【已记录】ranger2.4.0同步doris-policy服务异常

Viewed 219

基础信息:

centos7 :linux 3.10.0-1160.76.1.el7.x86_64 x86_64 x86_64 x86_64 GNU/Linux
python : python2.7.5(ranger-admin中的PYTHON配置使用),python3.8.3
java: jvm/java-1.8.0  openjdk version "1.8.0_362"
doris:2.1.3
ranger:2.4.0 (ranger-admin, ranger-usersync)

操作过程:

1、编译下载安装ranger-admin,ranger-usersync:
	1.1:https://blog.csdn.net/qq_35370485/article/details/133313043
	1.2:https://www.cnblogs.com/shine-rainbow/p/17080132.html
2、安装doris-plugin,doris官网地址:https://doris.apache.org/zh-CN/docs/admin-manual/auth/ranger/?_highlight=ranger#%E5%AE%89%E8%A3%85-doris-ranger-%E6%8F%92%E4%BB%B6 完成安装
3、后台启动ranger-admin和ranger-usersync成功后进入rangerui配置doris,配置数据doris-service,配置过程中测试联通性显示

ranger_service_error1.jpg
在ranger-admin目录下install.properties文件注释该行 #hadoop_conf=/etc/hadoop/conf 后,执行./setup.sh 启动ranger-admin start,
在rangerui中配置doris-service测试联通性,报错如下

Connection Failed.
Unable to connect repository with given config for zw_doris123_test 

image.png

在ranger-admin目录下install.properties文件不注释该行 hadoop_conf=/etc/hadoop/conf 后,执行./setup.sh 启动ranger-admin start,
在rangerui中配置doris-service测试联通性,第一层测试联通性显示Connected Successfully.
image.png
以上配置add新增成功后
image.png
点开配置再次测试,ranger-ui弹窗报错

Connection Failed.
Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.

org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance..
Access denied for user 'admin@xx.xx.xx.xx' (using password: YES).

image.png
配置doris-policy过程中,不能match到对应数据库表
image.png
按照官网配置policy例子,用新建用户登入不能实现policy效果

报错日志:

doris-fe/log/ranger.log报错

2024-05-28 15:39:59  [ PolicyRefresher(serviceName=doris)-267:20467934 ] - [ ERROR ]  Error getting Roles; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=doris, lastK
nownRoleVersion=-1, lastActivationTimeInMillis=1716881969495
2024-05-28 15:39:59  [ PolicyRefresher(serviceName=doris)-267:20467934 ] - [ ERROR ]  RangerRolesProvider(serviceName=doris): failed to find service. Will clean up local cache of roles (-1)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: doris
        at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
        at org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdatedWithCred(RangerAdminRESTClient.java:1231)
        at org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdated(RangerAdminRESTClient.java:167)
        at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRolesFromAdmin(RangerRolesProvider.java:183)
        at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRoles(RangerRolesProvider.java:123)
        at org.apache.ranger.plugin.util.PolicyRefresher.loadRoles(PolicyRefresher.java:495)
        at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:208)
2024-05-28 15:39:59  [ PolicyRefresher(serviceName=doris)-267:20467944 ] - [ ERROR ]  Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=doris, l$stKnownVersion=-1, lastActivationTimeInMillis=1716861599375
2024-05-28 15:39:59  [ PolicyRefresher(serviceName=doris)-267:20467945 ] - [ ERROR ]  PolicyRefresher(serviceName=doris): failed to find service. Will clean up local cache of policies (-1)

ranger-admin 目录下ranger-admin/ews/logs/ranger-admin-node1-root.log日志报错

2024-05-28 06:07:52,831 [http-nio-6080-exec-8] ERROR [ServiceUtil.java:1364] Requested Service not found. serviceName=doris
2024-05-28 06:07:52,832 [http-nio-6080-exec-8] INFO [RESTErrorUtil.java:346] Request failed. loginId=null, logMessage="RANGER_ERROR_SERVICE_NOT_FOUND: ServiceName=doris"
javax.ws.rs.WebApplicationException: null
5 Answers

【问题状态】已记录
【问题处理】内部定位中,有进展会更新回帖

ranger-doris-security.xml 里面
ranger.plugin.doris.service.name配置的是什么?应该配制成你创建的Service Name
image.png

修改后的 ranger-doris-security.xml 和 报错信息贴一下?

我的也是不能选择catalog 、database,但是手工输入是有效的。可以试下。我也不确定正常是否可以下拉选择,(注:配置ranger 的doris账号密码不能为空)。