Apache Ranger tips and tid bits
1. Error syncing users
Observation: org/apache/commons/httpclient/URIException in ranger log
ERROR UserGroupSync [UnixUserSyncThread] - Failed to synchronize UserGroup information. Error details: java.lang.NoClassDefFoundError: org/apache/commons/httpclient/URIException at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.delXUserGroupInfo(PolicyMgrUserGroupBuilder.java:615) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.delXUserGroupInfo(PolicyMgrUserGroupBuilder.java:600) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateUser(PolicyMgrUserGroupBuilder.java:326) at org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder.updateSink(FileSourceUserGroupBuilder.java:97) at org.apache.ranger.usergroupsync.UserGroupSync.syncUserGroup(UserGroupSync.java:113) at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:87) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassNotFoundException: org.apache.commons.httpclient.URIException at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 7 more
Resolution
Copy commons-httpclient-3.1.jar
and commons-codec-1.9.jar
to /usr/hdp/current/ranger-usersync/lib/
on the server running ranger usersync service.
cp /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/lib/commons-httpclient-3.1.jar /usr/hdp/current/ranger-usersync/lib/ cp /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/lib/commons-codec-1.9.jar /usr/hdp/current/ranger-usersync/lib/
2. Manually triggering user-sync for Ranger
When using Unix user accounts
# java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.UnixUserGroupBuilder
When using LDAP user accounts
# java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/*:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder java -Dlogdir=/var/log/ranger/usersync -cp "/usr/hdp/current/ranger-usersync/dist/unixusersync-0.5.0.2.3.2.0-2950.jar:/usr/hdp/current/ranger-usersync/lib/*:/etc/ranger/usersync/conf" org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder