Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trino Version 467 bootup fail with Apache Ranger Plugin ? Any issues with config ? #24526

Closed
BaoICTHustK67 opened this issue Dec 19, 2024 · 2 comments
Closed

Trino Version 467 bootup fail with Apache Ranger Plugin ? Any issues with config ? #24526

BaoICTHustK67 opened this issue Dec 19, 2024 · 2 comments

Comments

@BaoICTHustK67
Copy link

BaoICTHustK67 commented Dec 19, 2024
edited
Loading

Following errors are in server.log after I enable Apache Ranger Plugin, any idea whether this is a issue with my configuration?

2024-12-19T04:38:08.309Z	INFO	main	Bootstrap	ranger.hadoop.config.resource  []       [/etc/trino/ranger-policymgr-ssl.xml, /etc/trino/ranger-trino-audit.xml, /etc/trino/ranger-trino-security.xml]  List of paths to hadoop configuration files
2024-12-19T04:38:08.309Z	INFO	main	Bootstrap	ranger.plugin.config.resource  []       [/etc/trino/ranger-policymgr-ssl.xml, /etc/trino/ranger-trino-audit.xml, /etc/trino/ranger-trino-security.xml]  List of paths to Ranger plugin configuration files
2024-12-19T04:38:08.309Z	INFO	main	Bootstrap	ranger.service.name            ----     dev_trino                                                                                                       Name of Ranger service containing policies to enforce
2024-12-19T04:38:08.377Z	INFO	main	io.trino.plugin.ranger.RangerSystemAccessControl	Loading Hadoop config /etc/trino/ranger-policymgr-ssl.xml from url file:/etc/trino/ranger-policymgr-ssl.xml/
2024-12-19T04:38:08.402Z	INFO	main	io.trino.plugin.ranger.RangerSystemAccessControl	Loading Hadoop config /etc/trino/ranger-trino-audit.xml from url file:/etc/trino/ranger-trino-audit.xml/
2024-12-19T04:38:08.402Z	INFO	main	io.trino.plugin.ranger.RangerSystemAccessControl	Loading Hadoop config /etc/trino/ranger-trino-security.xml from url file:/etc/trino/ranger-trino-security.xml/
2024-12-19T04:38:08.484Z	WARN	main	com.google.inject.internal.util.LineNumbers	Failed loading line numbers. ASM is probably out of date. Further failures won't be logged.
java.lang.IllegalArgumentException: Unsupported class file major version 67
	at com.google.inject.internal.asm.$ClassReader.<init>(ClassReader.java:199)
	at com.google.inject.internal.asm.$ClassReader.<init>(ClassReader.java:180)
	at com.google.inject.internal.asm.$ClassReader.<init>(ClassReader.java:166)
	at com.google.inject.internal.asm.$ClassReader.<init>(ClassReader.java:287)
	at com.google.inject.internal.util.LineNumbers.<init>(LineNumbers.java:74)
	at com.google.inject.internal.util.StackTraceElements$1.load(StackTraceElements.java:48)
	at com.google.inject.internal.util.StackTraceElements$1.load(StackTraceElements.java:44)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3574)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2316)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2189)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2079)
	at com.google.common.cache.LocalCache.get(LocalCache.java:4017)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:4040)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4989)
	at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4996)
	at com.google.inject.internal.util.StackTraceElements.forMember(StackTraceElements.java:67)
	at com.google.inject.internal.SourceFormatter.formatMember(SourceFormatter.java:91)
	at com.google.inject.internal.SourceFormatter.formatInjectionPoint(SourceFormatter.java:97)
	at com.google.inject.internal.SourceFormatter.format(SourceFormatter.java:49)
	at com.google.inject.internal.GenericErrorDetail.formatDetail(GenericErrorDetail.java:26)
	at com.google.inject.spi.ErrorDetail.format(ErrorDetail.java:64)
	at com.google.inject.internal.Messages.formatMessages(Messages.java:90)
	at com.google.inject.CreationException.getMessage(CreationException.java:50)
	at io.airlift.log.Logger.error(Logger.java:272)
	at io.trino.server.Server.doStart(Server.java:209)
	at io.trino.server.Server.lambda$start$0(Server.java:94)
	at io.trino.$gen.Trino_467____20241219_043800_1.run(Unknown Source)
	at io.trino.server.Server.start(Server.java:94)
	at io.trino.server.TrinoServer.main(TrinoServer.java:37)
2024-12-19T04:38:08.489Z	ERROR	main	io.trino.server.Server	Unable to create injector, see the following errors:
1) [Guice/ErrorInjectingConstructor]: RuntimeException: io.trino.hadoop.$WstxUnexpectedCharException: Unexpected character '.' (code 46) in prolog; expected '<'
 at [row,col,system-id]: [1,1,"file:/etc/trino/ranger-policymgr-ssl.xml/"]
  at RangerSystemAccessControl.<init>(Unknown Source)
  at RangerSystemAccessControlFactory.lambda$create$0(RangerSystemAccessControlFactory.java:46)
  while locating RangerSystemAccessControl

