You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Qiang Zhang <zh...@zte.com.cn> on 2017/02/28 08:34:57 UTC
Review Request 57127: The ranger can be opened when the user enters
http://localhost:6080/ in the browser address bar. But request policy from
hadoop to ranger will failed after installing hdfs plugin if we set
POLICY_MGR_URL equal to http://localhost:6080/.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1415
https://issues.apache.org/jira/browse/RANGER-1415
Repository: ranger
Description
-------
The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
Reason:
The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.
The program should be compatible with this situation like the browser.
Scenario:
The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml
I carefully tested and verified the patch before commit the issue.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 9334607
Diff: https://reviews.apache.org/r/57127/diff/
Testing
-------
Thanks,
Qiang Zhang
Re: Review Request 57127: The ranger can be opened when the user
enters
http://localhost:6080/ in the browser address bar. But request policy from
hadoop to ranger will failed after installing hdfs plugin if we set
POLICY_MGR_URL equal to http://localhost:6080/.
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/
-----------------------------------------------------------
(Updated Feb. 28, 2017, 8:36 a.m.)
Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1415
https://issues.apache.org/jira/browse/RANGER-1415
Repository: ranger
Description (updated)
-------
The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.The error was as following:
2017-02-27 21:16:42,859 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=root (auth:SIMPLE), response=404, serviceName=hadoopdev, lastKnownVersion=4, lastActivationTimeInMillis=1488246663112
2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up local cache of policies (4)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
Reason:
The brower will remove the last '/' character when the user enters http://localhost:6080/ in the browser address bar. The rest request address will be http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev when hadoop periodically requests policy from ranger. The request will fail because there are two '/' character after 'Http://localhost:6080' in http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. The result is that we can't see the hdfs plugins in audit web UI.
The program should be compatible with this situation like the browser.
Scenario:
The issue can be reoccurred after we set the value of ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml
Test and verify:
I carefully tested and verified the patch before commit the issue.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 9334607
Diff: https://reviews.apache.org/r/57127/diff/
Testing
-------
Thanks,
Qiang Zhang