Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

Highlighted

Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

New Contributor

Hi ,

policymgr_external_url parameter ( External URL ) , when pointed the load balancer vip , Ranger sink with Active Directory isnot happening.

We have successfully setup Ranger Admin HA . External URL was pointing to load balancer vip.With this new configuration, Ranger sink with Active Directory is not happening.

if we replace the load balance vip with actual host name , able get all the Active Directory user list.

is there any problem with setting up load balancer vip ? , i am not getting. http://dev-rag.dataquest.com:6080” is not working for AD user sink.

can we have multiple hostname for policymgr_external_url parameter ( External URL ) like“ http://dev-rag-001.dataquest.com,dev-rag-002.dataquest.com:6080” ?

please share your thoughts and experiences

Regards

JJ

5 REPLIES 5

Re: Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

If it is a kerberos env, you need to make sure loadbalancer hostname is added to spnego keytab as documented in this link - see step 32 onwards.

Re: Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

New Contributor

Hi ,

When we enabled Kerberos, Principals and keytabs were created for only 1 Ranger admin host .

No principals and keytabs were created for other ranger admin host and LB. Do we need to create them using the kadmin utility , on missing hosts?

Thanks

JJ

Re: Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

New Contributor

@Jacqualin jasmin, currently multiple entries are not supported for policymgr_external_url ( External URL ) parameter.

For configuration with LB using a vip, Can you do a curl call from Ranger-Usersync host to Ranger-Admin LB url and check whether it is able to connect to the LB.

Re: Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

New Contributor

Hi ,

Can you please give me the steps for "curl call from Ranger-Usersync host to Ranger-Admin LB url"

Thanks

JJ

Re: Ranger load balancer vip , is not working in sinking the users from Active Directory ( after configuring Ranger Admin HA)

New Contributor

@Jacqualin jasmin, you can do ssh / login to the terminal of the host where Ranger-Usersync is installed and execute the below command and check the output:
curl -iv http://<VIP of the LB>:<Port of LB for Ranger>

Don't have an account?
Coming from Hortonworks? Activate your account here