Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

ranger_audits create collection fails with Ambari-infra

Highlighted

ranger_audits create collection fails with Ambari-infra

Contributor

I am trying to setup ambari-infra to store indices to hdfs as per article provided for my earlier question.

I had an solr instance and adding a new instance on a different node.

After modifying the solrconfig.xml, the ranger startup tries to create the collection in solr cloud. However it fails with an exception : unable to get password from user.

I verified that the UID for infra-solr user is different both the hosts and that is causing the issue.

I need to use a value different from the existing as they are being used by different users on one or the other host.

how do I get new principals created ?

1) run a usermod with a same uid on all the hosts.

2) Use ambari > kerberos > regenerate missing principals

Note: I already have the principals.

Will Ambari be able to recognize the uid change and regenerate new principals ?

5 REPLIES 5
Highlighted

Re: ranger_audits create collection fails with Ambari-infra

@Sundara Palanki

I don't think the UID would be considered for regenerating the keytabs. You need to regenerate the keytabs for the cluster.

Highlighted

Re: ranger_audits create collection fails with Ambari-infra

Contributor

@Sindhu

Sorry I mentioned principals instead of keytabs above.

I think the issue is with

<strname="solr.hdfs.security.kerberos.principal">infra-solr/<hostname>@EXAMPLE.COM</strname>.

I earlier mentioned the hostname part of the service principals as " /_HOST" which was throwing "unable to get password from the user:

I have now removed one instance and still the issue persisted.

Re-configured the principal to point the hardcoded hostname value of the host running ambari-infra service and the collection got created.

Highlighted

Re: ranger_audits create collection fails with Ambari-infra

Mentor

@Sundara Palanki

There are a few questions to clarify .....

1. Is the new solr instance node part of the cluster?

2. Did you use Ambari to add this new service ?

If the new Solr istance node was pas of the cluster before you kerberized the cluster ten you don't need to manually run any kerberos steps the principals should be generated during the process!

Can you revert your solrconfig.xml to the original and add it through ambari ?

Highlighted

Re: ranger_audits create collection fails with Ambari-infra

Contributor
@Geoffrey Shelton Okot

1) Both are ambari Infra instances.

2) the cluster has been secured even before the service is added. Yes, ambari is used to add the services.

3) While adding the instances required principals and corresponding keytabs have been created.

Highlighted

Re: ranger_audits create collection fails with Ambari-infra

Mentor

@@Sundara Palanki

Cool but in your initial question you had this !

After modifying the solrconfig.xml, the ranger startup tries to create the collection in solr cloud. 
However it fails with an exception : unable to get password from user.

What do you mean exactly ?

Can you validate that you have the collections in zookeeper ?

Don't have an account?
Coming from Hortonworks? Activate your account here