You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2016/10/12 06:39:13 UTC
Review Request 52775: RANGER-1185 : If cred.jceks is of zero length it
should be rebuilt
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52775/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1185
https://issues.apache.org/jira/browse/RANGER-1185
Repository: ranger
Description
-------
**Problem Statement:** If the .jceks file for a Ranger plugin in /etc/ranger/<clustername>_<servicename> becomes corrupted or zero length, The Ranger plugin for the service is not able to synchronise policy changes. the file is not rebuilt when the service in question is restarted.
**Proposed Solution:** If .jceks file is of zero size then delete and recreate the jceks file.
Diffs
-----
credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java e21d01e
Diff: https://reviews.apache.org/r/52775/diff/
Testing
-------
**STEPS TO REPRODUCE:**
* Start with a working Ranger install with SSL enabled and Ranger plugin enabled for at least one service (e.g. hdfs)
* cat /dev/null > /etc/ranger/hadoopdev/cred.jceks
* Restart HDFS
* cred.jceks file is not rebuilt and Ranger HDFS plugin will fail.
**Steps Performed(with patch):**
1. Installed ranger-admin from Build having changed of proposed patch.
2. Started Ranger and enabled hdfs plugin. plugin was able to communicate to Ranger.
3. Stopped the hdfs
4. executed command : cat /dev/null > /etc/ranger/hadoopdev/cred.jceks
5. ls -ltr /etc/ranger/hadoopdev/cred.jceks
6. Started hdfs and enabled the hdfs plugin.
7. Ranger hdfs was started and plugin was able to communicate and download the policy from Ranger admin
8. ls -ltr /etc/ranger/hadoopdev/cred.jceks
Thanks,
Pradeep Agrawal
Re: Review Request 52775: RANGER-1185 : If cred.jceks is of zero
length it should be rebuilt
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52775/#review152444
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Oct. 12, 2016, 6:39 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52775/
> -----------------------------------------------------------
>
> (Updated Oct. 12, 2016, 6:39 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1185
> https://issues.apache.org/jira/browse/RANGER-1185
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:** If the .jceks file for a Ranger plugin in /etc/ranger/<clustername>_<servicename> becomes corrupted or zero length, The Ranger plugin for the service is not able to synchronise policy changes. the file is not rebuilt when the service in question is restarted.
>
> **Proposed Solution:** If .jceks file is of zero size then delete and recreate the jceks file.
>
>
> Diffs
> -----
>
> credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java e21d01e
>
> Diff: https://reviews.apache.org/r/52775/diff/
>
>
> Testing
> -------
>
> **STEPS TO REPRODUCE:**
> * Start with a working Ranger install with SSL enabled and Ranger plugin enabled for at least one service (e.g. hdfs)
> * cat /dev/null > /etc/ranger/hadoopdev/cred.jceks
> * Restart HDFS
> * cred.jceks file is not rebuilt and Ranger HDFS plugin will fail.
>
> **Steps Performed(with patch):**
> 1. Installed ranger-admin from Build having changed of proposed patch.
> 2. Started Ranger and enabled hdfs plugin. plugin was able to communicate to Ranger.
> 3. Stopped the hdfs
> 4. executed command : cat /dev/null > /etc/ranger/hadoopdev/cred.jceks
> 5. ls -ltr /etc/ranger/hadoopdev/cred.jceks
> 6. Started hdfs and enabled the hdfs plugin.
> 7. Ranger hdfs was started and plugin was able to communicate and download the policy from Ranger admin
> 8. ls -ltr /etc/ranger/hadoopdev/cred.jceks
>
>
> Thanks,
>
> Pradeep Agrawal
>
>