You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2017/03/09 16:34:00 UTC
Re: Review Request 57127: The ranger can be opened when the user
enters
http://localhost:6080/ in the browser address bar. But request policy from
hadoop to ranger will failed after installing hdfs plugin if we set
POLICY_MGR_URL equal to http://localhost:6080/.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/#review168469
-----------------------------------------------------------
We need to make sure that tmpUrl is not null, otherwise there will be a NPE.
There is an indentation problem with the = sign in: String tmpUrl = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url");
I'm confused by the rest of the logic. Why not do something like if (tmpUrl != null && tmpUrl.trim().endsWith("/")) {} ?
- Colm O hEigeartaigh
On Feb. 28, 2017, 12:07 p.m., Qiang Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57127/
> -----------------------------------------------------------
>
> (Updated Feb. 28, 2017, 12:07 p.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1415
> https://issues.apache.org/jira/browse/RANGER-1415
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
> 2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
> 2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
> org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
> at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
> at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
> at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
> Reason:
> The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.
>
> The program should be compatible with this situation like the browser.
>
> Scenario:
> The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml
>
> Test and verify:
> I carefully tested and verified the patch before commit the issue.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 9334607
>
>
> Diff: https://reviews.apache.org/r/57127/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qiang Zhang
>
>
Re: Review Request 57127: The ranger can be opened when the user
enters
http://localhost:6080/ in the browser address bar. But request policy from
hadoop to ranger will failed after installing hdfs plugin if we set
POLICY_MGR_URL equal to http://localhost:6080/.
Posted by Qiang Zhang <zh...@zte.com.cn>.
> On March 9, 2017, 4:34 p.m., Colm O hEigeartaigh wrote:
> > We need to make sure that tmpUrl is not null, otherwise there will be a NPE.
> > There is an indentation problem with the = sign in: String tmpUrl = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url");
> > I'm confused by the rest of the logic. Why not do something like if (tmpUrl != null && tmpUrl.trim().endsWith("/")) {} ?
You are right. I have checked whether tmpUrl is null and updated the patch. Thanks.
- Qiang
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/#review168469
-----------------------------------------------------------
On Feb. 28, 2017, 12:07 p.m., Qiang Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57127/
> -----------------------------------------------------------
>
> (Updated Feb. 28, 2017, 12:07 p.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1415
> https://issues.apache.org/jira/browse/RANGER-1415
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
> 2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
> 2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
> org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
> at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
> at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
> at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
> Reason:
> The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.
>
> The program should be compatible with this situation like the browser.
>
> Scenario:
> The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml
>
> Test and verify:
> I carefully tested and verified the patch before commit the issue.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 9334607
>
>
> Diff: https://reviews.apache.org/r/57127/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qiang Zhang
>
>
Re: Review Request 57127: The ranger can be opened when the user
enters
http://localhost:6080/ in the browser address bar. But request policy from
hadoop to ranger will failed after installing hdfs plugin if we set
POLICY_MGR_URL equal to http://localhost:6080/.
Posted by Qiang Zhang <zh...@zte.com.cn>.
> On March 9, 2017, 4:34 p.m., Colm O hEigeartaigh wrote:
> > We need to make sure that tmpUrl is not null, otherwise there will be a NPE.
> > There is an indentation problem with the = sign in: String tmpUrl = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url");
> > I'm confused by the rest of the logic. Why not do something like if (tmpUrl != null && tmpUrl.trim().endsWith("/")) {} ?
>
> Qiang Zhang wrote:
> You are right. I have checked whether tmpUrl is null and updated the patch. Thanks.
>
> Colm O hEigeartaigh wrote:
> What about the rest of my comments? Why not just use "tmpUrl.trim().endsWith("/")"? Also, the equals sign when defining tmpUrl is not aligned with the text underneath.
Ok. I have modifed the patch and updated it. Thanks very much!
- Qiang
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/#review168469
-----------------------------------------------------------
On March 10, 2017, 3:54 a.m., Qiang Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57127/
> -----------------------------------------------------------
>
> (Updated March 10, 2017, 3:54 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1415
> https://issues.apache.org/jira/browse/RANGER-1415
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
> 2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
> 2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
> org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
> at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
> at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
> at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
> Reason:
> The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.
>
> The program should be compatible with this situation like the browser.
>
> Scenario:
> The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml
>
> Test and verify:
> I carefully tested and verified the patch before commit the issue.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 9334607
>
>
> Diff: https://reviews.apache.org/r/57127/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qiang Zhang
>
>
Re: Review Request 57127: The ranger can be opened when the user
enters
http://localhost:6080/ in the browser address bar. But request policy from
hadoop to ranger will failed after installing hdfs plugin if we set
POLICY_MGR_URL equal to http://localhost:6080/.
Posted by Colm O hEigeartaigh <co...@apache.org>.
> On March 9, 2017, 4:34 p.m., Colm O hEigeartaigh wrote:
> > We need to make sure that tmpUrl is not null, otherwise there will be a NPE.
> > There is an indentation problem with the = sign in: String tmpUrl = RangerConfiguration.getInstance().get(propertyPrefix + ".policy.rest.url");
> > I'm confused by the rest of the logic. Why not do something like if (tmpUrl != null && tmpUrl.trim().endsWith("/")) {} ?
>
> Qiang Zhang wrote:
> You are right. I have checked whether tmpUrl is null and updated the patch. Thanks.
What about the rest of my comments? Why not just use "tmpUrl.trim().endsWith("/")"? Also, the equals sign when defining tmpUrl is not aligned with the text underneath.
- Colm
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/#review168469
-----------------------------------------------------------
On March 10, 2017, 3:54 a.m., Qiang Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57127/
> -----------------------------------------------------------
>
> (Updated March 10, 2017, 3:54 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1415
> https://issues.apache.org/jira/browse/RANGER-1415
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
> 2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
> 2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
> org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
> at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
> at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
> at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
> at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
> Reason:
> The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.
>
> The program should be compatible with this situation like the browser.
>
> Scenario:
> The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml
>
> Test and verify:
> I carefully tested and verified the patch before commit the issue.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 9334607
>
>
> Diff: https://reviews.apache.org/r/57127/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qiang Zhang
>
>