Support Questions

Find answers, ask questions, and share your expertise

ranger KMS issues

avatar
Super Collaborator

I asked this earlier but didn't get any response , I badly need answers for the following :

1- is there a install/config guide for Ranger KMS for HDP2.5 ? I could only find one guide for HDP2.3 and screens don't match up with the HDP2.5 I have.

2- The old document is asking to put key-value pairs in the custom-kms-site but its not even accepting the key (I am entering the key exactly as in the document) with the following error :

10686-10547-hntan.png

1 ACCEPTED SOLUTION

avatar
Super Collaborator

@Sami Ahmad

I believe there are two outstanding questions over here right now

1. Disparity in the screenshots of the link and you cluster deployment view of the Ranger KMS service

The reason for this disparity could be Ambari version. If you upgrade your Ambari to 2.4.0 or above version then you should see the KMS HSM tab for HDP-2.5 stack deployment. This work of showing KMS HSM related properties in separate tab was done as part of Ambari-2.4.0 release in https://issues.apache.org/jira/browse/AMBARI-15752 work

2. The screenshot you attached above show validation error for the entered key

I believe this could be the case of copy paste of key name which could have appended whitespace in the end. Please try removing any whitespace at the beginning or end of the key. That should solve the issue. If it doesn't work for you, please create apache Ambari ticket at https://issues.apache.org/jira/browse/AMBARI/?selectedTab=com.atlassian.jira.jira-projects-plugin:su... and notify me about it on this thread. I can look into the cause and fix for the issue

FYI: I have create https://issues.apache.org/jira/browse/AMBARI-19287. Once it is fixed, validation error will not show up if there are any trailing white spaces in the key name. ambari will handle that. I hope this will help to avoid creating a confusing situation for the end user.

View solution in original post

8 REPLIES 8

avatar

avatar
Super Collaborator

still cant add the key , giving me error shown above , please help

avatar

can you please try setting the key as hadoop.kms.proxyuser.hive.users and value as *

avatar
Super Collaborator

I am really confused , I showed you the picture above showing the key is not being accepted , can you please take a look?

avatar

please verify if you have any extra space or any special character at end.

avatar
Super Collaborator

@Sami Ahmad

I believe there are two outstanding questions over here right now

1. Disparity in the screenshots of the link and you cluster deployment view of the Ranger KMS service

The reason for this disparity could be Ambari version. If you upgrade your Ambari to 2.4.0 or above version then you should see the KMS HSM tab for HDP-2.5 stack deployment. This work of showing KMS HSM related properties in separate tab was done as part of Ambari-2.4.0 release in https://issues.apache.org/jira/browse/AMBARI-15752 work

2. The screenshot you attached above show validation error for the entered key

I believe this could be the case of copy paste of key name which could have appended whitespace in the end. Please try removing any whitespace at the beginning or end of the key. That should solve the issue. If it doesn't work for you, please create apache Ambari ticket at https://issues.apache.org/jira/browse/AMBARI/?selectedTab=com.atlassian.jira.jira-projects-plugin:su... and notify me about it on this thread. I can look into the cause and fix for the issue

FYI: I have create https://issues.apache.org/jira/browse/AMBARI-19287. Once it is fixed, validation error will not show up if there are any trailing white spaces in the key name. ambari will handle that. I hope this will help to avoid creating a confusing situation for the end user.

avatar
Super Collaborator

yes you are very right , it was the white spaces , once I typed it by hand it took it

thanks for your help

avatar
Super Collaborator

@Sami Ahmad

Just to update and follow up on this issue:

https://issues.apache.org/jira/browse/AMBARI-19287 has been fixed in the current version being developed for ambari (2.5.0) and so similar confusion will not happen in the future.

Thanks for bringing this issue to our notice!