akulkarni1
Cloudera Employee

Re: Atlas Tags not getting synced to Ranger

by Cloudera Employee in Support Questions
‎10-01-2018 04:02 PM
‎10-01-2018 04:02 PM
@Megha U The reason for the error reported on tagsync log (and returned by ranger-admin) is directly because there is no service "atlastest_hive" in the ranger-admin. As part of processing of kafka notification for tag creation, tagsync builds a ranger-admin request from the data in the notification. This request contains the service-name to which tagged entity belongs, and sends it over to ranger-admin for persisting in the ranger-admin database. When ranger-admin validates it, it does find the corresponding service and hence the error. What do you want to do with tags in your installation? If you don't plan to use ranger-authorizer for hive-server2, then the tagged entities are not expected to be authorized by ranger and tags (which are basically classifications for hive entities) are not very useful to you. Thanks, ... View more

Re: ​How do I reload the file for RangerFileBasedG...

by Cloudera Employee in Support Questions
‎09-26-2018 06:11 PM
1 Kudo
‎09-26-2018 06:11 PM
1 Kudo
@Takefumi Oide In order to load the file afresh, you will need to restart the component that uses Geolocation enricher (that is, HiveServer2 in your case). If you want to suppress reloading file when any policy is updated, then you may set enricherOption's attribute "ForceRead" to false. In that case, the only way left to reload file is to restart the component (as explained above). Thanks, ... View more

Re: Ranger Tagsync: Kafka consumer commit failed e...

by Cloudera Employee in Support Questions
‎04-03-2018 07:24 PM
‎04-03-2018 07:24 PM
Can you please check tagsync.log, tagsync.err and ranger-admin logs to see if there are any other, previous errors there? ... View more

Re: Ranger tagsync tags seem to be synced but dont...

by Cloudera Employee in Support Questions
‎02-26-2018 06:55 PM
‎02-26-2018 06:55 PM
@James Bashforth You may not be doing anything wrong. Tags will not show up on ranger-admin ui except in the audit records when a tagged entity is accessed. ... View more

Re: Ranger Row Level Filtering

by Cloudera Employee in Support Questions
‎11-16-2017 10:16 PM
‎11-16-2017 10:16 PM
Yes, this is expected behavior. Ranger matches first row-filter policy line-item (in the same order as specified in the policy). ... View more

Re: How to create many ranger policies and add use...

by Cloudera Employee in Support Questions
‎09-20-2017 06:18 PM
‎09-20-2017 06:18 PM
Please use the following doc link. It documents the latest set of REST APIs supported by Ranger for policy management. Thanks! https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definition%2C+Service+and+Policy+Management , ... View more

Re: Automation of Ranger Policy

by Cloudera Employee in Support Questions
‎09-19-2017 06:28 PM
‎09-19-2017 06:28 PM
@sudi ts If your cluster is kerberized, then first kinit with a principal with admin privilege in Ranger, and then use curl --negotiate -vk -u : -H "Content-type:application/json" -X GET http://sandbox.com:6080/service/public/v2/api/policy Thanks! ... View more

Re: Automation of Ranger Policy

by Cloudera Employee in Support Questions
‎09-18-2017 06:17 PM
‎09-18-2017 06:17 PM
@sudi ts Please try: curl -iv -u admin:admin -H "Content-type:application/json" -X GET http://sandbox.com:6080/service/public/v2/api/policy ... View more

Re: Ranger Tagsync doesn't sync Tags

by Cloudera Employee in Support Questions
‎07-19-2017 08:18 PM
‎07-19-2017 08:18 PM
@Fabien VIROT Could you please check tagsync.out file for any errors? Also, could you check ranger-admin's access_log*.log files to see if there is any tags being imported (seach for string 'importservicetags') ? Thanks! ... View more

Re: I have Ranger Tagsync running on one node in c...

by Cloudera Employee in Support Questions
‎07-05-2017 10:07 PM
‎07-05-2017 10:07 PM
@Manoj A ranger tagsync is a stateless daemon process. It is purely driven by the configuration files. It does not have any service data to lose. So long as it is configured correctly (among other things, to receive tags from Atlas and send tags to Ranger Admin), it should not matter exactly which node it runs on. ... View more

Re: couldn't create kafka policy from Ranger REST ...

by Cloudera Employee in Support Questions
‎05-26-2017 06:09 PM
‎05-26-2017 06:09 PM
@Cesar Gonzales Ranger supports next version (v2) of REST APIs in ranger-0.5 and later versions. Please refer to this doc for ranger-0.6 release. Abhay ... View more

Re: Ranger policy does not grant access as expecte...

