[
https://issues.apache.org/jira/browse/RANGER-3237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319329#comment-17319329
]
kangkaixin commented on RANGER-3237:
------------------------------------
i find some info
when i enable debug to ranger admin service ,but i don't know this
i find this
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 1 of 16 in additional filter chain; firing Filter:
'SecurityContextPersistenceFilter'
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.context.SecurityContextPersistenceFilter
(SecurityContextPersistenceFilter.java:94) - Eagerly created session:
3C2D86DD0C8B4BBDE0D017E52154746F
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.context.HttpSessionSecurityContextRepository
(HttpSessionSecurityContextRepository.java:186) - HttpSession returned null
object for SPRING_SECURITY_CONTEXT
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.context.HttpSessionSecurityContextRepository
(HttpSessionSecurityContextRepository.java:116) - No SecurityContext was
available from the HttpSession:
org.apache.catalina.session.StandardSessionFacade@614a0af3. A new one will be
created.
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 2 of 16 in additional filter chain; firing Filter:
'WebAsyncManagerIntegrationFilter'
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 3 of 16 in additional filter chain; firing Filter:
'HeaderWriterFilter'
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 4 of 16 in additional filter chain; firing Filter: 'LogoutFilter'
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
springframework.security.web.util.matcher.AntPathRequestMatcher
(AntPathRequestMatcher.java:176) - Checking match of request :
'/service/plugins/secure/policies/download/HIVE_CDH'; against '/logout'
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 5 of 16 in additional filter chain; firing Filter:
'RangerUsernamePasswordAuthenticationFilter'
2021-04-12 10:11:08,985 [http-bio-6080-exec-9] DEBUG
springframework.security.web.util.matcher.AntPathRequestMatcher
(AntPathRequestMatcher.java:156) - Request 'GET
/service/plugins/secure/policies/download/HIVE_CDH' doesn't match 'POST /login
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 6 of 16 in additional filter chain; firing Filter:
'BasicAuthenticationFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 7 of 16 in additional filter chain; firing Filter:
'RangerSSOAuthenticationFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 8 of 16 in additional filter chain; firing Filter:
'RequestCacheAwareFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 9 of 16 in additional filter chain; firing Filter:
'SecurityContextHolderAwareRequestFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 10 of 16 in additional filter chain; firing Filter:
'RangerKRBAuthenticationFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 11 of 16 in additional filter chain; firing Filter:
'RangerCSRFPreventionFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 12 of 16 in additional filter chain; firing Filter:
'AnonymousAuthenticationFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.authentication.AnonymousAuthenticationFilter
(AnonymousAuthenticationFilter.java:100) - Populated SecurityContextHolder with
anonymous token:
'org.springframework.security.authentication.AnonymousAuthenticationToken@9054afb8:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@1de60:
RemoteIpAddress: 172.20.185.56; SessionId: 3C2D86DD0C8B4BBDE0D017E52154746F;
Granted Authorities: ROLE_ANONYMOUS'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 13 of 16 in additional filter chain; firing Filter:
'SessionManagementFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 14 of 16 in additional filter chain; firing Filter:
'ExceptionTranslationFilter'
2021-04-12 10:11:08,986 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.FilterChainProxy$VirtualFilterChain
(FilterChainProxy.java:325) -
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
