Support Questions
Find answers, ask questions, and share your expertise

Unable to create additional HDFS service in Ranger .

Cloudera Employee

I am trying to

1. Enable HDFS ranger plugin.

2. Add an additional HDFS service in Ranger

I am following the documentation, https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5+-+User+Guide

which suggests to add the service ("Add Service" under "Service Manager" using "+" next to HDFS). I am trying to add the basic entries that are needed to bring up the service and have a successful "Test Connection". Following are the values for the fields that I am entering,

Service Name : ranger1_hadoop
Username : admin
Password : admin
Namenode URL : hdfs://<hostname -f>:8020
Authentication Type : Simple

Test connection was failing with the below error,

Connection Failed.

Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.

Observation:

1. There is no file by the name "ranger_admin.log" in my Ranger hosts as specified by the above logs. Is this expected?

2. In xa_portal.log, I see the following stack trace,

2017-05-26 22:38:29,578 [timed-executor-pool-0] INFO  apache.ranger.services.hdfs.client.HdfsClient (HdfsClient.java:208) - ===> HdfsClient.testConnection()
2017-05-26 22:38:29,579 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable to decrypt password due to error
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:913)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
	at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
	at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:113)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:59)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:52)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:58)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
2017-05-26 22:38:29,580 [timed-executor-pool-0] ERROR apache.ranger.services.hdfs.client.HdfsResourceMgr (HdfsResourceMgr.java:49) - <== HdfsResourceMgr.testConnection Error: Unable to login to Hadoop environment [ranger1_hadoop]
org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:136)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:59)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:52)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:58)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Unable to decrypt password due to error
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:128)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:113)
	... 12 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:913)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
	at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
	at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
	... 13 more
2017-05-26 22:38:29,580 [timed-executor-pool-0] ERROR org.apache.ranger.services.hdfs.RangerServiceHdfs (RangerServiceHdfs.java:60) - <== RangerServiceHdfs.validateConfig Error: Unable to login to Hadoop environment [ranger1_hadoop]
org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:136)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:59)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:52)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:58)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Unable to decrypt password due to error
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:128)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:113)
	... 12 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:913)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
	at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
	at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
	... 13 more
2017-05-26 22:38:29,580 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:510) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]
2017-05-26 22:38:29,580 [http-bio-6080-exec-7] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:188) - ==> ServiceMgr.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]

After enabling the HDFS plugin in HDFS service section of Ambari, there is a service that is created by the name "Ranger_hadoop" in Ranger UI. However, I am not able to add another HDFS service.

1 REPLY 1

Guru

Hello @kkanchu,

The 'Test Connection' error and stack trace that you are getting is because RANGER-1342 which got fixed recently. This should be available in HDP 2.6 (your question doesn't mention which HDP you are using).

Nevertheless, you should still be able to add another repo and use it despite this error. Just that your auto complete of HDFS path won't work (as hinted in the error). For errors while adding service / repo, please check xa_portal.log for any other stack trace.

Hope this helps !

PS - There is no ranger_admin.log, that message was referring to xa_portal.log only.

; ;