Member since
04-12-2018
33
Posts
2
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
955 | 06-25-2020 05:14 PM |
05-04-2021
12:08 AM
Hello @BGabor This error "TrustManager is not specified" can be thrown due to some of the following issues - Missing cert files or missing/wrong values for the below configs Make sure following properties are set:- xasecure.policymgr.clientssl.keystore.credential.file=jceks://file/{{credential_file}}
xasecure.policymgr.clientssl.truststore.credential.file=jceks://file/{{credential_file}}
xasecure.policymgr.clientssl.truststore=/path/to/truststore Also came across these Ranger jiras which indicates that the truststore info not specified in cacert or cacert needs to be manually configured. Note - they are fixed in Ranger 2.0.1, so you may also want to check the ranger version. https://issues.apache.org/jira/browse/RANGER-2611 https://issues.apache.org/jira/browse/RANGER-2907
... View more
12-26-2020
01:39 PM
@slambe @woodcock_mike Take the back up of the DB first just in-case. This has to be done from ranger DB, following querries may help to get rid of deleted server form the plugin status page:- select id,service_name,app_type,host_name from x_plugin_info where host_name='HOST_NAME'; Where HOST_NAME is the host that has been removed form the cluster, verify the details. To remove the plugin status info for the removed host run following query:- DELETE FROM x_plugin_info where host_name='HOST_NAME';
... View more
12-23-2020
08:59 AM
1 Kudo
@ferdem If I understand correctly, you want to modify the group membership of the user, correct me if I am wrong Try following api call:- curl -ivk -u admin:admin -H "Content-Type: application/json" -d '{"id":13,"createDate":"2020-12-23T07:55:04Z","updateDate":"2020-12-23T07:55:04Z","owner":"rangerusersync","updatedBy":"rangerusersync","name":"atlas","password":"*****","description":"atlas - add from Unix box","groupIdList":[6,59,4,131,133],"groupNameList":["atlas","hadoop","shadow"],"status":0,"isVisible":1,"userSource":1,"userRoleList":["ROLE_USER"],"otherAttributes":"{\"full_name\":\"atlas\",\"original_name\":\"atlas\"}"}' -X PUT https://RANGER_HOST:6182/service/xusers/users Its little bit big but if user is already added to ranger then run following api to get the id information for users:- curl -ivk -u admin:admin -H "Accept : application/json" -X GET https://RANGER_HOST:6182/service/xusers/users Once you have IDS for all users, you can run following crul api to get the json formatted data which you use to modify and then use PUT method in first API I mentioned:- curl -ivk -u admin:admin -H "Accept: application/json" -X GET https://RANGER_HOST:6182/service/xusers/users/13 Above Curl api should return something like following:- {"id":13,"createDate":"2020-12-23T07:55:04Z","updateDate":"2020-12-23T16:45:14Z","owner":"rangerusersync","updatedBy":"admin","name":"atlas","password":"*****","description":"atlas - add from Unix box","groupIdList":[133,6],"groupNameList":["apitest","atlas","hadoop","shadow","ssb"],"status":0,"isVisible":1,"userSource":1,"userRoleList":["ROLE_USER"],"otherAttributes":"{\"full_name\":\"atlas\",\"original_name\":\"atlas\"}"} you have to modify "groupIdList":[133,6] from the above output copy entire output and pass it with PUT method as shown in the first api call mentioned above.
... View more
06-25-2020
05:14 PM
@sujonict07 Can you try to disable the Hive impersonation? If impersonation is enabled then all your hive queries will run as hive user and hive is super user for hive service which wouldn't be a good setup as you may want to restrict access to some users. When you disable the hive impersonation then all queries will be submitted by the actual user and ranger will be able to provide the authorisation. If it is enabled it doesn't make sense to use ranger. Are you using CDP?
... View more