You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "peng.jianhua (JIRA)" <ji...@apache.org> on 2017/09/13 06:24:00 UTC
[jira] [Comment Edited] (RANGER-1774) When the security admin and
mysql service is not the same computer, the security admin was installed
failed.
[ https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16164194#comment-16164194 ]
peng.jianhua edited comment on RANGER-1774 at 9/13/17 6:23 AM:
---------------------------------------------------------------
Hi [~pradeep.agrawal], Please refer to grant-privileges.png.
Hi [~vperiasamy], I have provided mysql privileges "with grant option". I installed Ranger in 10.43.183.133. And we can see two records after executed "select user,host from mysql.user" command. Please refer to grant-privileges.png. The ip address of localhost is 10.43.183.132. The mysql was installed in 10.43.183.132 and the Ranger was installed in 10.43.183.133. The issue is based on these configurations.
The install is ok once I grant privilege for 10.43.183.133.
In addition, from the security point of view, we can only let the computer, which installed Ranger, access mysql service, rather than let all computers can access mysql services. Do you think this view is reasonable?
The two following question will be fixed if we resolved the issue:
1. Resolve security access issues.
2. Resolve install error when Ranger and mysql are installed on different machines.
was (Author: peng.jianhua):
Hi [~pradeep.agrawal], Please refer to grant-privileges.png.
Hi [~vperiasamy], I have provided mysql privileges "with grant option". I installed Ranger in 10.43.183.133. And we can see two records after executed "select user,host from mysql.user" command. Please refer to grant-privileges.png. The ip address of localhost is 10.43.183.132. The mysql was installed in 10.43.183.132 and the Ranger was installed in 10.43.183.133. The issue is based on these configurations.
The install is ok once I grant privilege for 10.43.183.133.
In addition, from the security point of view, we can only let the computer, which installed Ranger, access mysql service, rather than let all computers can access mysql services.
> When the security admin and mysql service is not the same computer, the security admin was installed failed.
> ------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 1.0.0, master
> Reporter: peng.jianhua
> Assignee: peng.jianhua
> Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525 [JISQL] /usr/java/jdk/bin/java -cp /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '********' -noheader -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant all privileges' command. That is the following code segment should be add the IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ......
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
> ......
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)