[
https://issues.apache.org/jira/browse/RANGER-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16953796#comment-16953796
]
Velmurugan Periasamy edited comment on RANGER-2621 at 10/17/19 2:14 PM:
------------------------------------------------------------------------
1] Regarding error in kerberized env, policy.download.auth.users should be
configured to the user passed after the auth-to-rules translation. Could you
please verify that?
2] Regarding plugin error, verify if hive service def is updated (See
https://issues.apache.org/jira/browse/RANGER-2389). Did you upgrade the old
cluster?
CC [~rmani] / [~mehul] / [~abhayk]
was (Author: vperiasamy):
1] Regarding error in kerberized env, policy.download.auth.users should be
configured as the right user that is getting passed after the auth-to-rules
translation. Could you please verify that?
2] Regarding plugin error, verify if hive service def is updated (See
https://issues.apache.org/jira/browse/RANGER-2389). Did you upgrade the old
cluster?
CC [~rmani] / [~mehul] / [~abhayk]
> Ranger Policy Update fails on Kerberized Cluster
> ------------------------------------------------
>
> Key: RANGER-2621
> URL: https://issues.apache.org/jira/browse/RANGER-2621
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 2.0.0
> Reporter: Susi Dev
> Priority: Major
>
> {color:#4c9aff}Can someone help configuring RANGER for KERBERIZED cluster
> ??{color}
> We have Ranger 2.0 installed on separate EC2 node, while trying to integrate
> with EMR cluster.
> When the EMR cluster is not kerberized, the policy sync works just fine..
> When EMR is kerberized, policy download does not work anymore...
>
> We see below error:
> +*Access Log:*+
> 10.23.123.150 - - [14/Oct/2019:20:07:09 +0000] "GET
> /service/plugins/secure/policies/download/hadoopdev?supportsPolicyDeltas=false
> HTTP/1.1" 401 52 "-" "curl/7.61.1"
>
> +*Hive Server 2 log:*+
> 2019-10-14T20:03:34,353 WARN [Thread-8([])]: client.RangerAdminRESTClient
> (RangerAdminRESTClient.java:getServicePoliciesIfUpdated(186)) - Error getting
> policies. secureMode=true, user=hive/i...@domain.net (auth:KERBEROS),
> response=\{"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication
> Failed"}, serviceName=hivedev
>
> +*Plugin Error(Test Connection):*+
> org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show
> databases like "*"]..
> Unable to execute SQL [show databases like "*"]..
> Error running query: java.lang.NoSuchFieldError: REPLLOAD.
> REPLLOAD.
>
>
> {color:#FF0000}Plugin Config:{color}
> Service Name : hivedev
> Active Status: Enabled
>
> {color:#FF0000}Config Properties :{color}
> Username : Rangeradmin/_hostn...@domain.net
> Password : ********
> jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver
> jdbc.url: jdbc:hive2://hostname:10000/;principal=hive/hostn...@domain.net
> Common Name for Certificate:
> Add New Configurations
> ||Name||Value||
> |policy.download.auth.users | rangeradmin/hostn...@domain.net | |
>
>
> {color:#FF0000}*Ranger 2.0 looks great but with not enough documentation
> around the installation and configuration, we are all handicapped when it
> comes to using. Appreciate if some of you add good documentation, it helps us
> appreciate the amount of work done by you ... Right now, we are only shooting
> in the DARK.*{color}
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
