I am configuring HDP 2.6.1 cluster in AWS using cloudbreak and RDS MySQL DB for Ranger and Hive. Hive works fine after providing the RDS MySQL endpoint and user information, but Ranger admin fails with error message as below 2018-10-09 14:25:07,606 [I] --------- Verifying Ranger DB connection --------- 2018-10-09 14:25:07,606 [I] Checking connection.. 2018-10-09 14:25:07,606 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-8.0.12.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://xxxxx/ranger -u 'rangerdba' -p '********' -noheader -trim -c \; -query "SELECT version();" Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. 2018-10-09 14:25:07,898 [I] Checking connection passed. 2018-10-09 14:25:07,899 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-8.0.12.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://xxxxx/ranger -u 'rangerdba' -p '********' -noheader -trim -c \; -query "select version from x_db_version_h where version = 'JAVA_PATCHES' and inst_by = 'Ranger 0.7.0.2.6.1.0-129' and active='Y';" Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. 2018-10-09 14:25:08,183 [I] ----------------- Applying java patches ------------ 2018-10-09 14:25:08,183 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-8.0.12.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://xxxxx/ranger -u 'rangerdba' -p '********' -noheader -trim -c \; -query "select version from x_db_version_h where version = 'J10001' and active = 'Y';" Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. 2018-10-09 14:25:08,474 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-8.0.12.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://xxxxx/ranger -u 'rangerdba' -p '********' -noheader -trim -c \; -query "select version from x_db_version_h where version = 'J10001' and active = 'N';" Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. 2018-10-09 14:25:08,762 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-8.0.12.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://xxxxx/ranger -u 'rangerdba' -p '********' -noheader -trim -c \; -query "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J10001', now(), 'Ranger 0.7.0.2.6.1.0-129', now(), 'ip-xxx-xxx-xxx-xxx.ec2.internal','N') ;" Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. 2018-10-09 14:25:09,082 [I] java patch PatchPasswordEncryption_J10001 is being applied.. Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. [EL Severe]: 2018-10-09 14:25:41.877--ServerSession(893339434)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: Connections could not be acquired from the underlying database! Error Code: 0 [EL Severe]: ejb: 2018-10-09 14:25:41.886--ServerSession(893339434)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: Connections could not be acquired from the underlying database! Error Code: 0 [EL Severe]: 2018-10-09 14:26:01.794--ServerSession(893339434)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: Connections could not be acquired from the underlying database! Error Code: 0 [EL Severe]: ejb: 2018-10-09 14:26:01.794--ServerSession(893339434)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: Connections could not be acquired from the underlying database! Error Code: 0 2018-10-09 14:26:01,827 [JISQL] /usr/lib/jvm/java/bin/java -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-8.0.12.jar:/usr/hdp/current/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://xxxxx/ranger -u 'rangerdba' -p '********' -noheader -trim -c \; -query "delete from x_db_version_h where version='J10001' and active='N' and updated_by='ip-xxx-xxx-xxx-xxx.ec2.internal';" Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. 2018-10-09 14:26:02,143 [E] applying java patch PatchPasswordEncryption_J10001 failed On investigation, found that RDS MySQL has SSL enabled, whereas Ranger is connecting without SSL. (Reference https://community.hortonworks.com/content/supportkb/148592/errorjava-patch-patchpasswordencryption-j10001-is.html) But unable to find how to disable the "have_ssl" and "have_openssl" in RDS MySQL. Community help to resolve this issue is much appreciated. ... View more

I am trying to configure Knox 0.12 on HDP 2.6.1 for Active Directory authentication, based on Hortonworks documentation and community forum reference https://community.hortonworks.com/articles/114601/how-to-configure-and-troubleshoot-a-knox-topology.html Issue#1 On advance admin topology, configured necessary parameters based on above document and when i execute curl statement, getting "HTTP/1.1 403 Forbidden" error. When i checked the gateway.log, Computed userDn and Computed roles/groups are proper and matches with my LDAP setup. But then it is errors out and couldn't find where it fails. Issue#2 On KnoxSSO topology, i am using userDnTemplate where sAMAccountName is referred (sAMAccountName={0},ou=Accounts,...) This fails with error 2018-05-25 10:09:30,022 INFO hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(203)) - Could not login: org.apache.shiro.authc.UsernamePasswordToken - <sAMAccountName> 2018-05-25 10:09:30,023 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580] Appreciate the community help for the steps to fix the issue ... View more