This my ranger-policymgr-ssl.xml structure that i took from the docs

<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
  <!-- properties used for 2-way SSL between the Trino plugin and Apache Ranger server -->
  <property>
    <name>xasecure.policymgr.clientssl.keystore</name>
    <value></value>
    <description>Path to keystore file. Only required for two-way SSL. This property should not be included for one-way SSL</description>
  </property>

  <property>
    <name>xasecure.policymgr.clientssl.keystore.type</name>
    <value>jks</value>
    <description>Type of keystore. Default: jks</description>
  </property>

  <property>
    <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
    <value></value>
    <description>Path to credential file for the keystore; the credential should be in alias sslKeyStore. Only required for two-way SSL. This property should not be included for one-way SSL</description>
  </property>

  <property>
    <name>xasecure.policymgr.clientssl.truststore</name>
    <value>/etc/trino/truststore/truststoreopensearch-cert.pem</value>
    <description>Path to truststore file</description>
  </property>

  <property>
    <name>xasecure.policymgr.clientssl.truststore.type</name>
    <value>jks</value>
    <description>Type of truststore. Default: jks</description>
  </property>

  <property>
    <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
    <value></value>
    <description>Path to credential file for the truststore; the credential should be in alias sslTrustStore</description>
  </property>
</configuration>

This is my ranger-trino-audit.xml with modification

<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
  <property>
    <name>xasecure.audit.is.enabled</name>
    <value>true</value>
    <description>Boolean flag to specify if the plugin should generate access audit logs. Default: true</description>
  </property>

  <property>
    <name>xasecure.audit.trino.async.max.queue.size</name>
    <value>1</value>
  </property>
      
  <property>
    <name>xasecure.audit.trino.async.max.flush.interval.ms</name>
    <value>1000</value>
  </property>
      
  <property>
    <name>xasecure.audit.trino.broker_list</name>
    <value>localhost:9092</value>
  </property>
      
  <property>
    <name>xasecure.audit.trino.topic_name</name>
    <value>ranger_audits</value>
  </property>

  <property>
    <name>xasecure.audit.trino.is.enabled</name>
    <value>false</value>
  </property>

  <property>
    <name>xasecure.audit.destination.elasticsearch</name>
    <value>false</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.opensearch</name>
    <value>true</value>
  </property>

  <property>
    <name>xasecure.audit.destination.opensearch.urls</name>
    <value>urlhere</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.opensearch.user</name>
    <value>user</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.opensearch.password</name>
    <value>password</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.opensearch.index</name>
    <value>trino</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.opensearch.port</name>
    <value>9200</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.opensearch.protocol</name>
    <value>http</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.log4j</name>
    <value>false</value>
  </property>
      
  <property>
    <name>xasecure.audit.destination.log4j.logger</name>
    <value>xaaudit</value>
  </property>

  <property>
    <name>xasecure.audit.solr.is.enabled</name>
    <value>false</value>
    <description>Boolean flag to specify if audit logs should be stored in Solr. Default: false</description>
  </property>

  <property>
    <name>xasecure.audit.destination.solr</name>
    <value>false</value>
  </property>
</configuration>

This is my ranger-trino-security.xml

<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
  <property>
    <name>ranger.plugin.trino.policy.rest.url</name>
    <value>https://ranger-hostname:6182</value>
    <description>MANDATORY: a comma separated list of URLs to Apache Ranger instances in a deployment</description>
  </property>

  <property>
    <name>ranger.plugin.trino.access.cluster.name</name>
    <value></value>
    <description>Name to identify the cluster running the Trino instance. This is recorded in audit logs generated by the plugin</description>
  </property>

  <property>
    <name>ranger.plugin.trino.use.rangerGroups</name>
    <value>false</value>
    <description>Boolean flag to specify whether user-to-groups mapping should be obtained from in Apache Ranger. Default: false</description>
  </property>

  <property>
    <name>ranger.plugin.trino.use.only.rangerGroups</name>
    <value>false</value>
    <description>Boolean flag. true: use only user-to-groups mapping from Apache Ranger; false: use user-to-groups mappings from Apache Ranger and Trino. Default: false</description>
  </property>

  <property>
    <name>ranger.plugin.trino.super.users</name>
    <value>admin</value>
    <description>Comma separated list of user names. Superusers will be authorized for all accesses, without requiring explicit policy grants.</description>
  </property>

  <property>
    <name>ranger.plugin.trino.super.groups</name>
    <value></value>
    <description>Comma separated list of group names. Users in supergroups will be authorized for all accesses, without requiring explicit policy grants</description>
  </property>
</configuration>

Do you have any idea what this error is ?
@BaoICTHustK67
Copy link
Author

cc: @kokosing @mneethiraj

@wendigo
Copy link
Contributor

wendigo commented Dec 19, 2024
edited
Loading 

1) [Guice/ErrorInjectingConstructor]: RuntimeException: io.trino.hadoop.$WstxUnexpectedCharException: Unexpected character '.' (code 46) in prolog; expected '<'

Please validate your XML files before creating next issue. There is a syntax error in line 46.

@wendigo wendigo closed this as completed Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wendigo @BaoICTHustK67