Member since
09-29-2015
19
Posts
8
Kudos Received
3
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
809 | 11-16-2017 10:16 PM | |
1038 | 02-09-2017 06:27 PM | |
1040 | 12-28-2016 06:21 PM |
10-01-2018
04:02 PM
@Megha U The reason for the error reported on tagsync log (and returned by ranger-admin) is directly because there is no service "atlastest_hive" in the ranger-admin. As part of processing of kafka notification for tag creation, tagsync builds a ranger-admin request from the data in the notification. This request contains the service-name to which tagged entity belongs, and sends it over to ranger-admin for persisting in the ranger-admin database. When ranger-admin validates it, it does find the corresponding service and hence the error. What do you want to do with tags in your installation? If you don't plan to use ranger-authorizer for hive-server2, then the tagged entities are not expected to be authorized by ranger and tags (which are basically classifications for hive entities) are not very useful to you. Thanks,
... View more
09-26-2018
06:11 PM
1 Kudo
@Takefumi Oide In order to load the file afresh, you will need to restart the component that uses Geolocation enricher (that is, HiveServer2 in your case). If you want to suppress reloading file when any policy is updated, then you may set enricherOption's attribute "ForceRead" to false. In that case, the only way left to reload file is to restart the component (as explained above). Thanks,
... View more
04-03-2018
07:24 PM
Can you please check tagsync.log, tagsync.err and ranger-admin logs to see if there are any other, previous errors there?
... View more
02-26-2018
06:55 PM
@James Bashforth You may not be doing anything wrong. Tags will not show up on ranger-admin ui except in the audit records when a tagged entity is accessed.
... View more
11-16-2017
10:16 PM
Yes, this is expected behavior. Ranger matches first row-filter policy line-item (in the same order as specified in the policy).
... View more
09-20-2017
06:18 PM
Please use the following doc link. It documents the latest set of REST APIs supported by Ranger for policy management. Thanks! https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definition%2C+Service+and+Policy+Management ,
... View more
09-19-2017
06:28 PM
@sudi ts If your cluster is kerberized, then first kinit with a principal with admin privilege in Ranger, and then use curl --negotiate -vk -u : -H "Content-type:application/json" -X GET http://sandbox.com:6080/service/public/v2/api/policy Thanks!
... View more
09-18-2017
06:17 PM
@sudi ts Please try: curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://sandbox.com:6080/service/public/v2/api/policy
... View more
07-19-2017
08:18 PM
@Fabien VIROT Could you please check tagsync.out file for any errors? Also, could you check ranger-admin's access_log*.log files to see if there is any tags being imported (seach for string 'importservicetags') ? Thanks!
... View more
07-05-2017
10:07 PM
@Manoj A ranger tagsync is a stateless daemon process. It is purely driven by the configuration files. It does not have any service data to lose. So long as it is configured correctly (among other things, to receive tags from Atlas and send tags to Ranger Admin), it should not matter exactly which node it runs on.
... View more
05-26-2017
06:09 PM
@Cesar Gonzales Ranger supports next version (v2) of REST APIs in ranger-0.5 and later versions. Please refer to this doc for ranger-0.6 release. Abhay
... View more
05-19-2017
06:32 PM
@Farzaneh Poorjabar Easiest way to assign access only to a specific directory (say /home/farzaneh) is: Resource path : /home/farzaneh isRecursive: false If you need the access granted recursively to a directory and all directories under it, then Resource path : /home/farzaneh isRecursive:true But, there is a side-effect. Access will be granted to all paths starting with /home/farzaneh There is no explicit way to specify in a ranger policy, if the specified resource is a file or a directory. That leads to these corner cases. You could still get the effect you want by specifying two policies, one with resource as '/home/farzaneh/*', isRecursive = true and another with two resources ['/home/farzaneh', '/home/farzaneh/'] with isRecursive = false.
... View more
04-06-2017
06:30 PM
@rajdip chaudhuri To add to @Jay SenSharma's answer: Please use a newer and better version of REST APIs as documented here.
... View more
04-06-2017
06:27 PM
3 Kudos
@subash sharma If you don't see any any tags in the ranger-admin (that is, in the x_tag table), then check if there are any tag-definitions uploaded to ranger by running 'select * from x_tag_def;'. Also check tagsync debug log to see if there are any errors when uploading the tags. If there are upload errors, then check if the Atlas entity's cluster-name attribute has the same value as the Ranger's Service name for the component for which your are tagging entities.
... View more
04-06-2017
06:18 PM
@prashanth ramesh Please check the document REST APIs for Service Definition, Service and Policy Management. The Request URL needs to be "service/public/v2/api/policy/{id}".
... View more
03-01-2017
06:34 PM
Do you see any errors/exceptions in ranger logs about failure to download policies (in /var/log/hadoop/hdfs/hadoop-hdfs-namenode*.log file)? Typically, the text or ERROR log message is 'failed to refresh policies. Will continue to use last known version of policies'.
... View more
02-09-2017
06:27 PM
1 Kudo
@hubert zhang
bIt should work. I used the following to delete a policy 'test' in service 'cl1_hadoop' # curl -v -u admin:admin -X DELETE 'http://localhost:6080/service/public/v2/api/policy?servicename=cl1_hadoop&policyname=test'
* About to connect() to localhost port 6080 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 6080 (#0)
* Server auth using Basic with user 'admin'
> DELETE /service/public/v2/api/policy?servicename=cl1_hadoop&policyname=test HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost:6080
> Accept: */*
>
< HTTP/1.1 204 No Content
< Server: Apache-Coyote/1.1
< Set-Cookie: RANGERADMINSESSIONID=3A91B6A9E428A09CBA0291AA5CA8D8A2; Path=/; HttpOnly
< X-Frame-Options: DENY
< Date: Thu, 09 Feb 2017 06:25:35 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0
Please note the single quotes above.
... View more
02-01-2017
06:28 PM
1 Kudo
@Javier Teixeira Quevedo Can you please describe how you tagged entities in Atlas, what you expected to see and if there are any errors in /var/log/ranger/tagsync/tagsync.log or /var/log/ranger/tagsync/tagsync.out or /var/log/ranger/admin/xa_portal.log?
... View more
12-28-2016
06:21 PM
2 Kudos
@Ward Bekker From the log, it looks like the tagsync thread listening on Kafka events has failed. You may want to use kafka console consumer to see if the Atlas events are coming through by running 'kafka-console-consumer.sh --zookeeper <zookeeper-host-ip>:2181 --topic ATLAS_ENTITIES --from-beginning'. If the Atlas events are shown up, then please check tagsync configuration, especially, atlas-application.properties file, and try restarting tagsync.
... View more