forked from docs/doc-exports
Yang, Tong
6182f91ba8
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
29 lines
3.5 KiB
HTML
29 lines
3.5 KiB
HTML
<a name="mrs_01_2355"></a><a name="mrs_01_2355"></a>
|
|
|
|
<h1 class="topictitle1">When an HBase Policy Is Added or Modified on Ranger, Wildcard Characters Cannot Be Used to Search for Existing HBase Tables</h1>
|
|
<div id="body0000001092153992"><div class="section" id="mrs_01_2355__section189212035142019"><h4 class="sectiontitle">Question</h4><p id="mrs_01_2355__p8060118">When a Ranger access permission policy is added for HBase and wildcard characters are used to search for an existing HBase table in the policy, the table cannot be found. The following error is reported in <strong id="mrs_01_2355__b113411195714">/var/log/Bigdata/ranger/rangeradmin/ranger-admin-*log</strong>:</p>
|
|
<pre class="screen" id="mrs_01_2355__screen17698922134015">Caused by: javax.security.sasl.SaslException: No common protection layer between client and server
|
|
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:253)
|
|
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:186)
|
|
at org.apache.hadoop.hbase.security.AbstractHBaseSaslRpcClient.evaluateChallenge(AbstractHBaseSaslRpcClient.java:142)
|
|
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler$2.run(NettyHBaseSaslRpcClientHandler.java:142)
|
|
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler$2.run(NettyHBaseSaslRpcClientHandler.java:138)
|
|
at java.security.AccessController.doPrivileged(Native Method)
|
|
at javax.security.auth.Subject.doAs(Subject.java:422)
|
|
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1761)
|
|
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler.channelRead0(NettyHBaseSaslRpcClientHandler.java:138)
|
|
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler.channelRead0(NettyHBaseSaslRpcClientHandler.java:42)
|
|
at org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
|
|
at org.apache.hbase.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)</pre>
|
|
</div>
|
|
<div class="section" id="mrs_01_2355__sb821aee499864a0598739905b0c6889b"><h4 class="sectiontitle">Answer</h4><p id="mrs_01_2355__p1776194693617">The value of <strong id="mrs_01_2355__b1258761216020">hbase.rpc.protection</strong> of the HBase service plug-in on Ranger must be the same as that of <strong id="mrs_01_2355__b958881215019">hbase.rpc.protection</strong> on the HBase server.</p>
|
|
<ol id="mrs_01_2355__ol090513438258"><li id="mrs_01_2355__li14676284262"><span>Log in to the Ranger management page. For details, see <a href="mrs_01_1850.html">Logging In to the Ranger Web UI</a>.</span></li><li id="mrs_01_2355__li13147231112419"><span>In the <strong id="mrs_01_2355__b16464728319">HBASE</strong> area on the home page, click the component plug-in name, for example, the <span><img id="mrs_01_2355__image1876104732217" src="en-us_image_0000001349170149.png"></span> button of HBase.</span></li><li id="mrs_01_2355__li18658932173820"><span>Search for the configuration item <strong id="mrs_01_2355__b194723511322">hbase.rpc.protection</strong> and change its value to the value of <strong id="mrs_01_2355__b56621826331">hbase.rpc.protection</strong> on the HBase server.</span></li><li id="mrs_01_2355__li150566193215"><span>Click <strong id="mrs_01_2355__b2554105012508">Save</strong>.</span></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1866.html">Common Issues About Ranger</a></div>
|
|
</div>
|
|
</div>
|
|
|