You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Mateen Mansoori <ma...@gmail.com> on 2019/10/03 13:37:55 UTC

Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/
-----------------------------------------------------------

Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.

Bugs: RANGER-2591
https://issues.apache.org/jira/browse/RANGER-2591

Repository: ranger

Description
-------

Need changes for usersync(unix/ldap) to support HA without load balancer.
- Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
- User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.

Diffs
-----

agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION

Diff: https://reviews.apache.org/r/71578/diff/1/

Testing
-------

->BUILD SUCCESS

1.User sync verified in simple, kerberose and SSL enabled environment.
2.Delta sync is verified for UNIX source.
3.Authentication is verified for UNIX source and LDAP source.
4.Checked user is able to login from both the Admin UI.
5.Checked Authentication after changing password of UNIX user.

Thanks,

Mateen Mansoori

Re: Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218116
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Line 121 (original), 121 (patched)
<https://reviews.apache.org/r/71578/#comment305670>

    Patch fails to apply. Can you please check and rebase? 
    
    ```
    $ git apply --check -v /Users/vperiasamy/Downloads/4-RANGER-2591-Need-changes-for-usersync-unix-ldap-to-s.patch
    Checking patch agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java...
    error: while searching for:
    		mUrl               = url;
    		mSslConfigFileName = sslConfigFileName;
    		this.configuredURLs = getURLs(mUrl);
    		this.lastKnownActiveUrlIndex   = (new Random()).nextInt(configuredURLs.size());
    		init();
    	}
    
    error: patch failed: agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java:121
    error: agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java: patch does not apply
    Checking patch ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java...
    Checking patch ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java...
    Checking patch ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java...
    ```


- Velmurugan Periasamy


On Oct. 3, 2019, 2:39 p.m., Mateen Mansoori wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
> 
> (Updated Oct. 3, 2019, 2:39 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2591
>     https://issues.apache.org/jira/browse/RANGER-2591
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5 
>   ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/71578/diff/2/
> 
> 
> Testing
> -------
> 
> ->BUILD SUCCESS
> 
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
> 
> 
> Thanks,
> 
> Mateen Mansoori
> 
>

Re: Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

Posted by Mehul Parikh <me...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218169
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On Oct. 9, 2019, 6:30 a.m., Mateen Mansoori wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
> 
> (Updated Oct. 9, 2019, 6:30 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2591
>     https://issues.apache.org/jira/browse/RANGER-2591
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 7d30b89 
>   ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/71578/diff/3/
> 
> 
> Testing
> -------
> 
> ->BUILD SUCCESS
> 
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
> 
> 
> Thanks,
> 
> Mateen Mansoori
> 
>

Re: Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218158
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 9, 2019, 6:30 a.m., Mateen Mansoori wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
> 
> (Updated Oct. 9, 2019, 6:30 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2591
>     https://issues.apache.org/jira/browse/RANGER-2591
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 7d30b89 
>   ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/71578/diff/3/
> 
> 
> Testing
> -------
> 
> ->BUILD SUCCESS
> 
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
> 
> 
> Thanks,
> 
> Mateen Mansoori
> 
>

Re: Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

Posted by Mateen Mansoori <ma...@gmail.com>.

(Updated Oct. 9, 2019, 6:30 a.m.)

Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.

Changes
-------

Patch were not getting applied on latest apache master, So that applied manually. There are no any changes in logic.
Build succeeded with latest mvn version.

Thanks,

Bugs: RANGER-2591
https://issues.apache.org/jira/browse/RANGER-2591

Repository: ranger

Description
-------

Diffs (updated)
-----

agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 7d30b89
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION

Diff: https://reviews.apache.org/r/71578/diff/3/

Changes: https://reviews.apache.org/r/71578/diff/2-3/

Testing
-------

->BUILD SUCCESS

Thanks,

Mateen Mansoori

Re: Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

Posted by Mateen Mansoori <ma...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/
-----------------------------------------------------------

(Updated Oct. 3, 2019, 2:39 p.m.)


Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2591
    https://issues.apache.org/jira/browse/RANGER-2591


Repository: ranger


Description
-------

Need changes for usersync(unix/ldap) to support HA without load balancer.
- Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
- User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5 
  ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600 
  ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3 
  ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION 


Diff: https://reviews.apache.org/r/71578/diff/2/

Changes: https://reviews.apache.org/r/71578/diff/1-2/


Testing
-------

->BUILD SUCCESS

1.User sync verified in simple, kerberose and SSL enabled environment.
2.Delta sync is verified for UNIX source.
3.Authentication is verified for UNIX source and LDAP source.
4.Checked user is able to login from both the Admin UI.
5.Checked Authentication after changing password of UNIX user.


Thanks,

Mateen Mansoori

Re: Review Request 71578: RANGER-2591 : Need changes for usersync(unix/ldap) to support HA without load balancer

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218057
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Lines 346 (patched)
<https://reviews.apache.org/r/71578/#comment305566>

    mTrustStoreFile => trustStoreFile



agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Lines 629 (patched)
<https://reviews.apache.org/r/71578/#comment305567>

    setmKeyStoreType => setKeyStoreType



agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Lines 633 (patched)
<https://reviews.apache.org/r/71578/#comment305568>

    setmTrustStoreType => setTrustStoreType



ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
Line 117 (original), 100 (patched)
<https://reviews.apache.org/r/71578/#comment305569>

    looks like following are used only within init(); if true, please consider removing them as a instance member:
    - keyStoreFile
    - trustStoreFile
    - keyStoreType
    - trustStoreType
    - authenticationType
    - principal
    - keytab


- Madhan Neethiraj


On Oct. 3, 2019, 1:37 p.m., Mateen Mansoori wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
> 
> (Updated Oct. 3, 2019, 1:37 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2591
>     https://issues.apache.org/jira/browse/RANGER-2591
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5 
>   ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3 
>   ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/71578/diff/1/
> 
> 
> Testing
> -------
> 
> ->BUILD SUCCESS
> 
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
> 
> 
> Thanks,
> 
> Mateen Mansoori
> 
>