Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

RangerKMS failed to start up with ERROR org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer: Error Enabling RangerKMSPlugin java.lang.IllegalArgumentException: bound must be positive

avatar
author-rank jakezhang
Contributor

Created ‎06-10-2021 05:53 PM

CDP 7.1.6 with Isilon OneFS v8.2.2.0,  AD kerberos enabled.

 

While installing RangerKMS service, it failed to start up with the following errors:

 

1.PNG2.PNG

 

 

[root@n04 ~]# less /var/log/ranger/kms/ranger-kms-n04.gz.local-kms.log

2021-06-11 08:30:32,179 INFO org.apache.hadoop.crypto.key.kms.server.KMSWebApp: -------------------------------------------------------------
2021-06-11 08:30:32,181 INFO org.apache.hadoop.crypto.key.kms.server.KMSWebApp: Java runtime version : 1.8.0_232-b09
2021-06-11 08:30:32,185 INFO org.apache.hadoop.crypto.key.kms.server.KMSWebApp: KMS Hadoop Version: 3.1.1.7.1.6.0-297
2021-06-11 08:30:32,185 INFO org.apache.hadoop.crypto.key.kms.server.KMSWebApp: -------------------------------------------------------------
2021-06-11 08:30:32,208 INFO org.apache.ranger.plugin.classloader.RangerPluginClassLoaderUtil: getFilesInDirectory('/opt/cloudera/parcels/CDH-7.1.6-1.cdh7.1.6.p0.10506313/lib/ranger-kms/ews/webapp/WEB-INF/classes/lib/ranger-kms-plugin-impl'): adding /opt/cloudera/parcels/CDH-7.1.6-1.cdh7.1.6.p0.10506313/lib/ranger-kms/ews/webapp/WEB-INF/classes/lib/ranger-kms-plugin-impl/solr-solrj-8.4.1.7.1.6.0-297.jar

<snip>

 

2021-06-11 08:31:16,787 INFO org.apache.ranger.audit.provider.AuditProviderFactory: RangerAsyncAuditCleanup: Waiting to audit cleanup start signal
2021-06-11 08:31:16,856 ERROR org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer: Error Enabling RangerKMSPlugin
java.lang.IllegalArgumentException: bound must be positive
at java.util.Random.nextInt(Random.java:388)
at org.apache.ranger.plugin.util.RangerRESTClient.<init>(RangerRESTClient.java:124)
at org.apache.ranger.admin.client.RangerAdminRESTClient.init(RangerAdminRESTClient.java:771)
at org.apache.ranger.admin.client.RangerAdminRESTClient.init(RangerAdminRESTClient.java:116)
at org.apache.ranger.plugin.service.RangerBasePlugin.createAdminClient(RangerBasePlugin.java:659)
at org.apache.ranger.plugin.util.PolicyRefresher.<init>(PolicyRefresher.java:93)
at org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:182)
at org.apache.ranger.authorization.kms.authorizer.RangerKMSPlugin.init(RangerKmsAuthorizer.java:347)
at org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.init(RangerKmsAuthorizer.java:304)
at org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.<init>(RangerKmsAuthorizer.java:128)
at org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.<init>(RangerKmsAuthorizer.java:154)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.init(RangerKmsAuthorizer.java:71)
at org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.<init>(RangerKmsAuthorizer.java:51)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
at org.apache.hadoop.crypto.key.kms.server.KMSWebApp.getAcls(KMSWebApp.java:239)
at org.apache.hadoop.crypto.key.kms.server.KMSWebApp.contextInitialized(KMSWebApp.java:138)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4689)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5155)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1412)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1402)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2021-06-11 08:31:16,863 INFO org.apache.ranger.audit.provider.AuditProviderFactory: ==> JVMShutdownHook.run()
2021-06-11 08:31:16,864 INFO org.apache.ranger.audit.provider.AuditProviderFactory: JVMShutdownHook: Signalling async audit cleanup to start.
2021-06-11 08:31:16,864 INFO org.apache.ranger.audit.provider.AuditProviderFactory: JVMShutdownHook: Waiting up to 30 seconds for audit cleanup to finish.
2021-06-11 08:31:16,864 INFO org.apache.ranger.audit.provider.AuditProviderFactory: RangerAsyncAuditCleanup: Starting cleanup
2021-06-11 08:31:16,864 INFO org.apache.ranger.audit.destination.HDFSAuditDestination: Flush called. name=kms.async.summary.multi_dest.batch.hdfs
2021-06-11 08:31:16,864 INFO org.apache.ranger.audit.queue.AuditAsyncQueue: Stop called. name=kms.async
2021-06-11 08:31:16,864 INFO org.apache.ranger.audit.queue.AuditAsyncQueue: Interrupting consumerThread. name=kms.async, consumer=kms.async.summary
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.provider.AuditProviderFactory: RangerAsyncAuditCleanup: Done cleanup
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.provider.AuditProviderFactory: RangerAsyncAuditCleanup: Waiting to audit cleanup start signal
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.provider.AuditProviderFactory: JVMShutdownHook: Audit cleanup finished after 1 milli seconds
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.provider.AuditProviderFactory: JVMShutdownHook: Interrupting ranger async audit cleanup thread
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.provider.AuditProviderFactory: <== JVMShutdownHook.run()
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.provider.AuditProviderFactory: RangerAsyncAuditCleanup: Interrupted while waiting for audit startCleanup signal! Exiting the thread...
java.lang.InterruptedException
at java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireSharedInterruptibly(AbstractQueuedSynchronizer.java:998)
at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireSharedInterruptibly(AbstractQueuedSynchronizer.java:1304)
at java.util.concurrent.Semaphore.acquire(Semaphore.java:312)
at org.apache.ranger.audit.provider.AuditProviderFactory$RangerAsyncAuditCleanup.run(AuditProviderFactory.java:506)
at java.lang.Thread.run(Thread.java:748)
2021-06-11 08:31:16,865 INFO org.apache.ranger.audit.queue.AuditAsyncQueue: Caught exception in consumer thread. Shutdown might be in progress

