Member since
03-04-2016
165
Posts
35
Kudos Received
7
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1739 | 06-20-2017 03:08 PM | |
8971 | 05-11-2017 09:59 AM | |
8964 | 01-12-2017 01:50 PM | |
1327 | 10-26-2016 03:02 PM | |
5415 | 09-06-2016 07:40 AM |
02-10-2017
01:49 PM
Sorry guys, that was the issue. Not only me have access to that cluster, and somebody changed ranger policy url in every plugin config. Thank you!
... View more
02-10-2017
12:46 PM
@Sagar Shimpi 1. Test connection works for HDFS and HBase, for Hive I have my own modified jars and it is not working for a long time (but policies were working) 2. In Ambari UI I dont see any alerts regarding to Ranger 3. In every service logs I see only one error which is known: "failed to refresh policies. Will continue to use last known version of policies (XX) [...] Connection Refused". Could you please specify which logs I can post? It is on clients cluster and I dont have direct access, so I need to rewrite logs manually. P. S. policies are not synced for every service which I am using (HDFS,HBase,Hive,Kafka,Knox)
... View more
02-10-2017
11:49 AM
The strange thing is that in access_log Ranger tries to GET status from not defined URL: "IP - - [DATE] "GET / HTTP/1.0" 302 -"
... View more
02-10-2017
11:28 AM
@Deepak Sharma Thank you for a quick answer. In access_log when I edit a policy I got PUT and GET code 200, but except that every 30 seconds I got GET with code 302. In correspoding service logs I got "failed to refresh policies. Will continue to use last known version of policies (61). It was working before, but for 10 days policies are not synced.
... View more
02-10-2017
10:40 AM
Hi, I have a problem with policy synchronization. HDP 2.5.0-1245, Ambari 2.4.1. When I add/edit policy, the policy changes in MySQL database "ranger", but not in Audit -> Plugins. Also the change does not affect on /etc/ranger/servicename/policycache/XXX.json file (last change was 10 days ago, same as Plugin tab shows). From xa_portal.log in DEBUG mode I see an error every 30 seconds: "DEBUG org.springframework.security.web.access.ExceptionTranslationFilter (ExceptionTranslationFilter.java:165) - Access is denied (user is anonymous); redirecting to authentication entry point org springframework.security.access.AccessDeniedException: Access is denied" That is the only difference in this log when I compare my working cluster with this one. The connection to database is good, but what happens next I dont know. How do policies are propagated from MySQL to .json file? Which user is responsible for this? Any solution ideas? Thank you in advance.
... View more
Labels:
- Labels:
-
Apache Ranger
01-19-2017
08:39 AM
@jzhang @Binu Mathew @Artem Ervits Sorry guys, but I've lost. Is it possible to run multiquery in the same paragraph? This post results it should work.
... View more
01-13-2017
08:22 AM
The correct class for LDAP/AD is org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
... View more
01-13-2017
08:13 AM
@spolavarapu @Shyam Shaw In my case any user added in AD is synced every 2 minutes not 1hr. I am using HDP2.5 with Ranger 0.6.0. My test environment has got 2300 users.
... View more
01-12-2017
03:51 PM
Its ok. In usersync.log find last and first line of sync cycle and determine if the time difference equals the time you configured. Like here: 12 Jan 2017 16:44:33 INFO UserGroupSync [UnixUserSyncThread] - End: update user/group from source==>sink
12 Jan 2017 16:46:33 INFO UserGroupSync [UnixUserSyncThread] - Begin: update user/group from source==>sink
In my case its 2 mins. When you add a new user again, track your usersync.log whether your newly created user appears in the log file.
... View more
01-12-2017
02:47 PM
Could you provide me also the output of command: ll /usr/bin/ | grep ranger-usersync
... View more