Known Issues in Apache Ranger

Learn about the known issues in Apache Ranger, the impact or changes to the functionality, and the workaround.

CDPD-3296: Audit files for Ranger plugin components do not appear immediately in S3 after cluster creation: For Ranger plugin components (Atlas, Hive, HBase, etc.), audit data is updated when the applicable audit file is rolled over. The default Ranger audit rollover time is 24 hours, so audit data appears 24 hours after cluster creation.; To see the audit logs in S3 before the default rollover time of 24 hours, use the following steps to override the default value in the Cloudera Manager safety valve for the applicable service.

On the Configuration tab in the applicable service, select Advanced under CATEGORY.

Click the + icon for the <service_name> Advanced Configuration Snippet (Safety Valve) for ranger-<service_name>-audit.xml property.

Enter the following property in the Name box:
xasecure.audit.destination.hdfs.file.rollover.sec.

Enter the desired rollover interval (in seconds) in the Value box. For example, if you specify 180, the audit log data is updated every 3 minutes.

Click Save Changes and restart the service.; note
You can also use xasecure.audit.destination.hdfs.file.rollover.period parameter to override the default rollover time of 24 hours. The difference is that when xasecure.audit.destination.hdfs.file.rollover.period is set, it will be closing the file by absolute time.
Example - If you configure 1 day, exactly at 23.59.59 of that day, the file gets closed. Where as withxasecure.audit.destination.hdfs.file.rollover.sec, the 1 day is related to when the process is started.
OPSAPS-70387: The DataHub cluster deletion process does not delete the Ranger entries which created for the same cluster: If the user wants to create a new DataHub cluster with same old name then it fails because as there was an entry with the same name already in Ranger.; User must delete the Ranger entries manually which contains the DataHub cluster name.

OPSAPS-69314: Modify Ranger RAZ configurations to handle logs having large number of error messages: The following error message is continuously logged in RAZ server logs and no high impact observed to the RAZ service. ERROR RazS3HiveChainedPlugin RangerHdfsHiveChainedPlugin is not initialized correctly!; Step 1 : Go to Ranger-RAZ service -> Configuration. Use the Search box to search for Advanced Configuration Snippet (Safety Valve) for ranger-raz-conf/ranger-raz-site.xml.; Step 2 : Use the Add icons to add the following properties, set these configurations to a blank value and restart RAZ service once you get the staleness configuration icon.; name: ranger.raz.service-type.s3.chained.services value: name: ranger.raz.service-type.s3.chained.services.cm_hive.impl value: