Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

why cant I instal Ranger KMS

why cant I instal Ranger KMS

Master Collaborator

what I thought was error I am told here on forum is not an error , but this is what I see in Ambari server log when I try to reinstall ranger KMS , can someone please help me get KMS installed ? I tried few times but people never reply back after one post . I will appreciate if someone can follow through till the issue is resolved.

23 Dec 2016 23:04:56,087  INFO [ambari-client-thread-25] AmbariManagementControllerImpl:2329 - AmbariManagementControllerImpl.createHostAction: created ExecutionCommand for host hadoop1.tolls.dot.state.fl.us, role RANGER_KMS_SERVER, roleCommand INSTALL, and command ID 2532--1, with cluster-env tags version148053483177423 Dec 2016 23:04:56,101  INFO [ambari-client-thread-25] AbstractResourceProvider:810 - Caught an exception while updating host components, retrying : java.lang.IllegalArgumentException: Missing KDC administrator credentials.The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload:{  "Credential" : {    "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"}  }}
14 REPLIES 14
Highlighted

Re: why cant I instal Ranger KMS

Mentor

Pretty straightforward

Missing KDC administrator credentials.The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload:{"Credential":{"principal":"(PRINCIPAL)","key":"(PASSWORD)","type":"(persisted|temporary)"}}}

Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

sorry I am new to Hadoop and doing my best to learn , can you please tell me how to fix this ? several others saw this message and no one advised me of a solution .

appreciate your help

Highlighted

Re: why cant I instal Ranger KMS

Mentor
Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

hi Artem I already did this but I think I am not doing it properly , please see what iam missing or doing wrong in the info below , this link tells two ways of doing it , one using curl and one using java , I used the java method since curl doesn't work for me behind proxy .

as you see below the key test passes also . and I just noticed that it says it contains the KDC admin password along with two others

Your keystore contains 3 entries cluster.fdot_hadoop.kdc.admin.credential, Dec 23, 2016, SecretKeyEntry, cluster.cluster_name.kdc.admin.credential, Dec 23, 2016, SecretKeyEntry, ambari.db.password, Dec 23, 2016, SecretKeyEntry,

-----
--- To set up Ambari's credential store, the following command must be invoked from the Ambari server host's command line:
--------------------------------------------------------------------------------------------------------------------------
[root@hadoop1 ambari-server]# ambari-server setup-security
Using python  /usr/bin/python
Security setup options...
===========================================================================
Choose one of the following options:
  [1] Enable HTTPS for Ambari server.
  [2] Encrypt passwords stored in ambari.properties file.
  [3] Setup Ambari kerberos JAAS configuration.
  [4] Setup truststore.
  [5] Import certificate to truststore.
===========================================================================
Enter choice, (1-5): 2
Please provide master key for locking the credential store:
Re-enter master key:
Do you want to persist master key. If you choose not to persist, you need to provide the Master Key while starting the ambari server as an env variable named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. Persist [y/n] (y)? y
Adjusting ambari-server permissions and ownership...
Ambari Server 'setup-security' completed successfully.
[root@hadoop1 ambari-server]# ls -ltr /var/lib/ambari-server/keys/credentials.jceks
-rw-r----- 1 root root 503 Dec 23 15:33 /var/lib/ambari-server/keys/credentials.jceks
[root@hadoop1 ambari-server]#

---- TO TEST THE KEY STORED 
---------------------------
[root@hadoop1 ~]# $JAVA_HOME/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS
Enter keystore password:
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 3 entries
cluster.fdot_hadoop.kdc.admin.credential, Dec 23, 2016, SecretKeyEntry,
cluster.cluster_name.kdc.admin.credential, Dec 23, 2016, SecretKeyEntry,
ambari.db.password, Dec 23, 2016, SecretKeyEntry,
[root@hadoop1 ~]#





[root@hadoop1 ambari-server]#
[root@hadoop1 ambari-server]# $JAVA_HOME/bin/keytool -importpass \
 -keystore /var/lib/ambari-server/keys/credentials.jceks \
 -storetype JCEKS \
 -alias cluster.FDOT_hadoop.kdc.admin.credential
Enter keystore password:
Enter the password to be stored:
Re-enter password:
Enter key password for <cluster.FDOT_hadoop.kdc.admin.credential>
        (RETURN if same as keystore password):
[root@hadoop1 ambari-server]#

Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

also tried POST but it just hangs

[root@hadoop1 ~]# POST /api/v1/clusters/FDOT_hadoop/credentials/kdc.admin.credential
Please enter content (application/x-www-form-urlencoded) to be POSTed:
{
  "Credential" :
  {
    "principal" : "admin/admin@ABC.COM",
    "key" : "wXXXXX",
    "type" : "persisted"
  }
}
^C
Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

Artem can you please look at my issue ? really need yours or anyone else's help in this

Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

I got my curl to work , and I tried the curl command from this document link but its not working

I tried these two versions :

[root@hadoop1 ~]# curl -H "X-Requested-By:ambari" -u admin:admin -X  POST -d '{ "Credential" : { "principal" : "admin/admin@ABC.COM", "key" : "wXXXX", "type" : "persisted" } }' http://hadoop1.tolls.dot.state.fl.us:8080/api/v1/clusters/c1/credentials/kdc.admin.credential
<!DOCTYPE html>
<html><head>
<title>504 Gateway Timeout</title>
</head><body style='font-family:Verdana'>
<h2><b>Gateway Timeout</b></h2>
<p>The requested URL couldn't be resolved</p>
</body></html>

[root@hadoop1 ~]# curl -H "X-Requested-By:ambari" -u admin:admin -X GET http://hadoop1:8080/api/v1/clusters/c1/credentials/kdc.admin.credential
<!DOCTYPE html>
<html><head>
<title>504 Gateway Timeout</title>
</head><body style='font-family:Verdana'>
<h2><b>Gateway Timeout</b></h2>
<p>The requested URL couldn't be resolved</p>
</body></html>
[root@h
  
Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

please don't abandon this thread

Highlighted

Re: why cant I instal Ranger KMS

Master Collaborator

is it a dead thread?

are any moderators viewing , can you please help in getting this resolved?

Don't have an account?
Coming from Hortonworks? Activate your account here