doris 2.1.4 使用ranger报错

Viewed 33

根据 https://doris.apache.org/zh-CN/docs/admin-manual/auth/ranger 配置, 在添加doris服务的时候, 点Test Connection, 页面显示连接成功, 但是后台日志报错

2024-07-09 05:08:34,667 [timed-executor-pool-0] WARN [SecureClientLogin.java:123] Can't find keyTab Path : null
2024-07-09 05:08:34,667 [timed-executor-pool-0] WARN [SecureClientLogin.java:127] Can't find principal : null
2024-07-09 05:08:34,668 [timed-executor-pool-0] ERROR [PasswordUtils.java:165] Unable to decrypt password due to error
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
        at com.sun.crypto.provider.CipherCore.prepareInputBuffer(CipherCore.java:1005)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:848)
        at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:432)
        at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
        at javax.crypto.Cipher.doFinal(Cipher.java:2164)
        at org.apache.ranger.plugin.util.PasswordUtils.decrypt(PasswordUtils.java:150)
        at org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:138)
        at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:109)
        at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:61)
        at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:53)
        at org.apache.ranger.services.doris.client.DorisClient.<init>(DorisClient.java:65)
        at org.apache.ranger.services.doris.client.DorisClient.connectionTest(DorisClient.java:622)
        at org.apache.ranger.services.doris.client.DorisResourceManager.connectionTest(DorisResourceManager.java:50)
        at org.apache.ranger.services.doris.RangerServiceDoris.validateConfig(RangerServiceDoris.java:52)
        at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:655)
        at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:642)
        at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:603)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
2024-07-09 05:08:34,668 [timed-executor-pool-0] INFO [BaseClient.java:111] Password decryption failed; trying connection with received password string
2024-07-09 05:08:34,668 [timed-executor-pool-0] INFO [BaseClient.java:126] Init Login: security not enabled, using username

点击save后, 再次进入页面测试连接报错

Connection Failed.
Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info.

org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance..
Access denied for user 'admin@10.172.130.176' (using password: YES)

同时后台报错

2024-07-09 05:10:33,973 [timed-executor-pool-0] WARN [SecureClientLogin.java:123] Can't find keyTab Path : null
2024-07-09 05:10:33,974 [timed-executor-pool-0] WARN [SecureClientLogin.java:127] Can't find principal : null
2024-07-09 05:10:33,980 [timed-executor-pool-0] INFO [BaseClient.java:126] Init Login: security not enabled, using username
2024-07-09 05:10:34,000 [timed-executor-pool-0] ERROR [DorisResourceManager.java:52] <== DorisResourceManager.connectionTest() Error: org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance.
2024-07-09 05:10:34,000 [timed-executor-pool-0] ERROR [RangerServiceDoris.java:54] <== RangerServiceDoris.validateConfig() Error:org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance.
2024-07-09 05:10:34,000 [timed-executor-pool-0] ERROR [ServiceMgr.java:605] TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance.
2024-07-09 05:10:34,008 [http-nio-6080-exec-2] ERROR [ServiceMgr.java:201] ==> ServiceMgr.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance.

看错误好像是加密后的密码长度不对? 这个是ranger的原因, 还是doris插件的原因啊?

2 Answers

看日志可能是 ranger 这边的问题,您可以先检查下 Ranger 的加密配置这些的看看的

目前在ranger里的doris的服务建立好了, 但是doris没设置ranger的认证. 我在ranger里建立规则的时候发现后台报错

ERROR [DorisConnectionManager.java:58] Error connecting to Doris cluster: doris using config: {jdbc.driver_class=com.mysql.cj.jdbc.Driver, password=PBEWithHmacSHA512AndAES_128,xxxxxxxxxxxxx, enable.hive.metastore.lookup=false, resource.lookup.timeout.value.in.ms=10000, hive.site.file.path=, jdbc.url=jdbc:mysql://10.172.130.159:9030?useSSL=false, username=admin}
org.apache.ranger.plugin.client.HadoopException: Unable to connect to Presto instance.
        at org.apache.ranger.services.doris.client.DorisClient.initConnection(DorisClient.java:144)
        at org.apache.ranger.services.doris.client.DorisClient.access$000(DorisClient.java:47)
        at org.apache.ranger.services.doris.client.DorisClient$1.run(DorisClient.java:72)
        at org.apache.ranger.services.doris.client.DorisClient$1.run(DorisClient.java:70)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.ranger.services.doris.client.DorisClient.init(DorisClient.java:70)
        at org.apache.ranger.services.doris.client.DorisClient.<init>(DorisClient.java:66)
        at org.apache.ranger.services.doris.client.DorisConnectionManager$1.call(DorisConnectionManager.java:52)
        at org.apache.ranger.services.doris.client.DorisConnectionManager$1.call(DorisConnectionManager.java:49)
        at org.apache.ranger.plugin.util.TimedEventUtil.timedTask(TimedEventUtil.java:40)
        at org.apache.ranger.services.doris.client.DorisConnectionManager.getDorisConnection(DorisConnectionManager.java:56)
        at org.apache.ranger.services.doris.client.DorisResourceManager.getDorisResources(DorisResourceManager.java:127)
        at org.apache.ranger.services.doris.RangerServiceDoris.lookupResource(RangerServiceDoris.java:81)
        at org.apache.ranger.biz.ServiceMgr$LookupCallable.actualCall(ServiceMgr.java:637)
        at org.apache.ranger.biz.ServiceMgr$LookupCallable.actualCall(ServiceMgr.java:621)
        at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:603)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLException: Access denied for user 'admin@10.172.130.176' (using password: YES)
        at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129)
        at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
        at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
        at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:836)
        at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:456)
        at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:246)
        at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:197)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:208)
        at org.apache.ranger.services.doris.client.DorisClient.initConnection(DorisClient.java:141)
        ... 20 common frames omitted

这里是不是有问题? 这里的password是否应该是明文?