You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Jalpan Randeri (Jira)" <ji...@apache.org> on 2020/07/31 01:03:00 UTC

[jira] [Updated] (RANGER-2936) Support for policy download mode configuration on plugin

     [ https://issues.apache.org/jira/browse/RANGER-2936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jalpan Randeri updated RANGER-2936:
-----------------------------------
    Attachment: 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch

> Support for policy download mode configuration on plugin
> --------------------------------------------------------
>
>                 Key: RANGER-2936
>                 URL: https://issues.apache.org/jira/browse/RANGER-2936
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Jalpan Randeri
>            Priority: Minor
>              Labels: newbie, pull-request-available
>         Attachments: 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch
>
>
> h3. Description
> Ranger Plugins uses RangerAdminRESTClient to download policies. Ranger Admin server exposes two different endpoints for policy downloads
>  # Secure mode
>  # normal mode RangerAdminRESTClient select mode secure mode if Hadoop cluster is running in Kerberos. [https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java#L129]
> Since, Ranger admin server is capable of managing heterogeneous Hadoop clusters. Ranger plugins are unable to communicate with Ranger admin server under following scenario
>  * Ranger Plugin is running on Hadoop cluster protected by Kerberos
>  * Ranger Admin server is running in non-Kerberos mode
> Above mentioned scenario, ranger plugins are observing following error
> {quote} 
>  {{2020-06-13 03:47:20 WARN RangerAdminRESTClient:176 - [] Error getting policies.
>  secureMode=true,
>  user=hive (auth:KERBEROS),
>  response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> ,
>  serviceName=hivedev}}
> {quote}
> h3. How to this patch mitigate issue?
> This patch introduces boolean configuration {{ranger.plugin.\{service}.policyDownload.secureMode}} in RangerAdminRESTClient.
>  * true use secure mode to download policies
>  * false use simple mode to download policies
> Plugin will read this configuration to determine policy download mode



--
This message was sent by Atlassian Jira
(v8.3.4#803005)