You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Mateen Mansoori <ma...@gmail.com> on 2019/10/03 13:37:55 UTC
Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/
-----------------------------------------------------------
Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
Bugs: RANGER-2591
https://issues.apache.org/jira/browse/RANGER-2591
Repository: ranger
Description
-------
Need changes for usersync(unix/ldap) to support HA without load balancer.
- Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
- User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
Diff: https://reviews.apache.org/r/71578/diff/1/
Testing
-------
->BUILD SUCCESS
1.User sync verified in simple, kerberose and SSL enabled environment.
2.Delta sync is verified for UNIX source.
3.Authentication is verified for UNIX source and LDAP source.
4.Checked user is able to login from both the Admin UI.
5.Checked Authentication after changing password of UNIX user.
Thanks,
Mateen Mansoori
Re: Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218116
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Line 121 (original), 121 (patched)
<https://reviews.apache.org/r/71578/#comment305670>
Patch fails to apply. Can you please check and rebase?
```
$ git apply --check -v /Users/vperiasamy/Downloads/4-RANGER-2591-Need-changes-for-usersync-unix-ldap-to-s.patch
Checking patch agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java...
error: while searching for:
mUrl = url;
mSslConfigFileName = sslConfigFileName;
this.configuredURLs = getURLs(mUrl);
this.lastKnownActiveUrlIndex = (new Random()).nextInt(configuredURLs.size());
init();
}
error: patch failed: agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java:121
error: agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java: patch does not apply
Checking patch ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java...
Checking patch ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java...
Checking patch ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java...
```
- Velmurugan Periasamy
On Oct. 3, 2019, 2:39 p.m., Mateen Mansoori wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
>
> (Updated Oct. 3, 2019, 2:39 p.m.)
>
>
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2591
> https://issues.apache.org/jira/browse/RANGER-2591
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/71578/diff/2/
>
>
> Testing
> -------
>
> ->BUILD SUCCESS
>
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
>
>
> Thanks,
>
> Mateen Mansoori
>
>
Re: Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
Posted by Mehul Parikh <me...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218169
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On Oct. 9, 2019, 6:30 a.m., Mateen Mansoori wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
>
> (Updated Oct. 9, 2019, 6:30 a.m.)
>
>
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2591
> https://issues.apache.org/jira/browse/RANGER-2591
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 7d30b89
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/71578/diff/3/
>
>
> Testing
> -------
>
> ->BUILD SUCCESS
>
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
>
>
> Thanks,
>
> Mateen Mansoori
>
>
Re: Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218158
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Oct. 9, 2019, 6:30 a.m., Mateen Mansoori wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
>
> (Updated Oct. 9, 2019, 6:30 a.m.)
>
>
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2591
> https://issues.apache.org/jira/browse/RANGER-2591
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 7d30b89
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/71578/diff/3/
>
>
> Testing
> -------
>
> ->BUILD SUCCESS
>
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
>
>
> Thanks,
>
> Mateen Mansoori
>
>
Re: Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
Posted by Mateen Mansoori <ma...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/
-----------------------------------------------------------
(Updated Oct. 9, 2019, 6:30 a.m.)
Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
Changes
-------
Patch were not getting applied on latest apache master, So that applied manually. There are no any changes in logic.
Build succeeded with latest mvn version.
Thanks,
Bugs: RANGER-2591
https://issues.apache.org/jira/browse/RANGER-2591
Repository: ranger
Description
-------
Need changes for usersync(unix/ldap) to support HA without load balancer.
- Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
- User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 7d30b89
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
Diff: https://reviews.apache.org/r/71578/diff/3/
Changes: https://reviews.apache.org/r/71578/diff/2-3/
Testing
-------
->BUILD SUCCESS
1.User sync verified in simple, kerberose and SSL enabled environment.
2.Delta sync is verified for UNIX source.
3.Authentication is verified for UNIX source and LDAP source.
4.Checked user is able to login from both the Admin UI.
5.Checked Authentication after changing password of UNIX user.
Thanks,
Mateen Mansoori
Re: Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
Posted by Mateen Mansoori <ma...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/
-----------------------------------------------------------
(Updated Oct. 3, 2019, 2:39 p.m.)
Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
Bugs: RANGER-2591
https://issues.apache.org/jira/browse/RANGER-2591
Repository: ranger
Description
-------
Need changes for usersync(unix/ldap) to support HA without load balancer.
- Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
- User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
Diff: https://reviews.apache.org/r/71578/diff/2/
Changes: https://reviews.apache.org/r/71578/diff/1-2/
Testing
-------
->BUILD SUCCESS
1.User sync verified in simple, kerberose and SSL enabled environment.
2.Delta sync is verified for UNIX source.
3.Authentication is verified for UNIX source and LDAP source.
4.Checked user is able to login from both the Admin UI.
5.Checked Authentication after changing password of UNIX user.
Thanks,
Mateen Mansoori
Re: Review Request 71578: RANGER-2591 : Need changes for
usersync(unix/ldap) to support HA without load balancer
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71578/#review218057
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Lines 346 (patched)
<https://reviews.apache.org/r/71578/#comment305566>
mTrustStoreFile => trustStoreFile
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Lines 629 (patched)
<https://reviews.apache.org/r/71578/#comment305567>
setmKeyStoreType => setKeyStoreType
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
Lines 633 (patched)
<https://reviews.apache.org/r/71578/#comment305568>
setmTrustStoreType => setTrustStoreType
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
Line 117 (original), 100 (patched)
<https://reviews.apache.org/r/71578/#comment305569>
looks like following are used only within init(); if true, please consider removing them as a instance member:
- keyStoreFile
- trustStoreFile
- keyStoreType
- trustStoreType
- authenticationType
- principal
- keytab
- Madhan Neethiraj
On Oct. 3, 2019, 1:37 p.m., Mateen Mansoori wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71578/
> -----------------------------------------------------------
>
> (Updated Oct. 3, 2019, 1:37 p.m.)
>
>
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2591
> https://issues.apache.org/jira/browse/RANGER-2591
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Need changes for usersync(unix/ldap) to support HA without load balancer.
> - Ranger usersync should be able to sync users / groups when Ranger Admin is in HA (even without having LB)
> - User needs to define Ranger URL values in comma separated format in 'ranger-ugsync-site.xml' config file for 'ranger.usersync.policymanager.baseURL' name or property.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java ef5f1d5
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 224a600
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 52579a3
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/RangerUgSyncRESTClient.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/71578/diff/1/
>
>
> Testing
> -------
>
> ->BUILD SUCCESS
>
> 1.User sync verified in simple, kerberose and SSL enabled environment.
> 2.Delta sync is verified for UNIX source.
> 3.Authentication is verified for UNIX source and LDAP source.
> 4.Checked user is able to login from both the Admin UI.
> 5.Checked Authentication after changing password of UNIX user.
>
>
> Thanks,
>
> Mateen Mansoori
>
>