If you're setting up a cluster and experiencing issues with Ranger usersync, you may encounter error messages in the /var/log/ranger/usersync/usersync.log file. Specifically, you might see errors like the following:
11 Feb 2022 15:15:46 ERROR CustomSSLSocketFactory [UnixUserSyncThread] - Unable to obtain keystore from file [/usr/hdp/current/ranger-usersync/conf/mytruststore.jks]
11 Feb 2022 15:15:46 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: javax.naming.CommunicationException: adhost1.example.com:636 [Root exception is java.lang.NullPointerException]
These errors can be frustrating to deal with, but there are steps you can take to address them. One solution involves extracting an Active Directory (AD) cert and importing it into the Ranger usersync truststore. Finally, you'll need to update the password for the truststore through Ambari. By following these steps, you can get Ranger usersync up and running smoothly.
Solution: How to Fix Ranger Usersync Failure on Your Cluster
To resolve this issue, follow these simple steps:
Step 1: Extract the AD cert To extract the AD cert, use the following command:
perlecho -n | openssl s_client -connect adhost1.example.com:636 \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ad_cert.cert
Step 2: Import the extracted cert into Ranger usersync truststore To import the extracted cert into the Ranger usersync truststore, use the following command:
bashkeytool -import -trustcacerts -alias AD_cert -keystore /usr/hdp/current/ranger-usersync/conf/mytruststore.jks -file /tmp/ad_cert.cert
Make sure to choose the password you want to set for this keystore.
Step 3: Update the Ranger usersync truststore password To update the password for the Ranger usersync truststore, follow these steps:
- Go to Ambari.
- Navigate to Ranger --> Configs --> Advanced --> Advanced ranger-ugsync-site --> ranger.usersync.truststore.password.
- Update the password.
By following these simple steps, you should be able to fix the Ranger usersync failure on your cluster.
No comments:
Post a Comment