You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Pradeep Agrawal (Jira)" <ji...@apache.org> on 2020/07/17 05:37:00 UTC

[jira] [Updated] (RANGER-2751) SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto (Prestosql 310) - Policy synch up not happening

     [ https://issues.apache.org/jira/browse/RANGER-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pradeep Agrawal updated RANGER-2751:
------------------------------------
    Fix Version/s:     (was: 2.1.0)

> SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto (Prestosql 310) - Policy synch up not happening 
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2751
>                 URL: https://issues.apache.org/jira/browse/RANGER-2751
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 2.1.0
>            Reporter: sajai
>            Priority: Major
>
> *Facing the below error when trying to integrate Apache Ranger with Prestosql (310 version).*
> *Both Ranger and Presto is working independently, but the Presto policies from Ranger are not downloading/refreshing. Couldn't find the policies downloaded in Ranger web ui in Audits/Plugin tab. Also if we remove SSL from Ranger side it starts working fine. Issue is only when SSL is enabled in Ranger, then Presto inot working with Ranger,*
> 2020-03-04T07:50:59.600-0600 ERROR Thread-91 org.apache.ranger.plugin.util.PolicyRefresher PolicyRefresher(serviceName=presto-catalogs-dev): failed to refresh policies. Will continue to use last known version of policies (-1)
> java.lang.IllegalArgumentException: TrustManager is not specified
> *ranger-2.1.0-SNAPSHOT-admin/install.properties:-*
> db_root_user=root
> db_root_password=Sqlpwd@123
> db_host=localhost
> db_name=ranger
> db_user=rangeradmin
> db_password=Rangerpwd@123
> rangerAdmin_password=Rangerpwd@123
> rangerTagsync_password=Rangerpwd@123
> rangerUsersync_password=Rangerpwd@123
> keyadmin_password=Rangerpwd@123
> policymgr_external_url=https://hostname_ranger:6182
> policymgr_http_enabled=false
> policymgr_https_keystore_file=/opt/iss_cert/clientcert.jks
> policymgr_https_keystore_keyalias=kkkk
> policymgr_https_keystore_password=31b17532aeb4fb5ba3af2bae850567
> unix_user=ranger
> unix_user_pwd=Rangerpwd@123
> unix_group=ranger
> #LDAP|ACTIVE_DIRECTORY|UNIX|NONE
> authentication_method=LDAP
> xa_ldap_url=ldaps://hostname_ldapserver:636
> xa_ldap_userDNpattern=uid=\{0},OU=xxx,DC=xx,DC=cccc,DC=COM
> xa_ldap_groupSearchBase=DC=xxx,DC=ccc,DC=COM
> xa_ldap_groupSearchFilter=(member=cn=\{0},OU=xxx,DC=xx,DC=cccc,DC=COM)
> xa_ldap_groupRoleAttribute=cn
> xa_ldap_base_dn=DC=xx,DC=cccc,DC=COM
> xa_ldap_bind_dn=CN=XXX,OU=XX,DC=xx,DC=cccc,DC=COM
> xa_ldap_bind_password=uBLRxxxxxxxxzVJK
> xa_ldap_referral=follow
> xa_ldap_userSearchFilter=(uid=\{0})
> *With the above values,able to start ranger with SSL and LDAP enabled and also able to login succesfully with both unix admin credentials and also with ldap credentials.*
>  
> *ranger-2.1.0-SNAPSHOT-presto-plugin/install.properties:-*
> POLICY_MGR_URL=https:/hostname_ranger:6182
> REPOSITORY_NAME=presto-catalogs-dev
> *# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.*
> SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
> SSL_KEYSTORE_PASSWORD=none
> SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
> SSL_TRUSTSTORE_PASSWORD=none
> *keep blank if component user is default*
> CUSTOM_USER=
> *keep blank if component group is default*
> CUSTOM_GROUP=
>  
> *presto-server-310/etc/config.properties:-*
> coordinator=true
> node-scheduler.include-coordinator=true
> http-server.http.enabled=false
> node.internal-address-source=FQDN
> node.internal-address=hostname_presto
> internal-communication.https.required=true
> internal-communication.https.keystore.path=/opt/iss_cert/clientcert.jks
> internal-communication.https.keystore.key=31b17532aeb4fb5ba3af2bae850567
> discovery-server.enabled=true
> discovery.uri=https://hostname_presto:8443
> http-server.authentication.type=PASSWORD,CERTIFICATE
> http-server.https.enabled=true
> http-server.https.port=8443
> http-server.https.keystore.path=/opt/iss_cert/clientcert.jks
> http-server.https.keystore.key=31b17532aeb4fb5ba3af2bae850567



--
This message was sent by Atlassian Jira
(v8.3.4#803005)