Support Questions
Find answers, ask questions, and share your expertise

Ranger unix user sync fails with Kerberos cluster in HDP 3.0.1

Explorer

Hi,

I've setup a HDP 3.0.1 cluster which is Kerberized.

However, the user sync is not happening with sync source as "Unix", min user id as "500".

Below is the error observed in the logs:

04 Dec 2018 14:49:06  INFO UnixAuthenticationService [main] - Starting User Sync Service!
04 Dec 2018 14:49:06  WARN UnixUserGroupBuilder [UnixUserSyncThread] - DEPRECATED: Unix backend is configured to use /etc/passwd and /etc/group files directly instead of standard system mechanisms.
04 Dec 2018 14:49:06  INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
04 Dec 2018 14:49:06  INFO PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Using principal = rangerusersync/prd-lucy110.XXXXX.nm1@XXXXXX.COM and keytab = /etc/security/keytabs/rangerusersync.service.keytab
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to build Group List :
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1
        at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:176)
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: jatin, groups: [jatin, dev]
04 Dec 2018 14:49:07 ERROR PolicyMgrUserGroupBuilder [UnixUserSyncThread] - Failed to add portal user
04 Dec 2018 14:49:07 ERROR UnixUserGroupBuilder [UnixUserSyncThread] - sink.addOrUpdateUser failed with exception: Failed to add portal user, for user: suraj.ghosh, groups: [suraj.ghosh, dev]

In the same machine I added a user "rangerusersync". Ran the python script "updatepolicymgrpassword.py" and provided same username and password. But still fails!

Please see the attached screenshot of Ranger Audit UI (Usersync tab). Is this normal ?

Also attached full logs. Please check :- usersync-log.txt

Note:- Ambari server is TLS (SSL) enabled. But not Ranger.

Can anyone please help me in resolving this issue? It would be highly appreciated.

Thanks,

Shesh Kumar


screenshot-2018-12-04-at-105200-pm.png
2 REPLIES 2

Explorer

@sheshk11 Hi Shesh - We are experiencing a similar issue in our environment. Were you able to resolve this issue, if so, can you please share the steps

Explorer

Can you check user id of ranger usersync on your Linux server. It seems the user id is less than 500.

If yes, ask your sysadmin to change user id of all Hadoop users according beyond 500.

 

If you are still facing the issue, do share ranger usersync and admin logs.

Have you enabled plugins for services under ambari -> ranger -> ranger plugins

; ;