Cloudera Community
Shelton
user rank
Master Mentor

Re: Ranger Admin Not Starting After Ambari Upgrade

by Master Mentor in Support Questions
‎10-09-2017 06:13 AM
‎10-09-2017 06:13 AM
@dsun I think nothing is wrong with the upgrade please run these 2 statements and it should resolve the problem grant all privileges on *.* to 'rangerdba'@'scregionm1.field.hortonworks.com' identified by '{ranger_password}'; grant all privileges on *.* to 'rangerdba'@'localhost'; Please revert ... View more

Re: Ranger Admin Not Starting After Ambari Upgrade

by Master Mentor in Support Questions
‎10-08-2017 06:49 PM
‎10-08-2017 06:49 PM
@dsun Did you create a dump of the ranger batabase before the upgrade? If not then create one,while looged in as mysql root user mysqldump ranger > ranger_db.sql It seems the below statement will fail as your current password is wrong. mysql -u rangerdba -p{password} Try the alternative to change the rangerdba password while logged on as mysql root user, below is an example update user set password=PASSWORD('your_new_password') where User='user-name-here'; flush privileges; Then use the new credentials in Ambari UI-->Ranger-->Configs--->Ranger Admin to test connection verify that it works Hope that helps ... View more

Re: Ranger Admin Not Starting After Ambari Upgrade

by Master Mentor in Support Questions
‎10-08-2017 06:01 PM
‎10-08-2017 06:01 PM
@dsun It looks your ranger database is up and running correctly, can you validate that the in Ambari UI-->Ranger-->Configs--->Ranger Admin that the test connection works especially check the JDBC connect string for a Ranger database and the Ranger DB password. Please let me know if you still encounter problems. ... View more

Re: Ambari Web ui Kerberos HTTP error

by Master Mentor in Support Questions
‎10-06-2017 05:20 PM
‎10-06-2017 05:20 PM
@Sam Red There could be a couple of reasons here. First make sure the KDC and Kadmin is running assuming you are on RHEL/Centos7 Check the current status these 2 deamons should be running # systemctl status krb5kdc.service # systemctl status kadmin.service If they are not running please, enable them so at next reboot they autostart # systemctl enable kadmin.service # systemctl enable krb5kdc.service Start the services # systemctl start krb5kdc.service # systemctl start kadmin.service As the root user check that the principals are in the KDC database # kadmin.local Authenticating as principal root/admin@RELAY.COM with password. kadmin.local: listprincs First forcefully expire the current kerberos credentials, log on as user hdfs or whatever # kdestroy Validate that no credentials are cached # klist klist: No credentials cache found (filename: /tmp/krb5cc_0) To see what keytab entries in that keytab file, use klist # klist -kte /etc/security/keytabs/spnego.service.keytab Keytab name: FILE:/etc/security/keytabs/spnego.service.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (aes256-cts-hmac-sha1-96) 1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (des-cbc-md5) 1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (arcfour-hmac) 1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (aes128-cts-hmac-sha1-96) 1 08/24/2017 15:42:23 HTTP/hostname@RELAY.COM (des3-cbc-sha1) The grab a valid kerberos using the info above # kinit -kt /etc/security/keytabs/spnego.service.keytab HTTP/hostname@RELAY.COM Now retry ... View more

Re: Ambari is not creating keytab files though it ...

by Master Mentor in Support Questions
‎10-06-2017 01:05 PM
‎10-06-2017 01:05 PM
@D Giri Can you descript your cluster setup (master, Slave and Edge nodes) Okay what are the new components you are trying to install? You could be checking for the keytabs on the wrong host, can you rerun the below command # kadmin.local Authenticating as principal root/admin@REALM with password. kadmin.local: listprincs All the principals created should be visible in the KD database. If the principal for the component is present take note of the host and try to locate the keytabs in the below location of that node /etc/security/keytabs Please let me know ... View more

Re: Hive error on HDP6

by Master Mentor in Support Questions
‎10-06-2017 07:03 AM
‎10-06-2017 07:03 AM
@Winnie Philip Can you attach the RM logs ? ... View more

Re: Unable to login in Ranger UI with Active Direc...

by Master Mentor in Support Questions
‎10-05-2017 04:36 PM
‎10-05-2017 04:36 PM
@Pooja Kamle That's is the desired presentation for a normal user. Unless you want your AD user(s) to have admin rights which will imply that your AD user can basically do anything in Ranger, delete,update etc which I don't think is your target. You can you log out from your AD account and log on using admin/admin then under Ranger_UI -->Settings---User under User List search for your AD user and change the role to Admin Logout of admin account and log in using your AD user you will see that you have access to all the tabs. Hope that answers you. ... View more

Re: : Cannot open a hive connection with connect s...

by Master Mentor in Support Questions
‎10-05-2017 11:00 AM
‎10-05-2017 11:00 AM
@Adil Muganlinsky Please can you have a look at these examples you are missing the hiveserver2 binary or HTTP ports in your connect string ! Hope that helps ... View more

Re: Unable to login in Ranger UI with Active Direc...

by Master Mentor in Support Questions
‎10-05-2017 10:07 AM
‎10-05-2017 10:07 AM
@Pooja Kamle Ranger admin in HDP 2.5 has a new property for a truststore. So if using ldaps, you need to import the ldapserver cert to the ranger admin truststore , property name ranger.truststore.file. Although no log is being showed for failed connection to ldapserver, setting ranger to debug will show that ranger admin is not able to establish SSL connection to ldap server and there by not able to validate the user login. usersync has similar property ranger.usersync.truststore.file which must already have ldap server cert in it,is usersync is working correctly?. If not use the same truststore file for ranger.truststore.file Make sure that you set the UserSearchFilter as sAMAccountName={0} if using AD for ldap accounts. ... View more

Re: Unable to login in Ranger UI with Active Direc...

by Master Mentor in Support Questions
‎10-05-2017 08:31 AM
‎10-05-2017 08:31 AM
@Pooja Kamle Then I think you missed to toggle the Ranger Authentication to AD as shown in the attached screenshot Ambari UI--->Ranger--->Configs--->Advanced--->AD Revert ... View more
Contact Me
Online
Offline
Last Visited
‎06-05-2025 02:03 PM
Community Statistics
Member Since ‎01-19-2017 04:35 AM
Last Visited ‎06-05-2025 02:03 PM
Posts 3,676
Kudos received 627