientssl.keystore.password</name>
      <value>crypted</value>
    </property>
    
    <property>
      <name>xasecure.policymgr.clientssl.truststore</name>
      <value>/etc/security/trust.jks</value>
    </property>
    
    <property>
      <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
      <value>jceks://file/etc/ranger/hive/cred.jceks</value>
    </property>
    
    <property>
      <name>xasecure.policymgr.clientssl.truststore.password</name>
      <value>crypted</value>
    </property>

do you have any idea what I miss and how can I fix this?

Thank you

1 REPLY 1

avatar
New Contributor

@Shota Akhalaia - did you ever find an answer to this issue ? We are encountering the same.

Thanks,

-Slim