Member since
08-23-2017
5
Posts
0
Kudos Received
0
Solutions
02-13-2018
04:15 PM
Thanks for the quick answer! Turns out we were missing a service block in our topology file. We had the AMBARIUI service but not AMBARI. Adding <service>
<role>AMBARI</role>
<url>http://ambari1.testhost.com:8080</url>
</service> To our topology file and restarting Knox did the trick. Originally, we followed this article: https://community.hortonworks.com/articles/78361/configure-knox-to-access-ambari-ui.html which doesn't mention the service blocks you just pointed out. It would be interesting to fix the article so that other users don't face the same issue.
... View more
02-13-2018
02:55 PM
We have a demo cluster and where we successfully configured knox to front some services. But are having some issues when fronting the AmbariUI. The login and interface work OK but the cluster alerts and service management don't work. Looking at the console's output we see that the following request fails with an error when calling it fronted by knox. Request https://my1-testhost.com/gateway/default/ambari/api/v1/clusters/desa_datahub/hosts?fields=Hosts/rack_info,Hosts/host_name,Hosts/maintenance_state,Hosts/public_host_name,Hosts/cpu_count,Hosts/ph_cpu_count,Hosts/last_agent_env,alerts_summary,Hosts/host_status,Hosts/last_heartbeat_time,Hosts/ip,host_components/HostRoles/state,host_components/HostRoles/maintenance_state,host_components/HostRoles/stale_configs,host_components/HostRoles/service_name,host_components/HostRoles/display_name,host_components/HostRoles/desired_admin_state,metrics/disk,metrics/load/load_one,Hosts/total_mem,Hosts/os_arch,Hosts/os_type,metrics/cpu/cpu_system,metrics/cpu/cpu_user,metrics/memory/mem_total,metrics/memory/mem_free,stack_versions/HostStackVersions,stack_versions/repository_versions/RepositoryVersions/repository_version,stack_versions/repository_versions/RepositoryVersions/id,stack_versions/repository_versions/RepositoryVersions/display_name&minimal_response=true,host_components/logging&page_size=25&from=0&_=1518506931629 Response: {
"status" : 400,
"message" : "Invalid Request: Malformed Request Body. An exception occurred parsing the request body: Unexpected character ('%' (code 37)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')\n at [Source: java.io.StringReader@4fc081ba; line: 1, column: 3]"
} But it works OK when called accessing directly to the machine that hosts ambari (i.e. http://ambari1.testhost.com:8080). We are working with Knox 0.12.0 and Ambari 2.5.1.0. Any tips on where to find further info or a possible solution? Thanks in advance.
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Knox
11-07-2017
01:10 PM
@vperiasamy that solved the issue. I thought the policies were downloaded immediately upon creation/modification. Thank you so much.
... View more
11-06-2017
03:19 PM
Greetings, I'm having some trouble with the ranger-knox plugin policy synchronization. I have the following versions in my test setup: Ambari 2.5.1.0, HDP 2.6.1.0-129, Ranger 0.7.0, Knox 0.12.0. If I go to Access Manager > Service manager > knox and hit "Test connection". Everything works fine. The fields are autocompleted with the service definitions and the topologies defined in the knox config. But, for some reason plugin status does not show anything related to knox and the policies are not updated in the knox node /etc/ranger/<cluster_name>_knox/policycache/knox_<cluster_name>_knox.json is empty. I added a debug log for the ranger.knoxagent in Advanced gateway-log4j #Ranger Knox Plugin debug
ranger.knoxagent.logger=DEBUG,console,KNOXAGENT
ranger.knoxagent.log.file=ranger.knoxagent.log
log4j.logger.org.apache.ranger=${ranger.knoxagent.logger}
log4j.additivity.org.apache.ranger=false
log4j.appender.KNOXAGENT =org.apache.log4j.DailyRollingFileAppender
log4j.appender.KNOXAGENT.File=${app.log.dir}/${ranger.knoxagent.log.file}
log4j.appender.KNOXAGENT.layout=org.apache.log4j.PatternLayout
log4j.appender.KNOXAGENT.layout.ConversionPattern=%d{ISO8601} %p %c{2}: %m%n %L
log4j.appender.KNOXAGENT.DatePattern=.yyyy-MM-dd But nothing gets written in ranger.knoxagent.log I changed the loglevels of Ranger to DEBUG in all the xa_log_appender, but I see no strange erros in the xa_portal.log file. I'm using self-signed certificates signed with our enterprise CA for both Ranger and all the ranger-plugins. This CA was added to the cacerts file of each node of the cluster and I'm successfully using other ranger-plugins (such as HBase, Hive, HDFS) via SSL. In the case of knox, I followed this guide https://community.hortonworks.com/articles/14900/demystify-knox-ldap-ssl-ca-cert-integration-1.html to generate a gateway.jks key-pair that's signed with our CA. I use this same gatway.jks file in the Advanced ranger-policymgr-ssl configuration and the truststore points to the cacerts file that contains our enterprise CA's certificate. I don't know what else to do. Can anyone give me any pointers as to how to debug this issue? Thanks in advance.
... View more
Labels:
- Labels:
-
Apache Knox
-
Apache Ranger
08-23-2017
01:30 PM
Hi, I'm using SSL-enabled Ranger 0.7 with LDAP/AP usersync. I wiped the external groups added by the LDAP/AD sync process and I'm attempting to add a user imported from LDAP/AP (demo1) to an internal group (demo1_grp). So before starting the user demo1 had no groups. My /tmp/ugsync.txt file is as follows: # cat /tmp/ugsync.txt "demo1","demo1","demo1_grp" When launching the code above I get the following erros: log4j: reset attribute= "false". log4j: Threshold ="null".
log4j: Level value for root is [info]. log4j: root level set to INFO log4j: Class name: [org.apache. log4j.DailyRollingFileAppender] log4j: Setting property [file] to [/var/log/ranger/usersync/usersync.log]. log4j: Setting property [datePattern] to ['.'yyyy-MM-dd]. log4j: Parsing layout of class: "org.apache.log4j.PatternLayout" log4j: Setting property [conversionPattern] to [%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n]. log4j: setFile called: /var/log/ranger/usersync/usersync.log, true log4j: setFile ended log4j: Appender [logFile] to be rolled at midnight. log4j: Adding appender named [logFile] to category [root]. Exception in thread "main" java.lang.NullPointerException
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildGroupList(PolicyMgrUserGroupBuilder.java:425)
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:194)
at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:163)
at org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder.main(FileSourceUserGroupBuilder.java:63) Any ideas? Thanks in advance.
... View more