by Cloudera Employee in Support Questions
‎05-19-2017 06:32 PM
‎05-19-2017 06:32 PM
@Farzaneh Poorjabar Easiest way to assign access only to a specific directory (say /home/farzaneh) is: Resource path : /home/farzaneh isRecursive: false If you need the access granted recursively to a directory and all directories under it, then Resource path : /home/farzaneh isRecursive:true But, there is a side-effect. Access will be granted to all paths starting with /home/farzaneh There is no explicit way to specify in a ranger policy, if the specified resource is a file or a directory. That leads to these corner cases. You could still get the effect you want by specifying two policies, one with resource as '/home/farzaneh/*', isRecursive = true and another with two resources ['/home/farzaneh', '/home/farzaneh/'] with isRecursive = false. ... View more

Re: Enabling and Disabling a Ranger Policy using c...

by Cloudera Employee in Support Questions
‎04-06-2017 06:30 PM
‎04-06-2017 06:30 PM
@rajdip chaudhuri To add to @Jay SenSharma's answer: Please use a newer and better version of REST APIs as documented here. ... View more

Re: Atlas Tags are not showing up while creating t...

by Cloudera Employee in Support Questions
‎04-06-2017 06:27 PM
3 Kudos
‎04-06-2017 06:27 PM
3 Kudos
@subash sharma If you don't see any any tags in the ranger-admin (that is, in the x_tag table), then check if there are any tag-definitions uploaded to ranger by running 'select * from x_tag_def;'. Also check tagsync debug log to see if there are any errors when uploading the tags. If there are upload errors, then check if the Atlas entity's cluster-name attribute has the same value as the Ranger's Service name for the component for which your are tagging entities. ... View more

Re: REST api URL to configure Ranger objects

by Cloudera Employee in Support Questions
‎04-06-2017 06:18 PM
‎04-06-2017 06:18 PM
@prashanth ramesh Please check the document REST APIs for Service Definition, Service and Policy Management. The Request URL needs to be "service/public/v2/api/policy/{id}". ... View more

Re: Ranger stops Syncing HDFS Policies

by Cloudera Employee in Support Questions
‎03-01-2017 06:34 PM
‎03-01-2017 06:34 PM
Do you see any errors/exceptions in ranger logs about failure to download policies (in /var/log/hadoop/hdfs/hadoop-hdfs-namenode*.log file)? Typically, the text or ERROR log message is 'failed to refresh policies. Will continue to use last known version of policies'. ... View more

Re: Problem when delete policy in ranger by name,H...

by Cloudera Employee in Support Questions
‎02-09-2017 06:27 PM
1 Kudo
‎02-09-2017 06:27 PM
1 Kudo
@hubert zhang bIt should work. I used the following to delete a policy 'test' in service 'cl1_hadoop' # curl -v -u admin:admin -X DELETE 'http://localhost:6080/service/public/v2/api/policy?servicename=cl1_hadoop&policyname=test' * About to connect() to localhost port 6080 (#0) * Trying ::1... connected * Connected to localhost (::1) port 6080 (#0) * Server auth using Basic with user 'admin' > DELETE /service/public/v2/api/policy?servicename=cl1_hadoop&policyname=test HTTP/1.1 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: localhost:6080 > Accept: */* > < HTTP/1.1 204 No Content < Server: Apache-Coyote/1.1 < Set-Cookie: RANGERADMINSESSIONID=3A91B6A9E428A09CBA0291AA5CA8D8A2; Path=/; HttpOnly < X-Frame-Options: DENY < Date: Thu, 09 Feb 2017 06:25:35 GMT < * Connection #0 to host localhost left intact * Closing connection #0 Please note the single quotes above. ... View more

Re: Atlas-Ranger issue

by Cloudera Employee in Support Questions
‎02-01-2017 06:28 PM
1 Kudo
‎02-01-2017 06:28 PM
1 Kudo
@Javier Teixeira Quevedo Can you please describe how you tagged entities in Atlas, what you expected to see and if there are any errors in /var/log/ranger/tagsync/tagsync.log or /var/log/ranger/tagsync/tagsync.out or /var/log/ranger/admin/xa_portal.log? ... View more

Re: Atlas Tag not showing up in Ranger, getting wa...

by Cloudera Employee in Support Questions
‎12-28-2016 06:21 PM
2 Kudos
‎12-28-2016 06:21 PM
2 Kudos
@Ward Bekker From the log, it looks like the tagsync thread listening on Kafka events has failed. You may want to use kafka console consumer to see if the Atlas events are coming through by running 'kafka-console-consumer.sh --zookeeper <zookeeper-host-ip>:2181 --topic ATLAS_ENTITIES --from-beginning'. If the Atlas events are shown up, then please check tagsync configuration, especially, atlas-application.properties file, and try restarting tagsync. ... View more
Contact Me
Online
Offline
Last Visited
‎01-11-2023 05:31 PM
Public Statistics
Date Registered ‎09-29-2015 12:41 AM
Last Visited ‎01-11-2023 05:31 PM
Total Messages Posted 19
Total Kudos Received 8