have u enabled XAAUDIT.DB.IS_ENABLED=true ???
Thanks & Regards Amithsha On Sat, Mar 7, 2015 at 11:42 AM, Amith sha <[email protected]> wrote: > check your database have u found any entry for audit > > Thanks & Regards > Amithsha > > On Fri, Mar 6, 2015 at 7:15 PM, Hadoop Solutions <[email protected]> > wrote: > >> I saw following exception related to Ranger: >> >> 2015-03-06 13:21:36,414 INFO ipc.Server (Server.java:saslProcess(1306)) >> - Auth successful for jhs/[email protected] >> (auth:KERBEROS) >> 2015-03-06 13:21:36,422 INFO authorize.ServiceAuthorizationManager >> (ServiceAuthorizationManager.java:authorize(118)) - Authorization >> successful for jhs/[email protected] >> (auth:KERBEROS) for protocol=interface >> org.apache.hadoop.hdfs.protocol.ClientProtocol >> 2015-03-06 13:21:36,528 INFO provider.AuditProviderFactory >> (AuditProviderFactory.java:<init>(60)) - AuditProviderFactory: creating.. >> 2015-03-06 13:21:36,529 INFO provider.AuditProviderFactory >> (AuditProviderFactory.java:init(90)) - AuditProviderFactory: initializing.. >> 2015-03-06 13:21:36,645 INFO provider.AuditProviderFactory >> (AuditProviderFactory.java:init(107)) - AuditProviderFactory: Audit not >> enabled.. >> 2015-03-06 13:21:36,660 INFO config.PolicyRefresher >> (PolicyRefresher.java:<init>(60)) - Creating PolicyRefreshser with url: >> null, refreshInterval: 60000, sslConfigFileName: null, lastStoredFileName: >> null >> 2015-03-06 13:21:36,668 ERROR config.PolicyRefresher >> (PolicyRefresher.java:checkFileWatchDogThread(138)) - Unable to start the >> FileWatchDog for path [null] >> java.lang.NullPointerException >> at >> com.xasecure.pdp.config.ConfigWatcher.getAgentName(ConfigWatcher.java:474) >> at >> com.xasecure.pdp.config.ConfigWatcher.<init>(ConfigWatcher.java:124) >> at >> com.xasecure.pdp.config.PolicyRefresher$1.<init>(PolicyRefresher.java:124) >> at >> com.xasecure.pdp.config.PolicyRefresher.checkFileWatchDogThread(PolicyRefresher.java:124) >> at >> com.xasecure.pdp.config.PolicyRefresher.<init>(PolicyRefresher.java:69) >> at >> com.xasecure.pdp.hdfs.URLBasedAuthDB.<init>(URLBasedAuthDB.java:84) >> at >> com.xasecure.pdp.hdfs.URLBasedAuthDB.getInstance(URLBasedAuthDB.java:67) >> at >> com.xasecure.pdp.hdfs.XASecureAuthorizer.<clinit>(XASecureAuthorizer.java:28) >> at java.lang.Class.forName0(Native Method) >> at java.lang.Class.forName(Class.java:190) >> at >> com.xasecure.authorization.hadoop.HDFSAccessVerifierFactory.getInstance(HDFSAccessVerifierFactory.java:43) >> at >> org.apache.hadoop.hdfs.server.namenode.XaSecureFSPermissionChecker.AuthorizeAccessForUser(XaSecureFSPermissionChecker.java:137) >> at >> org.apache.hadoop.hdfs.server.namenode.XaSecureFSPermissionChecker.check(XaSecureFSPermissionChecker.java:108) >> at >> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java) >> at >> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkTraverse(FSPermissionChecker.java:208) >> at >> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:171) >> at >> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:6515) >> at >> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:6497) >> at >> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPathAccess(FSNamesystem.java:6422) >> at >> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getListingInt(FSNamesystem.java:4957) >> at >> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getListing(FSNamesystem.java:4918) >> at >> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.getListing(NameNodeRpcServer.java:826) >> at >> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.getListing(ClientNamenodeProtocolServerSideTranslatorPB.java:612) >> at >> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java) >> at >> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:619) >> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:962) >> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2039) >> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2035) >> at java.security.AccessController.doPrivileged(Native Method) >> at javax.security.auth.Subject.doAs(Subject.java:415) >> at >> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628) >> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2033) >> 2015-03-06 13:21:36,670 INFO hadoop.HDFSAccessVerifierFactory >> (HDFSAccessVerifierFactory.java:getInstance(44)) - Created a new instance >> of class: [com.xasecure.pdp.hdfs.XASecureAuthorizer] for HDFS Access >> verification. >> 2015-03-06 13:21:37,212 INFO namenode.FSNamesystem >> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt file >> blocks. >> 2015-03-06 13:21:37,718 INFO namenode.FSNamesystem >> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt file >> blocks. >> 2015-03-06 13:21:38,974 INFO ipc.Server (Server.java:saslProcess(1306)) >> - Auth successful for oozie/[email protected] >> (auth:KERBEROS) >> 2015-03-06 13:21:38,984 INFO authorize.ServiceAuthorizationManager >> (ServiceAuthorizationManager.java:authorize(118)) - Authorization >> successful for oozie/[email protected] >> (auth:KERBEROS) for protocol=interface >> org.apache.hadoop.hdfs.protocol.ClientProtocol >> 2015-03-06 13:21:44,515 INFO namenode.FSNamesystem >> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt file >> blocks. >> 2015-03-06 13:21:45,000 INFO namenode.FSNamesystem >> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt file >> blocks. >> 2015-03-06 13:21:50,709 INFO blockmanagement.CacheReplicationMonitor >> (CacheReplicationMonitor.java:run(178)) - Rescanning after 30000 >> milliseconds >> 2015-03-06 13:21:50,710 INFO blockmanagement.CacheReplicationMonitor >> (CacheReplicationMonitor.java:run(201)) - Scanned 0 directive(s) and 0 >> block(s) in 1 millisecond(s). >> >> >> On 6 March 2015 at 21:38, Hadoop Solutions <[email protected]> >> wrote: >> >>> After adding xasecure.add-hadoop-authorization as true, i can able to >>> access hadoop file system. >>> >>> I have restarted HDFS and Ranger Admin, but still i am not able to see >>> agents in Ranger console. >>> >>> On 6 March 2015 at 21:07, Amith sha <[email protected]> wrote: >>> >>>> make the xasecure.add-hadoop-authorization as true and after editing >>>> the configuration files first restart Hadoop then restart Ranger and then >>>> try to access >>>> >>>> Thanks & Regards >>>> Amithsha >>>> >>>> On Fri, Mar 6, 2015 at 6:29 PM, Muthu Pandi <[email protected]> >>>> wrote: >>>> >>>>> Did you got the plugin working?? are u able to see the agent in ranger >>>>> console? >>>>> >>>>> You have disabled the Hadoop authorization in the audit file it seems >>>>> so change >>>>> >>>>> xasecure.add-hadoop-authorization to true in the audit file >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *RegardsMuthupandi.K* >>>>> >>>>> Think before you print. >>>>> >>>>> >>>>> >>>>> On Fri, Mar 6, 2015 at 6:13 PM, Hadoop Solutions < >>>>> [email protected]> wrote: >>>>> >>>>>> Thank you for your help, Muthu. >>>>>> >>>>>> I am using HDP 2.2 and i have added audit.xml file. After that i am >>>>>> seeing following error messages. >>>>>> >>>>>> 2015-03-06 12:40:51,119 INFO namenode.FSNamesystem >>>>>> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt >>>>>> file >>>>>> blocks. >>>>>> 2015-03-06 12:40:51,485 INFO namenode.FSNamesystem >>>>>> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt >>>>>> file >>>>>> blocks. >>>>>> 2015-03-06 12:40:56,888 INFO ipc.Server (Server.java:run(2060)) - >>>>>> IPC Server handler 16 on 8020, call >>>>>> org.apache.hadoop.hdfs.protocol.ClientProtocol.getListing from >>>>>> 10.193.153.220:50271 Call#5020 Retry#0 >>>>>> com.xasecure.authorization.hadoop.exceptions.XaSecureAccessControlException: >>>>>> Permission denied: principal{user=mapred,groups: [hadoop]}, >>>>>> access=EXECUTE, >>>>>> directory="/" >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.XaSecureFSPermissionChecker.check(XaSecureFSPermissionChecker.java:112) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkTraverse(FSPermissionChecker.java:208) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:171) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:6515) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:6497) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPathAccess(FSNamesystem.java:6422) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getListingInt(FSNamesystem.java:4957) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getListing(FSNamesystem.java:4918) >>>>>> at >>>>>> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.getListing(NameNodeRpcServer.java:826) >>>>>> at >>>>>> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.getListing(ClientNamenodeProtocolServerSideTranslatorPB.java:612) >>>>>> at >>>>>> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java) >>>>>> at >>>>>> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:619) >>>>>> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:962) >>>>>> at >>>>>> org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2039) >>>>>> at >>>>>> org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2035) >>>>>> at