Ranger kms create key failed

0 votes

Hi Team,

I am new to this create key for ranger kms ,when I tried I am facing issue as mentioned below ,Please let me know which fiel is asking for? 

Command ::

hadoop key create keytest.

keytest has not been created. java.io.FileNotFoundException: <UrL>:9292/kms/v1/keys?user.name=ranger

java.io.FileNotFoundException:  <UrL>::9292/kms/v1/keys?user.name=ranger

    at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:275)

    at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77)

    at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:133)

    at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212)

    at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:133)

    at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)

    at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:322)

    at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:542)

    at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:537)

    at java.security.AccessController.doPrivileged(Native Method)

    at javax.security.auth.Subject.doAs(Subject.java:422)

    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1869)

    at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:536)

    at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createKeyInternal(KMSClientProvider.java:730)

    at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createKey(KMSClientProvider.java:740)

    at org.apache.hadoop.crypto.key.KeyShell$CreateCommand.execute(KeyShell.java:483)

    at org.apache.hadoop.crypto.key.KeyShell.run(KeyShell.java:79)

    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76)

    at org.apache.hadoop.crypto.key.KeyShell.main(KeyShell.java:515)
Oct 5 in Big Data Hadoop by Shilpa S
• 450 points

edited Oct 5 by Gitika 79 views

Hi@Shllpa,

I think the problem is in your configuration file. Check your configuration file. If you get the same error, then paste your configuration file here.

Sure let me paste

 <configuration>

    <property>
      <name>hadoop.kms.audit.aggregation.window.ms</name>
      <value>10000</value>
    </property>

    <property>
      <name>hadoop.kms.authentication.kerberos.keytab</name>
      <value>/etc/security/keytabs/spnego.service.keytab</value>
    </property>

    <property>
      <name>hadoop.kms.authentication.kerberos.name.rules</name>
      <value>RULE:[1:$1@$0](ambari-qa-cx_industry_dev@<URL>s/.*/ambari-qa/
RULE:[1:$1@$0](cdap-cx_industry_dev@<URL>s/.*/cdap/
RULE:[1:$1@$0](hbase-cx_industry_dev@<URL>s/.*/hbase/
RULE:[1:$1@$0](hdfs-cx_industry_dev@<URL>s/.*/hdfs/
RULE:[1:$1@$0](spark-cx_industry_dev@<URL>s/.*/spark/
RULE:[1:$1@$0](.*@<URL>s/@.*//
RULE:[2:$1@$0](amshbase@<URL>s/.*/ams/
RULE:[2:$1@$0](amszk@<URL>s/.*/ams/
RULE:[2:$1@$0](cdap@<URL>s/.*/cdap/
RULE:[2:$1@$0](dn@<URL>s/.*/hdfs/
RULE:[2:$1@$0](hbase@<URL>s/.*/hbase/
RULE:[2:$1@$0](hive@<URL>s/.*/hive/
RULE:[2:$1@$0](jhs@<URL>s/.*/mapred/
RULE:[2:$1@$0](jn@<URL>s/.*/hdfs/
RULE:[2:$1@$0](nm@<URL>s/.*/yarn/
RULE:[2:$1@$0](nn@<URL>s/.*/hdfs/
RULE:[2:$1@$0](rangeradmin@<URL>s/.*/ranger/
RULE:[2:$1@$0](rangerkms@<URL>s/.*/keyadmin/
RULE:[2:$1@$0](rangertagsync@<URL>s/.*/rangertagsync/
RULE:[2:$1@$0](rangerusersync@<URL>s/.*/rangerusersync/
RULE:[2:$1@$0](rm@<URL>s/.*/yarn/
RULE:[2:$1@$0](yarn@<URL>s/.*/yarn/
DEFAULT</value>
    </property>

    <property>
      <name>hadoop.kms.authentication.kerberos.principal</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.authentication.signer.secret.provider</name>
      <value>random</value>
    </property>

    <property>
      <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
      <value>kerberos</value>
    </property>
 <property>
      <name>hadoop.kms.authentication.zk-dt-secret-manager.enable</name>
      <value>true</value>
    </property>

    <property>
      <name>hadoop.kms.cache.enable</name>
      <value>false</value>
    </property>

    <property>
      <name>hadoop.kms.cache.timeout.ms</name>
      <value>0</value>
    </property>

    <property>
      <name>hadoop.kms.current.key.cache.timeout.ms</name>
      <value>0</value>
    </property>

    <property>
      <name>hadoop.kms.key.provider.uri</name>
      <value>dbks://http@localhost:9292/kms</value>
    </property>

<property>
      <name>hadoop.kms.proxyuser.ambari-server-cx_industry_dev.hosts</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.ambari-server-cx_industry_dev.users</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.hive.hosts</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.hive.users</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.HTTP.hosts</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.HTTP.users</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.livy.groups</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.livy.hosts</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.livy.users</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.ranger.groups</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.ranger.hosts</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.ranger.users</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.yarn.groups</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.yarn.hosts</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.proxyuser.yarn.users</name>
      <value>*</value>
    </property>

    <property>
      <name>hadoop.kms.security.authorization.manager</name>
      <value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
    </property>

 <property>
      <name>hadoop.security.keystore.JavaKeyStoreProvider.password</name>
      <value>none</value>
    </property>

  </configuration>
This is kms-site.xml .I couldnt find where I am missing .Please help me here

1 answer to this question.

0 votes
Best answer

Hi@shllpa,

I have checked your file. All seems good. Just try with the below property in your configuration file once.

  <property>
     <name>hadoop.kms.key.provider.uri</name>
     <value>jceks://file@/${user.home}/kms.keystore</value>
  </property>
answered Oct 6 by MD
• 79,930 points

selected Oct 14 by Shilpa S

Related Questions In Big Data Hadoop

0 votes
1 answer

Issue with GPG Key retrieval which failed Hadoop Bigtop installation process.

 I understood your problem, I hope you can ...READ MORE

answered May 24, 2019 in Big Data Hadoop by ravikiran
• 4,600 points
129 views
0 votes
1 answer

ERROR 2999: Unexpected internal error. Failed to create DataStorage.

Hi@akhtar, I think you didn't set all the ...READ MORE

answered Apr 17 in Big Data Hadoop by MD
• 79,930 points
166 views
0 votes
1 answer

Adding Ranger KMS server using ambari

Hi@Shllpa, It is asking for admin credentials. Did ...READ MORE

answered Sep 28 in Big Data Hadoop by MD
• 79,930 points
50 views
0 votes
1 answer

What is the command to find the free space in HDFS?

You can use dfsadmin which runs a ...READ MORE

answered Apr 29, 2018 in Big Data Hadoop by Shubham
• 13,450 points
670 views
0 votes
1 answer

How to find the used cache in HDFS

hdfs dfsadmin -report This command tells fs ...READ MORE

answered May 4, 2018 in Big Data Hadoop by Shubham
• 13,450 points
755 views
+1 vote
1 answer

Hadoop Mapreduce word count Program

Firstly you need to understand the concept ...READ MORE

answered Mar 16, 2018 in Data Analytics by nitinrawat895
• 10,950 points
6,351 views
0 votes
1 answer

hadoop.mapred vs hadoop.mapreduce?

org.apache.hadoop.mapred is the Old API  org.apache.hadoop.mapreduce is the ...READ MORE

answered Mar 16, 2018 in Data Analytics by nitinrawat895
• 10,950 points
983 views
+1 vote
1 answer

Not able to create kms key using ambari.

Hi@Shilpa, There may be a problem with your ...READ MORE

answered Nov 4 in Big Data Hadoop by MD
• 79,930 points
44 views
0 votes
1 answer

main" java.io.IOException: Mkdirs failed to create /user/hadoop/name.

Hi@akhtar,  I think you missed to add below property ...READ MORE

answered Apr 17 in Big Data Hadoop by MD
• 79,930 points
417 views