Ranger Kms having multiple instance enabled.

0 votes

Hi team,

I was installing multiple ranger KMS service on the Ambari. When I tried with a single instance say suppose node1 we are able to create the KMS key successfully.

After that, I added one more instance .and try to create key say suppose node2 

ITS throwing error as:

[user@data01 ~]$ hadoop key create keytrustee_test2
20/10/22 14:52:19 WARN kms.LoadBalancingKMSClientProvider: KMS provider at [http://node2::19292/kms/v1/] threw an IOException!! java.io.FileNotFoundException: http://node2:9292/kms/v1/keys?user.name=opc
    at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:275)
    at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:77)
    at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:133)
    at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:212)
    at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:133)
    at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)
    at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:322)
    at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:542)
    at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:537)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1869)
    at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:536)
    at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createKeyInternal(KMSClientProvider.java:730)
    at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createKey(KMSClientProvider.java:740)
    at org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$13.call(LoadBalancingKMSClientProvider.java:300)
    at org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider$13.call(LoadBalancingKMSClientProvider.java:296)
    at org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.doOp(LoadBalancingKMSClientProvider.java:95)
    at org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.createKey(LoadBalancingKMSClientProvider.java:296)
    at org.apache.hadoop.crypto.key.KeyShell$CreateCommand.execute(KeyShell.java:483)
    at org.apache.hadoop.crypto.key.KeyShell.run(KeyShell.java:79)
    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76)
    at org.apache.hadoop.crypto.key.KeyShell.main(KeyShell.java:515)

Same for node 2 

What exactly I am missing here. Please pour some suggestions.

Oct 22 in Big Data Hadoop by Shilpa S
• 450 points

edited Oct 23 by MD 54 views

1 answer to this question.

0 votes

Hi@Shllpa,

First, you need to check the network connectivity between your instance and all the configuration files of KMS. Another reason maybe if the KMS (Hadoop Key Management Server) is down and Kerberos is not able to talk to this KMS service to get the delegation token to submit the ingestion map-reduce job.

answered Oct 23 by MD
• 77,580 points

Hi,
Thanks for inputs but connectivity is fine "

[user@data05 ~]$ curl -v -u  "keyadmin:keyadmin1" http://URL:9292/kms
* About to connect() to data05.data.cxidev.oraclevcn.com port 9292 (#0)
*   Trying <ipaddr>
* Connected to data05.data.cxidev.oraclevcn.com (172.16.8.6) port 9292 (#0)
* Server auth using Basic with user 'keyadmin'
> GET /kms HTTP/1.1
> Authorization: Basic <auth>
> User-Agent: curl/7.29.0
> Host: urlm:9292
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
< Content-Length: 0
< Date: Fri, 23 Oct 2020 06:38:06 GMT
<
* Connection #0 to host user left intact"
Hi@Shilpa,

It is related to network connectivity. In your second instance check all the configuration files.

Related Questions In Big Data Hadoop

0 votes
1 answer

How to read Spark elements having multiple lines each?

Try this: val new_records = sc.newAPIHadoopRDD(hadoopConf,classOf[ ...READ MORE

answered Dec 12, 2018 in Big Data Hadoop by Omkar
• 69,030 points
480 views
0 votes
1 answer

HA ranger KMS ,

Hi@Shilpa, If you have installed Ranger through Ambari ...READ MORE

answered Oct 15 in Big Data Hadoop by MD
• 77,580 points
41 views
0 votes
1 answer

Enable HA for ranger KMS.

Hi, If you have installed Ranger through Ambari ...READ MORE

answered Oct 15 in Big Data Hadoop by MD
• 77,580 points
42 views
0 votes
1 answer

Ranger kms is not coming up

Hi@Shilpa, There may be lots of reasons behind ...READ MORE

answered Oct 19 in Big Data Hadoop by MD
• 77,580 points
98 views
+1 vote
1 answer

Hadoop Mapreduce word count Program

Firstly you need to understand the concept ...READ MORE

answered Mar 16, 2018 in Data Analytics by nitinrawat895
• 10,950 points
6,331 views
0 votes
1 answer

hadoop.mapred vs hadoop.mapreduce?

org.apache.hadoop.mapred is the Old API  org.apache.hadoop.mapreduce is the ...READ MORE

answered Mar 16, 2018 in Data Analytics by nitinrawat895
• 10,950 points
977 views
+1 vote
11 answers

hadoop fs -put command?

put syntax: put <localSrc> <dest> copy syntax: copyF ...READ MORE

answered Dec 7, 2018 in Big Data Hadoop by Aditya
41,628 views
–1 vote
1 answer

Hadoop dfs -ls command?

In your case there is no difference ...READ MORE

answered Mar 16, 2018 in Big Data Hadoop by kurt_cobain
• 9,320 points
2,370 views
0 votes
1 answer

Adding Ranger KMS server using ambari

Hi@Shllpa, It is asking for admin credentials. Did ...READ MORE

answered Sep 28 in Big Data Hadoop by MD
• 77,580 points
49 views
0 votes
1 answer

Ranger kms create key failed

Hi@shllpa, I have checked your file. All seems ...READ MORE

answered Oct 6 in Big Data Hadoop by MD
• 77,580 points
76 views