Issues with UserSync

Tue, 09 Jun 2015 07:40:39 -0700 

Hi All,

As I am using Ranger with Unix authentication to manage the security of
HDFS on my cluster, I could not help but notice that even if I add users to
groups in the Ranger console, Ranger cannot find to which groups they
belong, and therefore do not authorize them to perform actions they should
be able to do.

As I thought this issue came from UserSync, I noticed that in its logs the
following exception is printed every minute :

ERROR PasswordValidator [Thread-22] - Response [FAILED: unable to validate
due to error javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake] for user: null
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
        at sun.security.ssl.AppInputStream.read(Unknown Source)
        at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
        at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
        at sun.nio.cs.StreamDecoder.read(Unknown Source)
        at java.io.InputStreamReader.read(Unknown Source)
        at java.io.BufferedReader.fill(Unknown Source)
        at java.io.BufferedReader.readLine(Unknown Source)
        at java.io.BufferedReader.readLine(Unknown Source)
        at
com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(Unknown Source)
        ... 13 more

As usually this is the sign of a problem of missing certificate, I ensured
the certificate corresponding to Unix authentication (<host>:5151) is in
Java trustore and restarted the NameNode and Ranger, but nothing changed.

When looking a little bit more into RangerAdmin and RangerUserSync logs, it
seems that RangerAdmin is the source of the problem, closing the connection
before handshake is fully established, but I have no idea about how to
correct it.

Did someone encountered this error too ? Did I miss something ?

Thanks in advance for your help,


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

Reply via email to