 

 

3,687 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎06-10-2021 06:19 PM

@jakezhang  Can you try adding ranger url in 

"Ranger KMS Server Advanced Configuration Snippet (Safety Valve) for conf/ranger-kms-security.xml” ranger.plugin.kms.policy.rest.url=http://<rangerhostname>:<port no>

 

Also, make sure that DB for ranger and ranger kms are separate

View solution in original post

3,670 Views
3 REPLIES 3

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎06-10-2021 06:19 PM

@jakezhang  Can you try adding ranger url in 

"Ranger KMS Server Advanced Configuration Snippet (Safety Valve) for conf/ranger-kms-security.xml” ranger.plugin.kms.policy.rest.url=http://<rangerhostname>:<port no>

 

Also, make sure that DB for ranger and ranger kms are separate

3,671 Views

avatar
author-rank jakezhang
Contributor

Created ‎06-10-2021 06:24 PM

Thank you!

yes,  I created separated DBs for Ranger and RangerKMS.

 

postgres=# \l
                                   List of databases
   Name    |  Owner   | Encoding |   Collate   |    Ctype    |    Access privileges
-----------+----------+----------+-------------+-------------+--------------------------
 amon      | amon     | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 hue       | hue      | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 metastore | hive     | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 oozie     | oozie    | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 ranger    | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres            +
           |          |          |             |             | postgres=CTc/postgres   +
           |          |          |             |             | rangeradmin=CTc/postgres+
           |          |          |             |             | rangerkms=CTc/postgres
 rangerkms | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres            +
           |          |          |             |             | postgres=CTc/postgres   +
           |          |          |             |             | rangerkms=CTc/postgres
 rman      | rman     | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 scm       | scm      | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres             +
           |          |          |             |             | postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres             +
           |          |          |             |             | postgres=CTc/postgres
(11 rows)

 

will try ""Ranger KMS Server Advanced Configuration Snippet (Safety Valve) for conf/ranger-kms-security.xml” ranger.plugin.kms.policy.rest.url=http://<rangerhostname>:<port no>"  and see if it works.

 

Best regards,

Jake Zhang

 

 

 

3,668 Views
0 Kudos

avatar
author-rank jakezhang
Contributor

Created ‎06-10-2021 06:43 PM

@Scharan   Appreciated your great help!

 

After adding ranger.plugin.kms.policy.rest.url : 

 

3.PNG

 

Ranger KMS server started up ... 

4.PNG

 

Thanks again! 

 

Best regards,

Jake Zhang

 

3,662 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements