HDFS Encryption Error | root not allowed to do 'CREATE_KEY'

Question

I am using HDP sandbox with Ranger KMS installed as KMS Server. I fired below command on sandbox.

 hadoop key create testKey

I got below exception as a result.

testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:root not allowed to do 'CREATE_KEY' on 'testKey'

Any pointer on this?

And why it needs to be done by root user, I think you should use hdfs admin user to do it. Just try to create new HDFS Admin User and execute the above command. Hope it will help you. Even as per documents its mentioned "Create an encryption key for your zone as the application user that will be using the key. For example, if you are creating an encryption zone for HBase, create the key as the hbase user as follows: $ sudo -u hbase hadoop key create " — prashant thakre, May 05 '16 at 13:13
Hi Prashant...I tried with hdfs user but still getting same exception. testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:hdfs not allowed to do 'CREATE_KEY' on 'testKey' — Shashi, May 05 '16 at 19:01

score 1 · Answer 1 · answered May 06 '16 at 15:17

1

Added HDFS user in Ranger KMS for given policy and provided appropriate permission. For ex. Here to 'create' keys. Since I am doing testing so gave all permission to HDFS superuser.

answered May 06 '16 at 15:17

Shashi

2,686
7
35
67

HDFS Encryption Error | root not allowed to do 'CREATE_KEY'

1 Answers1