at position 15 of 16 in additional filter chain; firing Filter:
'FilterSecurityInterceptor'
2021-04-12 10:11:08,987 [http-bio-6080-exec-9] DEBUG
org.springframework.security.access.intercept.AbstractSecurityInterceptor
(AbstractSecurityInterceptor.java:219) - Secure object: FilterInvocation: URL:
/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1;
Attributes: [isAuthenticated()]
2021-04-12 10:11:08,987 [http-bio-6080-exec-9] DEBUG
org.springframework.security.access.intercept.AbstractSecurityInterceptor
(AbstractSecurityInterceptor.java:348) - Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@9054afb8:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@1de60:
RemoteIpAddress: 172.20.185.56; SessionId: 3C2D86DD0C8B4BBDE0D017E52154746F;
Granted Authorities: ROLE_ANONYMOUS
2021-04-12 10:11:08,987 [http-bio-6080-exec-9] DEBUG
org.springframework.security.access.vote.AffirmativeBased
(AffirmativeBased.java:66) - Voter:
org.springframework.security.web.access.expression.WebExpressionVoter@70e002e8,
returned: -1
2021-04-12 10:11:08,987 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.access.ExceptionTranslationFilter
(ExceptionTranslationFilter.java:173) - Access is denied (user is anonymous);
redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at
org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter$ServletFilterHttpInteraction.proceed(RangerCSRFPreventionFilter.java:210)
at
org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter.handleHttpInteraction(RangerCSRFPreventionFilter.java:155)
at
org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter.doFilter(RangerCSRFPreventionFilter.java:165)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:399)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter.doFilter(RangerSSOAuthenticationFilter.java:259)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:165)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1201)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2021-04-12 10:11:08,987 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.savedrequest.HttpSessionRequestCache
(HttpSessionRequestCache.java:60) - DefaultSavedRequest added to Session:
DefaultSavedRequest[http://idc-bigdata-185-56.jdy.kd.internal:6080/service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1]
2021-04-12 10:11:08,988 [http-bio-6080-exec-9] DEBUG
org.springframework.security.web.access.ExceptionTranslationFilter
(ExceptionTranslationFilter.java:202) - Calling Authentication entry point.
2021-04-12 10:11:08,988 [http-bio-6080-exec-9] DEBUG
apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint
(RangerAuthenticationEntryPoint.java:82) - commence() X-Requested-With=null
> The Hive plugin cannot synchronize policy information after Kerberos is
> enabled
> -------------------------------------------------------------------------------
>
> Key: RANGER-3237
> URL: https://issues.apache.org/jira/browse/RANGER-3237
> Project: Ranger
> Issue Type: Bug
> Components: admin, plugins
> Affects Versions: 2.1.0
> Environment: CDH6.3.1
> CM 6.3.2
> Ranger 2.1.0
> Kerberos : FreeIPA
> Reporter: kangkaixin
> Priority: Blocker
>
> I have a question
> when i enable kerberos , hive plugin can't sync info to hiveservice ,i
> see log ,But there was no useful information, if no have kerberos ,The
> function is normal ,so ,who can help me?
> =============================================================
> h1. question1:
> in hive policy server config ,i click test connection show me Error
> detail :
> *Connection Failed.*
> Unable to retrieve any files using given parameters, You can still save the
> repository and start creating policies, but you would not be able to use
> autocomplete for resource names. Check ranger_admin.log for more info.
> org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show
> databases like "*"]..
> Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [hive] does not have [USE] privilege on [*].
> Permission denied: user [hive] does not have [USE] privilege on [*].
>
> h1. question2:
> hive plugin can't sync info to hiveservice
> show me Error 401 from hive log and rangeradmin log
> h1. some info
> h2. hostname : idc-bigdata-185-56.jdy.kd.internal
> h2. principal: ranger.keytab
> Keytab name: FILE:ranger.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 1 04/09/2021 13:51:55 HTTP/[email protected]
> 1 04/09/2021 13:51:55 HTTP/[email protected]
> 1 04/09/2021 13:51:55 HTTP/[email protected]
> 1 04/09/2021 13:51:55 HTTP/[email protected]
> 1 04/09/2021 13:51:55 HTTP/[email protected]
> 1 04/09/2021 13:51:55 HTTP/[email protected]
> 1 04/09/2021 13:52:12
> rangeradmin/[email protected]
> 1 04/09/2021 13:52:12
> rangeradmin/[email protected]
> 1 04/09/2021 13:52:12
> rangeradmin/[email protected]
> 1 04/09/2021 13:52:12
> rangeradmin/[email protected]
> 1 04/09/2021 13:52:12
> rangeradmin/[email protected]
> 1 04/09/2021 13:52:12
> rangeradmin/[email protected]
> 1 04/09/2021 13:52:23
> rangerlookup/[email protected]
> 1 04/09/2021 13:52:23
> rangerlookup/[email protected]
> 1 04/09/2021 13:52:23
> rangerlookup/[email protected]
> 1 04/09/2021 13:52:23
> rangerlookup/[email protected]
> 1 04/09/2021 13:52:23
> rangerlookup/[email protected]
> 1 04/09/2021 13:52:23
> rangerlookup/[email protected]
> ============================================================
> h2. ranger admin install.properties
> spnego_principal=HTTP/[email protected]
> spnego_keytab=/data/service/ranger/ranger.keytab
> token_valid=30
> cookie_domain=idc-bigdata-185-56.jdy.kd.internal
> cookie_path=/
> admin_principal=rangeradmin/[email protected]
> admin_keytab=/data/service/ranger/ranger.keytab
> lookup_principal=rangerlookup/[email protected]
> lookup_keytab=/data/service/ranger/ranger.keytab
> hadoop_conf=/opt/cloudera/parcels/CDH/lib/hadoop/etc/hadoop
> h2. ranger hive install.properties
> POLICY_MGR_URL=[http://idc-bigdata-185-56.jdy.kd.internal:6080|http://idc-bigdata-185-56.jdy.kd.internal:6080/]
> REPOSITORY_NAME=HIVE_CDH
> COMPONENT_INSTALL_DIR_NAME=/opt/cloudera/parcels/CDH/lib/hive
> h2. ranger admin UI hive policy service
> *Service Name* : HIVE_CDH
> *Username* : [email protected]
> *jdbc.driverClassName* :org.apache.hive.jdbc.HiveDriver
> *jdbc.url* :
> jdbc:hive2://idc-bigdata-185-57.jdy.kd.internal:2181,idc-bigdata-185-58.jdy.kd.internal:2181,idc-bigdata-185-59.jdy.kd.internal:2181/;principal=hive/[email protected];serviceDiscoveryMode=zooKeeper;user=hive;zooKeeperNamespace=hiveserver2
>
> h2. hive log info :
> stdout.log
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> Roles. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> policies. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> Roles. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> policies. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> Roles. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> policies. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> Roles. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> policies. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> Roles. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> [esher(serviceName=HIVE_CDH)-22] RangerAdminRESTClient WARN Error getting
> policies. secureMode=true,
> user=hive/[email protected] (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> , serviceName=HIVE_CDH
> ============================================================
> h2. ranger access log
> access_log.2021-04-12.log
> 172.20.185.56 - - [12/Apr/2021:09:50:08 +0000] "GET
> /service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
> 172.20.185.56 - - [12/Apr/2021:09:50:38 +0000] "GET
> /service/roles/secure/download/HIVE_CDH?pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528903&pluginCapabilities=fff&lastKnownRoleVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
> 172.20.185.56 - - [12/Apr/2021:09:50:38 +0000] "GET
> /service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
> 172.20.185.56 - - [12/Apr/2021:09:51:08 +0000] "GET
> /service/roles/secure/download/HIVE_CDH?pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528903&pluginCapabilities=fff&lastKnownRoleVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
> 172.20.185.56 - - [12/Apr/2021:09:51:08 +0000] "GET
> /service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
> 172.20.185.56 - - [12/Apr/2021:09:51:38 +0000] "GET
> /service/roles/secure/download/HIVE_CDH?pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528903&pluginCapabilities=fff&lastKnownRoleVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
> 172.20.185.56 - - [12/Apr/2021:09:51:38 +0000] "GET
> /service/plugins/secure/policies/download/HIVE_CDH?supportsPolicyDeltas=false&pluginId=hiveServer2%40idc-bigdata-185-56.jdy.kd.internal-HIVE_CDH&clusterName=&lastActivationTime=1618217528949&pluginCapabilities=fff&lastKnownVersion=-1
> HTTP/1.1" 401 52 "-" "Java/1.8.0_281"
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
