Member since
08-10-2017
108
Posts
2
Kudos Received
7
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2909 | 01-28-2019 08:41 AM | |
4839 | 01-28-2019 08:35 AM | |
2665 | 12-18-2018 05:42 AM | |
7823 | 08-16-2018 12:12 PM | |
3013 | 07-24-2018 06:55 AM |
08-31-2018
07:09 AM
@Felix Albani Please suggest.
... View more
08-29-2018
05:44 AM
@Felix Albani, Our 2-way SSL is working properly. Also, hive public certificate is present in ranger admin truststore. Attached Ranger Hive Repo screenshot hive-repo.png Please suggest.
... View more
08-29-2018
05:39 AM
Thanks @Felix Albani I am able to configure 2-way SSL. But 1-way SSL is not working in HDP-2.5.6. Also, we have configured HiveServer2 HA. What should be the value of Common Name For Certificate in Ranger Policy Manager UI for Hive repository? Currently for one of the Hiveserver2 CN value is hmaster.test.org and for other Hiveserver2 CN value is hmaster2.test.org. Please suggest.
... View more
08-28-2018
10:46 AM
Hello Team, We are using HDP-2.5.6. We are not using Kerberos security. We have configured SSL for Hiveserver2 daemon. We have enabled Ranger plugin for Hive service. When we click on Test connection in Rangers Hive repository, it gives following error: ---------------------------------------------------------------------------------------
Connection Failed.
Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.
org.apache.ranger.plugin.client.HadoopException: Unable to connect to Hive Thrift Server instance.. Unable to connect to Hive Thrift Server instance.. Could not open client transport with JDBC Uri: jdbc:hive2://hmaster.test.com:10001: null.
------------------------------------------------------------------------------------- Ranger autocomplete resource name feature is not working. How to resolve it? Please suggest. Thanks, Bhushan
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Ranger
08-27-2018
12:07 PM
Hello Team, We have enabled SSL for Ranger Admin Web UI. We can access ranger Admin Web UI on port 6182. But Hive Server2 daemon is failing to refresh policies after enabling SSL for Ranger Admin Web UI. We are using internal CA signed certificate. Our Hive Server2 is SSL enabled. We have done all configuration for enabling two-way SSL between Ranger and Hive. We have imported Ranger Admin's certificate in Hiveserver2 Truststore and Hiveserver2 certificate in Ranger Admin's Truststore. We have setup Keystore for Hiveserver2 and Ranger Admin. Also, added hmaster.test.org as Common Name for Certificate in Hive and Ranger policy. In Hive Server2 log, we are getting following error: 2018-08-27 06:40:31,785 ERROR [main]: client.RangerAdminRESTClient (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(124)) - Error getting policies. secureMode=false, user=hive (auth:SIMPLE), response={"httpStatusCode":400,"statusCode":1,"msgDesc":"Unauthorized access - unable to get client certificate","messageList":[{"name":"OPER_NOT_ALLOWED_FOR_ENTITY","rbKey":"xa.error.oper_not_allowed_for_state","message":"Operation not allowed for entity"}]}, serviceName=C03_hive
2018-08-27 06:40:31,786 ERROR [main]: util.PolicyRefresher (PolicyRefresher.java:loadPolicyfromPolicyAdmin(255)) - PolicyRefresher(serviceName=C03_hive): failed to refresh policies. Will continue to use last known version of policies (-1)
java.lang.Exception: Unauthorized access - unable to get client certificate
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:126)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:232)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:188)
at org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:136)
In Ranger Admin log, we are getting following error: 2018-08-27 11:45:02,556 [http-bio-6182-exec-5] ERROR org.apache.ranger.common.ServiceUtil (ServiceUtil.java:1367) - Unauthorized access. Unable to get client certificate. serviceName=C03_hive
2018-08-27 11:45:02,557 [http-bio-6182-exec-5] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:65) - Request failed. SessionId=null, loginId=null, logMessage=Unauthorized access - unable to get client certificate
javax.ws.rs.WebApplicationException
at org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56)
at org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:335)
at org.apache.ranger.common.ServiceUtil.isValidateHttpsAuthentication(ServiceUtil.java:1368)
at org.apache.ranger.rest.ServiceREST.getServicePoliciesIfUpdated(ServiceREST.java:1817)
How to solve it? Please suggest. Thanks, Bhushan
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Ranger
08-16-2018
02:02 PM
@Jonathan Sneep I think my bind dn is correct. Could you please let me know whats correct dn value? Attached screenshot. How to check whether bind account is locked or not?
... View more
08-16-2018
01:48 PM
Hi All, While trying to sync users in Ambari with AD getting following exception: [root@ip-172-10-31-216 keytabs]# ambari-server setup-ldap
Using python /usr/bin/python
Setting up LDAP properties...
Primary URL* {host:port} (172.10.138.164:389):
Secondary URL {host:port} :
Use SSL* [true/false] (false):
User object class* (person):
User name attribute* (sAMAccountName):
Group object class* (group):
Group name attribute* (cn):
Group member attribute* (member):
Distinguished name attribute* (distinguishedName):
Base DN* (ou=usercn,dc=testad,dc=com):
Referral method [follow/ignore] :
Bind anonymously* [true/false] (false):
Handling behavior for username collisions [convert/skip] for LDAP sync* (convert):
Manager DN* (cn=testhdp,ou=admincn,ou=testad,dc=com):
Enter Manager Password* :
Re-enter password:
====================
Review Settings
====================
authentication.ldap.managerDn: cn=testhdp,ou=admincn,ou=testad,dc=com
authentication.ldap.managerPassword: *****
Save settings [y/n] (y)? y
Saving...done
Ambari Server 'setup-ldap' completed successfully.
[root@ip-172-10-31-216 keytabs]# service ambari-server restart
Using python /usr/bin/python
Restarting ambari-server
Waiting for server stop...
Ambari Server stopped
Ambari Server running with administrator privileges.
Organizing resource files at /var/lib/ambari-server/resources...
Ambari database consistency check started...
Server PID at: /var/run/ambari-server/ambari-server.pid
Server out at: /var/log/ambari-server/ambari-server.out
Server log at: /var/log/ambari-server/ambari-server.log
Waiting for server start................
Server started listening on 8080
DB configs consistency check: no errors and warnings were found.
[root@ip-172-10-31-216 keytabs]# ambari-server sync-ldap --all
Using python /usr/bin/python
Syncing with LDAP...
Enter Ambari Admin login: admin
Enter Ambari Admin password:
Syncing all...ERROR: Exiting with exit code 1.
REASON: Caught exception running LDAP sync. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]
[root@ip-172-10-31-216 keytabs]#
How to resolve it? Attached AD scrreshots ad1.png ad2.png Please suggest. Thanks, Bhushan
... View more
Labels:
- Labels:
-
Apache Ambari
08-16-2018
12:12 PM
Resource Manager Restart cleans cache of RM and resolves issue.
... View more