You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Jalpan Randeri (Jira)" <ji...@apache.org> on 2020/07/31 01:03:00 UTC
[jira] [Updated] (RANGER-2936) Support for policy download mode
configuration on plugin
[ https://issues.apache.org/jira/browse/RANGER-2936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jalpan Randeri updated RANGER-2936:
-----------------------------------
Attachment: 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch
> Support for policy download mode configuration on plugin
> --------------------------------------------------------
>
> Key: RANGER-2936
> URL: https://issues.apache.org/jira/browse/RANGER-2936
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Jalpan Randeri
> Priority: Minor
> Labels: newbie, pull-request-available
> Attachments: 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch
>
>
> h3. Description
> Ranger Plugins uses RangerAdminRESTClient to download policies. Ranger Admin server exposes two different endpoints for policy downloads
> # Secure mode
> # normal mode RangerAdminRESTClient select mode secure mode if Hadoop cluster is running in Kerberos. [https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java#L129]
> Since, Ranger admin server is capable of managing heterogeneous Hadoop clusters. Ranger plugins are unable to communicate with Ranger admin server under following scenario
> * Ranger Plugin is running on Hadoop cluster protected by Kerberos
> * Ranger Admin server is running in non-Kerberos mode
> Above mentioned scenario, ranger plugins are observing following error
> {quote}
> {{2020-06-13 03:47:20 WARN RangerAdminRESTClient:176 - [] Error getting policies.
> secureMode=true,
> user=hive (auth:KERBEROS),
> response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> ,
> serviceName=hivedev}}
> {quote}
> h3. How to this patch mitigate issue?
> This patch introduces boolean configuration {{ranger.plugin.\{service}.policyDownload.secureMode}} in RangerAdminRESTClient.
> * true use secure mode to download policies
> * false use simple mode to download policies
> Plugin will read this configuration to determine policy download mode
--
This message was sent by Atlassian Jira
(v8.3.4#803005)