I have configured SSL with Ranger. Now ranger is started perfectly, but my resource manager UI is not reachable..
Belo is the error from /var/log/hadoop-yarn/yarn/yarn-yarn-resourcemanager-master1.log
ERROR util.PolicyRefresher (PolicyRefresher.java:loadPolicyfromPolicyAdmin(288)) - PolicyRefresher(serviceName=Prod_yarn): failed to refresh policies. Will continue to use last known version of policies (24)
Hi @Harish More ,
I see you have two issues here.
As, you mentioned RM UI is not reachable, is it just RM UI is not accessible? Can u access HDFS UI?
Do you see any exceptions in RM logs?
Regarding policy sync.
Once you enabled Ranger SSL, did you configured Ranger Plugin SSL for each components for which you have enabled plugin.
Like example for HDFS: Configuring the Ranger HDFS Plugin for SSL
hi @Pravin Bhagade
Even HDFS UI is not accessible.
When I am trying to configure ranger hdfs and yarn plugin, using the link you have provided.
after hitting below command
keytool -genkey -keyalg RSA -alias rangerHdfsAgent -keystore ranger-plugin-keystore.jks -storepass myKeyFilePassword -validity 360 -keysize 2048
the error is Alias rangerHdfsAgent name is not available.
Which doc you followed to configure HDFS SSL?
Regarding other error, You should see something like below when you hit the cmd. I java used by the keytool cmd.
[root@alpha ~]# /usr/jdk64/jdk1.8.0_112/bin/keytool -genkey -keyalg RSA -alias rangerHdfsAgent -keystore ranger-plugin-keystore.jks -storepass myKeyFilePassword -validity 360 -keysize 2048 What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]:
Actually I have certificate available so i used below command.
keytool -importkeystore -srckeystore certificate.p12 -destkeystore /etc/ranger/admin/conf/ranger-plugin-keystore.jks -deststoretype pkcs12 -alias rangerHdfsAgent
Then that error comes
Please share the correct cmd to avoid confusion.
Please use below cmd:
keytool -v -importkeystore -srckeystore eneCert.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
Earlier you were passing incorrect deststoretype and no need of -alias this cmd.
or try below.
keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]