The hbase smoke test is ran from Service Check in ambari and obviously Hbase Ranger policy doesn't know anything about ambari-qa user? Can we change that? or add ambari-qa user to the policy? ... View more

I see the plugin but then I see this https://issues.apache.org/jira/browse/RANGER-246 and for Storm, it gives me an alert that only works with secure cluster. advice? ... View more

Currently Have Hbase protected by Ranger. I am not able to connect to Hbase via Phoenix from an external java client since its picking up my machine userid and that is not an authorized user. Is there a way to pass in the user in phoenix connection url? ... View more

It seem that invoking the test from the KNox repository in Ranger failes due to miss path to the cert. Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... View more

Ranger usersych is throwing an exception while connecting to AD: below is the exception, any ideas? I have verified that I can bind successfully with AD. 03 Nov 2015 17:39:40 INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink 03 Nov 2015 17:39:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started 03 Nov 2015 17:39:40 INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started 03 Nov 2015 17:39:40 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 30000 milliseconds. Error details: javax.naming.ServiceUnavailableException: xx.xxx.xx..xx:636; socket closed at com.sun.jndi.ldap.Connection.readReply(Connection.java:449) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149) at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:262) at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58) at java.lang.Thread.run(Thread.java:745) ... View more

After running security-setup on ambari, and then choose option [3] - setup trustore, it successfull say its completed, but yet no trust store created in the path. ... View more

While starting the agent on a new node, I get the following: Checking for previously running Ambari Agent... Starting ambari-agent Verifying ambari-agent process status... ERROR: ambari-agent start failed. For more details, see /var/log/ambari-agent/ambari-agent.out: ==================== File "/usr/lib/python2.6/site-packages/ambari_agent/NetUtil.py", line 21, in <module> from HeartbeatHandlers import HeartbeatStopHandlers File "/usr/lib/python2.6/site-packages/ambari_agent/HeartbeatHandlers.py", line 21, in <module> from ambari_commons.exceptions import FatalException File "/usr/lib/python2.6/site-packages/ambari_commons/__init__.py", line 21, in <module> """ File "/usr/lib/python2.6/site-packages/ambari_commons/os_check.py", line 133, in <module> File "/usr/lib/python2.6/site-packages/ambari_commons/os_check.py", line 115, in __init__ File "/usr/lib/python2.6/site-packages/ambari_commons/os_check.py", line 112, in initialize_data Exception: Couldn't load 'os_family.json' file ... View more

Any one notice any performance for degradation while having all clients accessing services via rest over KNOX? It see for me Knox is not a good solution for low latency applications. thoughts? ... View more