java.security.AccessController.doPrivileged(Native Method) >>>>>> at javax.security.auth.Subject.doAs(Subject.java:415) >>>>>> at >>>>>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628) >>>>>> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2033) >>>>>> >>>>>> >>>>>> Can you please let me know wht it belongs to. >>>>>> >>>>>> Thanks, >>>>>> Shaik >>>>>> >>>>>> >>>>>> On 6 March 2015 at 18:31, Muthu Pandi <[email protected]> wrote: >>>>>> >>>>>>> From your logs it looks like you are using HDP. and the audit.xml >>>>>>> file is not in CLASSPATH what version of HDP you r using >>>>>>> >>>>>>> this link is for ranger installation on HDP2.2 >>>>>>> http://hortonworks.com/blog/apache-ranger-audit-framework/ make >>>>>>> sure you have followed everything, below is the snippet from the earlier >>>>>>> link which deals with the placing xml file on correct path. >>>>>>> >>>>>>> [image: Inline image 1] >>>>>>> >>>>>>> >>>>>>> >>>>>>> *RegardsMuthupandi.K* >>>>>>> >>>>>>> Think before you print. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Mar 6, 2015 at 2:55 PM, Hadoop Solutions < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Mathu, >>>>>>>> >>>>>>>> Please find the attached NN log. >>>>>>>> >>>>>>>> i have copied all jar to /usr/hdp/current/hadoop-hdfs-namenode/lib >>>>>>>> location. >>>>>>>> >>>>>>>> please provide me the right solution for this issue. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Shaik >>>>>>>> >>>>>>>> On 6 March 2015 at 15:48, Muthu Pandi <[email protected]> wrote: >>>>>>>> >>>>>>>>> Could you post the logs of your Active NN or the NN where you >>>>>>>>> deployed your Ranger >>>>>>>>> >>>>>>>>> Also Make sure you have copied your JARS to respective folders and >>>>>>>>> restarted the cluster. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *RegardsMuthupandi.K* >>>>>>>>> >>>>>>>>> Think before you print. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Mar 6, 2015 at 1:08 PM, Hadoop Solutions < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Amithsha, >>>>>>>>>> >>>>>>>>>> I have deployed ranger-hdfs-plugin again with HA NN url. >>>>>>>>>> >>>>>>>>>> But, i am agents are not listed in Ranger Agents. I am using HDP >>>>>>>>>> 2.2. >>>>>>>>>> >>>>>>>>>> Please advise to resolve this issue. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Shaik >>>>>>>>>> >>>>>>>>>> On 6 March 2015 at 14:48, Amith sha <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Shail, >>>>>>>>>>> >>>>>>>>>>> Below mentioned steps are mentioned in Ranger Guide to enable >>>>>>>>>>> Ranger >>>>>>>>>>> plugin In Hadoop HA cluster >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> To enable Ranger in the HDFS HA environment, an HDFS plugin must >>>>>>>>>>> be >>>>>>>>>>> set up in each NameNode, and then pointed to the same HDFS >>>>>>>>>>> repository >>>>>>>>>>> set up in the Security Manager. Any policies created within that >>>>>>>>>>> HDFS >>>>>>>>>>> repository are automatically synchronized to the primary and >>>>>>>>>>> secondary >>>>>>>>>>> NameNodes through the installed Apache Ranger plugin. That way, >>>>>>>>>>> if the >>>>>>>>>>> primary NameNode fails, the secondary namenode takes over and the >>>>>>>>>>> Ranger plugin at that NameNode begins to enforce the same >>>>>>>>>>> policies for >>>>>>>>>>> access control. >>>>>>>>>>> When creating the repository, you must include the >>>>>>>>>>> fs.default.name for >>>>>>>>>>> the primary NameNode. If the primary NameNode fails during policy >>>>>>>>>>> creation, you can then temporarily use the fs.default.name of >>>>>>>>>>> the >>>>>>>>>>> secondary NameNode in the repository details to enable directory >>>>>>>>>>> lookup for policy creation. >>>>>>>>>>> >>>>>>>>>>> Thanks & Regards >>>>>>>>>>> Amithsha >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Fri, Mar 6, 2015 at 12:00 PM, Hadoop Solutions >>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> > Hi, >>>>>>>>>>> > >>>>>>>>>>> > I have installed Ranger from Git repo and I have started >>>>>>>>>>> Ranger console. >>>>>>>>>>> > >>>>>>>>>>> > I am trying to deploy ranger-hdfs plugin on active NN. But, >>>>>>>>>>> plugin agent >>>>>>>>>>> > unable to contact with Ranger. >>>>>>>>>>> > >>>>>>>>>>> > Can you please let me know the right procedure for ranger-hdfs >>>>>>>>>>> plugin >>>>>>>>>>> > deployment on HA NN cluster. >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > Regards, >>>>>>>>>>> > Shaik >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
