Member since
07-10-2021
4
Posts
0
Kudos Received
0
Solutions
08-02-2021
12:16 AM
Hi @jAnshula Yes, below proxyuser properties added in Custom KMS-Site. keyadmin user only configured in KMS Repository. hadoop.kms.proxyuser.keyadmin.groups=* hadoop.kms.proxyuser.keyadmin.hosts=* hadoop.kms.proxyuser.keyadmin.users=*
... View more
07-26-2021
08:45 PM
@jAnshula Thanks. Will check & update on this.
... View more
07-25-2021
04:52 AM
Hi, We are trying to install Ranger KMS using Ambari. Our Cluster is Kerberos enabled & disabled multiple times using Ambari Kerberos Automated Wizard. Right now, Kerberos is enabled. Ranger KMS Installation is failing due to failure to distribute Keytab file by Ambari although it generates it in the Ambari server side, also principal generated successfully in AD KDC. Also noticed that Ambari shows Kerberos has been manually installed on the cluster, although we used Ambari Kerberos Wizard always. Ambari Server logs shared below along with screenshot of manual message mention above. Any idea on how to resolve this issue ? @dvillarreal @dgiri_india1989 2021-07-10 16:14:58,119 INFO [Server Action Executor Worker 73541] CreateKeytabFilesServerAction:193 - Creating keytab file for rangerkms/{FULLY_QUALIFIED_DOMAIN_NAME}@MTNIRANCELL.IR on host {FULLY_QUALIFIED_DOMAIN_NAME} 2021-07-10 16:14:58,137 INFO [Server Action Executor Worker 73541] CreateKeytabFilesServerAction:252 - Successfully created keytab file for rangerkms/{FULLY_QUALIFIED_DOMAIN_NAME}@MTNIRANCELL.IR at /var/lib/ambari-server/data/tmp/.ambari_1625917470341-0.d/{FULLY_QUALIFIED_DOMAIN_NAME}/78235da43a7af6b2b8c061e49f5777df4f71251151a10e8baeccaf0eacc65b79 2021-07-10 16:14:58,213 INFO [Server Action Executor Worker 73541] CreateKeytabFilesServerAction:193 - Creating keytab file for HTTP/{FULLY_QUALIFIED_DOMAIN_NAME}@MTNIRANCELL.IR on host {FULLY_QUALIFIED_DOMAIN_NAME} 2021-07-10 16:14:58,224 INFO [Server Action Executor Worker 73541] KerberosServerAction:479 - Processing identities completed. 2021-07-10 16:15:39,174 ERROR [Server Action Executor Worker 73542] FinalizeKerberosServerAction:119 - Failed to update the owner of the keytab file at /etc/security/keytabs/rangerkms.service.keytab to kms: chown: cannot access ‘/etc/security/keytabs/rangerkms.service.keytab’: No such file or directory 2021-07-10 16:15:39,174 INFO [Server Action Executor Worker 73542] FinalizeKerberosServerAction:128 - Updated the group of the keytab file at /etc/security/keytabs/rangerkms.service.keytab to null 2021-07-10 16:15:39,181 ERROR [Server Action Executor Worker 73542] FinalizeKerberosServerAction:150 - Failed to update the access mode of the keytab file at /etc/security/keytabs/rangerkms.service.keytab to owner:'r' and group:'null': chmod: cannot access ‘/etc/security/keytabs/rangerkms.service.keytab’: No such file or directory Came across similar issue reported by other member, but not sure what payload.json file to be used to get rid of this situation. Yet to get response in another thread. https://community.cloudera.com/t5/Support-Questions/Ambari-is-not-creating-keytab-files-though-it-says-it-has/td-p/206290/highlight/false
... View more
Labels:
- Labels:
-
Apache Ambari
07-10-2021
05:38 AM
Hi @dgiri_india1989 Could you please share more details for this issue about how you are able to fix this. We are also facing similar issue with Ranger KMS service. RangerKMS Principal is created in AD KDC, Also Keytab creation is success according to Ambari Server log, but it's not distributed to RangerKMS service hosted node. Due to this service is not starting up. Thank you.
... View more