Support Questions

I am trying to

1. Enable HDFS ranger plugin.

2. Add an additional HDFS service in Ranger

I am following the documentation, https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5+-+User+Guide

which suggests to add the service ("Add Service" under "Service Manager" using "+" next to HDFS). I am trying to add the basic entries that are needed to bring up the service and have a successful "Test Connection". Following are the values for the fields that I am entering,

Service Name : ranger1_hadoop
Username : admin
Password : admin
Namenode URL : hdfs://<hostname -f>:8020
Authentication Type : Simple

Test connection was failing with the below error,

Connection Failed.

Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.

Observation:

1. There is no file by the name "ranger_admin.log" in my Ranger hosts as specified by the above logs. Is this expected?

2. In xa_portal.log, I see the following stack trace,

2017-05-26 22:38:29,578 [timed-executor-pool-0] INFO  apache.ranger.services.hdfs.client.HdfsClient (HdfsClient.java:208) - ===> HdfsClient.testConnection()
2017-05-26 22:38:29,579 [timed-executor-pool-0] ERROR org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable to decrypt password due to error
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:913)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
	at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
	at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:113)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:59)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:52)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:58)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
2017-05-26 22:38:29,580 [timed-executor-pool-0] ERROR apache.ranger.services.hdfs.client.HdfsResourceMgr (HdfsResourceMgr.java:49) - <== HdfsResourceMgr.testConnection Error: Unable to login to Hadoop environment [ranger1_hadoop]
org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:136)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:59)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:52)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:58)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Unable to decrypt password due to error
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:128)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:113)
	... 12 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:913)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
	at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
	at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
	... 13 more
2017-05-26 22:38:29,580 [timed-executor-pool-0] ERROR org.apache.ranger.services.hdfs.RangerServiceHdfs (RangerServiceHdfs.java:60) - <== RangerServiceHdfs.validateConfig Error: Unable to login to Hadoop environment [ranger1_hadoop]
org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:136)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:59)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:52)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:58)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:560)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:547)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:508)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Unable to decrypt password due to error
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:128)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:113)
	... 12 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:913)
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
	at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
	at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
	at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
	... 13 more
2017-05-26 22:38:29,580 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:510) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]
2017-05-26 22:38:29,580 [http-bio-6080-exec-7] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:188) - ==> ServiceMgr.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [ranger1_hadoop]

After enabling the HDFS plugin in HDFS service section of Ambari, there is a service that is created by the name "Ranger_hadoop" in Ranger UI. However, I am not able to add another HDFS service.