Support Questions

Install service knox successfully using self signed and integrated with Ranger. But on Ranger UI clicking on Knox test connection gets failed with below error. Below find first details of cluster.

Details:

HDP: 2.6

Kerberos Enabled: YES ( Windows AD 2012 R2)

Authentication: AD with LDAPS ( Windows AD 2012 R2)

Ranger Enabled: YES

RANGER Usersync and GroupSync: YES with windows AD

Ambari Enabled AD: YES

KNOX Enabled with AD: YES (except Admin account/topology)

KNOX advance topology have definition for zookeeper dynamic discovery and webhdfs ha: YES

Knox repository visible in Ranger UI: YES

Error":

While clicking on test connection getting below error.

2017-12-22 10:32:28,699 [timed-executor-pool-0] ERROR apache.ranger.services.knox.client.KnoxClient (KnoxClient.java:158) - Exception on REST call to KnoxUrl : https://vijayhdp-1.novalocal:8443/gateway/admin/api/v1/topologies. com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131) at com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81) at com.sun.jersey.api.client.Client.handle(Client.java:616) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:72) at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:454) at org.apache.ranger.services.knox.client.KnoxClient.getTopologyList(KnoxClient.java:99) at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:406) at org.apache.ranger.services.knox.client.KnoxClient$2.call(KnoxClient.java:402) at org.apache.ranger.services.knox.client.KnoxClient.timedTask(KnoxClient.java:431) at org.apache.ranger.services.knox.client.KnoxClient.getKnoxResources(KnoxClient.java:410) at org.apache.ranger.services.knox.client.KnoxClient.connectionTest(KnoxClient.java:315) at org.apache.ranger.services.knox.client.KnoxResourceMgr.validateConfig(KnoxResourceMgr.java:43) at org.apache.ranger.services.knox.RangerServiceKnox.validateConfig(RangerServiceKnox.java:56) at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560) at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547) at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

On Ranger UI - Audit - plugins - no knox pluging names data present.

Kindly suggest to fix it.

- Vijay Mishra