Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1415

The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 0.7.0
    • 1.0.0
    • plugins
    • Patch

    Description

      The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
      2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
      2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
      org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
      at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
      at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
      at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
      at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
      at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
      Reason:
      The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.

      The program should be compatible with this situation like the browser.

      Scenario:
      The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml

      Test and verify:
      I carefully tested and verified the patch before commit the issue.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. RANGER-2454 Remove the trailing slash in Ranger URL in RangerAdminJersey2RESTClient

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link https://reviews.apache.org/r/57127/

          Activity

            People

              zhangqiang2 Qiang Zhang
              zhangqiang2 Qiang Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: