search

StarRocks / starrocks

StarRocks, a Linux Foundation project, is a next-generation sub-second MPP OLAP database for full analytics scenarios, including multi-dimensional analytics, real-time analytics, and ad-hoc queries.
https://starrocks.io
Apache License 2.0
8.62k stars 1.74k forks source link

Failed to integrate StarRocks 3.1.4 with Ranger 2.4 #36148

Open VisionaryAries opened 9 months ago

VisionaryAries commented 9 months ago

StarRocks version: 3.1.4

I have successfully installed ranger and added StarRocks service in ranger-admin, but failed to restart FE after adding the file ranger-starrocks-security.xml in fe/conf. The error message are as following. 

2023-11-29 09:54:50,951 ERROR (UNKNOWN 10.10.16.238_9010_1651898110661(-1)|1) [RangerConfiguration.addResourceIfReadable():61] addResourceIfReadable(ranger-starrocks-audit.xml): couldn't find resource file location
2023-11-29 09:54:50,955 ERROR (UNKNOWN 10.10.16.238_9010_1651898110661(-1)|1) [RangerConfiguration.addResourceIfReadable():61] addResourceIfReadable(ranger-starrocks-policymgr-ssl.xml): couldn't find resource file location
2023-11-29 09:54:50,961 ERROR (UNKNOWN 10.10.16.238_9010_1651898110661(-1)|1) [Configuration.loadResource():3097] error parsing conf file:/opt/StarRocks-latest/fe/conf/xasecure-audit.xml
java.io.FileNotFoundException: /opt/StarRocks-latest/fe/conf/xasecure-audit.xml (No such file or directory)
        at java.io.FileInputStream.open0(Native Method) ~[?:1.8.0_181]
        at java.io.FileInputStream.open(FileInputStream.java:195) ~[?:1.8.0_181]
        at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[?:1.8.0_181]
        at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[?:1.8.0_181]
        at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90) ~[?:1.8.0_181]
        at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188) ~[?:1.8.0_181]
        at org.apache.hadoop.conf.Configuration.parse(Configuration.java:3018) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.hadoop.conf.Configuration.getStreamReader(Configuration.java:3111) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.hadoop.conf.Configuration.loadResource(Configuration.java:3072) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.hadoop.conf.Configuration.loadResources(Configuration.java:3050) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.hadoop.conf.Configuration.loadProps(Configuration.java:2923) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.hadoop.conf.Configuration.getProps(Configuration.java:2905) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.hadoop.conf.Configuration.get(Configuration.java:1247) ~[hadoop-common-3.3.6.jar:?]
        at org.apache.ranger.authorization.hadoop.config.RangerPluginConfig.addSslConfigResource(RangerPluginConfig.java:318) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.authorization.hadoop.config.RangerPluginConfig.addResourcesForServiceType(RangerPluginConfig.java:245) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.authorization.hadoop.config.RangerPluginConfig.<init>(RangerPluginConfig.java:63) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.service.RangerBasePlugin.<init>(RangerBasePlugin.java:79) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at com.starrocks.privilege.ranger.starrocks.RangerStarRocksAccessControl.<init>(RangerStarRocksAccessControl.java:53) ~[starrocks-fe.jar:?]
        at com.starrocks.sql.analyzer.Authorizer.<clinit>(Authorizer.java:49) ~[starrocks-fe.jar:?]
        at com.starrocks.server.CatalogMgr.replayCreateCatalog(CatalogMgr.java:259) ~[starrocks-fe.jar:?]
        at com.starrocks.server.CatalogMgr.load(CatalogMgr.java:508) ~[starrocks-fe.jar:?]
        at com.starrocks.server.GlobalStateMgr.loadImage(GlobalStateMgr.java:1544) ~[starrocks-fe.jar:?]
        at com.starrocks.server.GlobalStateMgr.initialize(GlobalStateMgr.java:1092) ~[starrocks-fe.jar:?]
        at com.starrocks.StarRocksFE.start(StarRocksFE.java:135) ~[starrocks-fe.jar:?]
        at com.starrocks.StarRocksFE.main(StarRocksFE.java:84) ~[starrocks-fe.jar:?]
2023-11-29 09:54:50,970 WARN (UNKNOWN 10.10.16.238_9010_1651898110661(-1)|1) [RangerPluginConfig.addSslConfigResource():328]  Unable to find SSL Configs
2023-11-29 09:54:51,086 WARN (UNKNOWN 10.10.16.238_9010_1651898110661(-1)|1) [SRMetaBlockReader.close():110] Meta block for 22 read 2 json < total 7 json, will skip the rest 5 json
java.lang.ExceptionInInitializerError: null
        at com.starrocks.server.CatalogMgr.replayCreateCatalog(CatalogMgr.java:259) ~[starrocks-fe.jar:?]
        at com.starrocks.server.CatalogMgr.load(CatalogMgr.java:508) ~[starrocks-fe.jar:?]
        at com.starrocks.server.GlobalStateMgr.loadImage(GlobalStateMgr.java:1544) ~[starrocks-fe.jar:?]
        at com.starrocks.server.GlobalStateMgr.initialize(GlobalStateMgr.java:1092) ~[starrocks-fe.jar:?]
        at com.starrocks.StarRocksFE.start(StarRocksFE.java:135) ~[starrocks-fe.jar:?]
        at com.starrocks.StarRocksFE.main(StarRocksFE.java:84) ~[starrocks-fe.jar:?]
Caused by: java.lang.IllegalArgumentException: bound must be positive
        at java.util.Random.nextInt(Random.java:388) ~[?:1.8.0_181]
        at org.apache.ranger.plugin.util.RangerRESTClient.<init>(RangerRESTClient.java:122) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.admin.client.RangerAdminRESTClient.init(RangerAdminRESTClient.java:666) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.admin.client.RangerAdminRESTClient.init(RangerAdminRESTClient.java:125) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:108) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.util.PolicyRefresher.<init>(PolicyRefresher.java:95) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:242) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at com.starrocks.privilege.ranger.starrocks.RangerStarRocksAccessControl.<init>(RangerStarRocksAccessControl.java:54) ~[starrocks-fe.jar:?]
        at com.starrocks.sql.analyzer.Authorizer.<clinit>(Authorizer.java:49) ~[starrocks-fe.jar:?]
        ... 6 more
HangyuanLiu commented 9 months ago

Did you use create external catalog to configure ranger?

VisionaryAries commented 9 months ago

We created hive catalog before integrating with ranger, so the external catalog don't configure ranger.

HangyuanLiu commented 9 months ago

It seems that the configuration file is not configured correctly. Show me ranger-starrocks-security.xml under the fe/conf directory.

VisionaryAries commented 9 months ago

Please see the attachment, thanks. ranger-starrocks-security.xml.zip

HangyuanLiu commented 9 months ago

need ranger-policymgr-ssl.xml in fe/conf

VisionaryAries commented 9 months ago

@HangyuanLiu after adding ranger-policymgr-ssl.xml in fe/conf, other files are showed in logs also needed. So where I can download these files?

2023-12-04 19:11:22,532 ERROR (UNKNOWN 10.10.16.198_9010_1696992935521(-1)|1) [RangerConfiguration.addResourceIfReadable():61] addResourceIfReadable(ranger-starrocks-audit.xml): couldn't find resource file location
2023-12-04 19:11:22,631 ERROR (UNKNOWN 10.10.16.198_9010_1696992935521(-1)|1) [RangerConfiguration.addResourceIfReadable():61] addResourceIfReadable(ranger-starrocks-policymgr-ssl.xml): couldn't find resource file location
2023-12-04 19:11:22,633 ERROR (UNKNOWN 10.10.16.198_9010_1696992935521(-1)|1) [Configuration.loadResource():3097] error parsing conf file:/opt/StarRocks-latest/fe/conf/xasecure-audit.xml
java.io.FileNotFoundException: /opt/StarRocks-latest/fe/conf/xasecure-audit.xml (No such file or directory)
        at java.io.FileInputStream.open0(Native Method) ~[?:1.8.0_181]
        at java.io.FileInputStream.open(FileInputStream.java:195) ~[?:1.8.0_181]
        at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[?:1.8.0_181]
        at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[?:1.8.0_181]
HangyuanLiu commented 9 months ago

https://github.com/StarRocks/ranger/blob/master/plugin-starrocks/conf/ranger-policymgr-ssl.xml

esselius commented 9 months ago

@HangyuanLiu after adding ranger-policymgr-ssl.xml in fe/conf, other files are showed in logs also needed. So where I can download these files?

2023-12-04 19:11:22,532 ERROR (UNKNOWN 10.10.16.198_9010_1696992935521(-1)|1) [RangerConfiguration.addResourceIfReadable():61] addResourceIfReadable(ranger-starrocks-audit.xml): couldn't find resource file location
2023-12-04 19:11:22,631 ERROR (UNKNOWN 10.10.16.198_9010_1696992935521(-1)|1) [RangerConfiguration.addResourceIfReadable():61] addResourceIfReadable(ranger-starrocks-policymgr-ssl.xml): couldn't find resource file location
2023-12-04 19:11:22,633 ERROR (UNKNOWN 10.10.16.198_9010_1696992935521(-1)|1) [Configuration.loadResource():3097] error parsing conf file:/opt/StarRocks-latest/fe/conf/xasecure-audit.xml
java.io.FileNotFoundException: /opt/StarRocks-latest/fe/conf/xasecure-audit.xml (No such file or directory)
        at java.io.FileInputStream.open0(Native Method) ~[?:1.8.0_181]
        at java.io.FileInputStream.open(FileInputStream.java:195) ~[?:1.8.0_181]
        at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[?:1.8.0_181]
        at java.io.FileInputStream.<init>(FileInputStream.java:93) ~[?:1.8.0_181]

Maybe xasecure-audit.xml is actually this file: https://github.com/StarRocks/ranger/blob/master/plugin-starrocks/conf/ranger-starrocks-audit.xml

trikker commented 7 months ago

@HangyuanLiu Please help. Thanks!

I ran into the same issue with StarRocks 3.2.2, after adding https://github.com/StarRocks/ranger/blob/master/plugin-starrocks/conf/ranger-starrocks-audit.xml to fe/conf, FE still restarted failed with the following error:

2024-02-07 15:25:23,751 WARN (UNKNOWN 10.196.68.218_29010_1707186521097(-1)|1) [NativeCodeLoader.<clinit>():60] Unable to load native-hadoop library for your platform... using builtin-java classes where applicab
le
2024-02-07 15:25:24,191 INFO (Ranger async Audit cleanup|96) [AuditProviderFactory$RangerAsyncAuditCleanup.run():501] RangerAsyncAuditCleanup: Waiting to audit cleanup start signal
2024-02-07 15:25:24,293 INFO (UNKNOWN 10.196.68.218_29010_1707186521097(-1)|1) [RangerBasePlugin.init():243] Created PolicyRefresher Thread(PolicyRefresher(serviceName=starrocks-test)-98)
2024-02-07 15:25:24,927 ERROR (UNKNOWN 10.196.68.218_29010_1707186521097(-1)|1) [StarRocksFE.start():192] StarRocksFE start failed
java.lang.NoSuchMethodError: javax.ws.rs.core.NewCookie.<init>(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ILjava/lang/String;ILjava/util/Date;ZZ)V
        at org.glassfish.jersey.message.internal.CookiesParser$MutableNewCookie.getImmutableNewCookie(CookiesParser.java:130) ~[jersey-common-2.36.jar:?]
        at org.glassfish.jersey.message.internal.CookiesParser.parseNewCookie(CookiesParser.java:176) ~[jersey-common-2.36.jar:?]
        at org.glassfish.jersey.message.internal.HttpHeaderReader.readNewCookie(HttpHeaderReader.java:335) ~[jersey-common-2.36.jar:?]
        at org.glassfish.jersey.message.internal.NewCookieProvider.fromString(NewCookieProvider.java:87) ~[jersey-common-2.36.jar:?]
        at org.glassfish.jersey.message.internal.NewCookieProvider.fromString(NewCookieProvider.java:34) ~[jersey-common-2.36.jar:?]
        at javax.ws.rs.core.NewCookie.valueOf(NewCookie.java:126) ~[jsr311-api-1.1.1.jar:?]
        at com.sun.jersey.api.client.ClientResponse.getCookies(ClientResponse.java:783) ~[jersey-client-1.19.4.jar:1.19.4]
        at org.apache.ranger.admin.client.RangerAdminRESTClient.setCookieReceivedFromRoleDownloadSession(RangerAdminRESTClient.java:1364) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdatedWithCred(RangerAdminRESTClient.java:1220) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdated(RangerAdminRESTClient.java:167) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRolesFromAdmin(RangerRolesProvider.java:183) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRoles(RangerRolesProvider.java:123) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.util.PolicyRefresher.loadRoles(PolicyRefresher.java:495) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:144) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:245) ~[ranger-plugins-common-2.4.0.jar:2.4.0]
        at com.starrocks.privilege.RangerAccessController.<init>(RangerAccessController.java:42) ~[starrocks-fe.jar:?]
        at com.starrocks.privilege.ranger.starrocks.RangerStarRocksAccessController.<init>(RangerStarRocksAccessController.java:40) ~[starrocks-fe.jar:?]
        at com.starrocks.sql.analyzer.Authorizer.<clinit>(Authorizer.java:51) ~[starrocks-fe.jar:?]
        at com.starrocks.server.CatalogMgr.replayCreateCatalog(CatalogMgr.java:259) ~[starrocks-fe.jar:?]
        at com.starrocks.server.CatalogMgr.load(CatalogMgr.java:503) ~[starrocks-fe.jar:?]
        at com.starrocks.server.GlobalStateMgr.loadImage(GlobalStateMgr.java:1579) ~[starrocks-fe.jar:?]
        at com.starrocks.server.GlobalStateMgr.initialize(GlobalStateMgr.java:1131) ~[starrocks-fe.jar:?]
        at com.starrocks.StarRocksFE.start(StarRocksFE.java:135) ~[starrocks-fe.jar:?]
        at com.starrocks.StarRocksFE.main(StarRocksFE.java:84) ~[starrocks-fe.jar:?]
xfworld commented 5 months ago 
java.lang.NoSuchMethodError: javax.ws.rs.core.NewCookie.<init>(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ILjava/lang/String;ILjava/util/Date;ZZ)V

which the jvm version? jsr311-api-1.1.1.jar and jersey-client-1.19.4.jar has collision

hackeryang commented 1 month ago

https://github.com/StarRocks/ranger/blob/master/plugin-starrocks/conf/ranger-policymgr-ssl.xml

I also met this error, the document didn't mentioned that SR needs this xml file, please help add relevant instructions in the future: https://docs.starrocks.io/docs/administration/user_privs/ranger_plugin/#configure-starrocks-service-on-ranger-admin