You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by George Goh <ge...@spodon.com> on 2023/05/20 16:15:10 UTC
Postgres being unavailable for 30s to Ranger
Hi,
I'm pretty new to the Ranger ecosystem and learning about how it works with
the Apache Kafka project.
One of the projects I'm working with, uses Ranger to provide ACL to Kafka
topics, and uses an external postgres for datastore.
What is the effect to existing producers and consumers when/if postgres is
temporarily unavailable to Ranger (e.g., failover to secondary instance)?
Will there be a need to 'reconnect' and re-authorize to topics in this case?
Thanks in advance!
Re: Postgres being unavailable for 30s to Ranger
Posted by Davide Vergari <ve...@gmail.com>.
No, you're right ;)
Il sab 20 mag 2023, 18:38 George Goh <ge...@spodon.com> ha scritto:
> Thanks Davide for the super speedy response :-)
>
> Googling a little further on this, I find the following config[1]:
> <property>
> <name>ranger.plugin.kafka.policy.cache.dir</name>
> <value>/etc/ranger/kafkadev/policycache</value>
> <description>
> Directory where Ranger policies are cached after successful retrieval
> from the source
> </description>
> </property>
>
> Seems safe to say, as long as the directory defined in the property
> "ranger.plugin.kafka.policy.cache.dir" is healthy and not out of disk
> space, then I can be reasonably confident that existing authorizations are
> ok.
>
> Would I be making any wrong assumption here?
>
> [1]
> https://github.com/apache/ranger/blob/master/plugin-kafka/conf/ranger-kafka-security.xml
>
>
> On Sun, May 21, 2023 at 12:22 AM Davide Vergari <ve...@gmail.com>
> wrote:
>
>> No. Policies are cached on the hosts running the plugin (your Kafka
>> broker). If Ranger admin become unavailable (i.e. because of a failover of
>> the backend DB) you are unable to create new policies or manage existing,
>> but authorizations on topics are not affected
>>
>> Il sab 20 mag 2023, 18:15 George Goh <ge...@spodon.com> ha scritto:
>>
>>> Hi,
>>>
>>> I'm pretty new to the Ranger ecosystem and learning about how it works
>>> with the Apache Kafka project.
>>>
>>> One of the projects I'm working with, uses Ranger to provide ACL to
>>> Kafka topics, and uses an external postgres for datastore.
>>>
>>> What is the effect to existing producers and consumers when/if postgres
>>> is temporarily unavailable to Ranger (e.g., failover to secondary instance)?
>>>
>>> Will there be a need to 'reconnect' and re-authorize to topics in this
>>> case?
>>>
>>> Thanks in advance!
>>>
>>
Re: Postgres being unavailable for 30s to Ranger
Posted by George Goh <ge...@spodon.com>.
Thanks Davide for the super speedy response :-)
Googling a little further on this, I find the following config[1]:
<property>
<name>ranger.plugin.kafka.policy.cache.dir</name>
<value>/etc/ranger/kafkadev/policycache</value>
<description>
Directory where Ranger policies are cached after successful retrieval
from the source
</description>
</property>
Seems safe to say, as long as the directory defined in the property
"ranger.plugin.kafka.policy.cache.dir" is healthy and not out of disk
space, then I can be reasonably confident that existing authorizations are
ok.
Would I be making any wrong assumption here?
[1]
https://github.com/apache/ranger/blob/master/plugin-kafka/conf/ranger-kafka-security.xml
On Sun, May 21, 2023 at 12:22 AM Davide Vergari <ve...@gmail.com>
wrote:
> No. Policies are cached on the hosts running the plugin (your Kafka
> broker). If Ranger admin become unavailable (i.e. because of a failover of
> the backend DB) you are unable to create new policies or manage existing,
> but authorizations on topics are not affected
>
> Il sab 20 mag 2023, 18:15 George Goh <ge...@spodon.com> ha scritto:
>
>> Hi,
>>
>> I'm pretty new to the Ranger ecosystem and learning about how it works
>> with the Apache Kafka project.
>>
>> One of the projects I'm working with, uses Ranger to provide ACL to Kafka
>> topics, and uses an external postgres for datastore.
>>
>> What is the effect to existing producers and consumers when/if postgres
>> is temporarily unavailable to Ranger (e.g., failover to secondary instance)?
>>
>> Will there be a need to 'reconnect' and re-authorize to topics in this
>> case?
>>
>> Thanks in advance!
>>
>
Re: Postgres being unavailable for 30s to Ranger
Posted by Davide Vergari <ve...@gmail.com>.
No. Policies are cached on the hosts running the plugin (your Kafka
broker). If Ranger admin become unavailable (i.e. because of a failover of
the backend DB) you are unable to create new policies or manage existing,
but authorizations on topics are not affected
Il sab 20 mag 2023, 18:15 George Goh <ge...@spodon.com> ha scritto:
> Hi,
>
> I'm pretty new to the Ranger ecosystem and learning about how it works
> with the Apache Kafka project.
>
> One of the projects I'm working with, uses Ranger to provide ACL to Kafka
> topics, and uses an external postgres for datastore.
>
> What is the effect to existing producers and consumers when/if postgres is
> temporarily unavailable to Ranger (e.g., failover to secondary instance)?
>
> Will there be a need to 'reconnect' and re-authorize to topics in this
> case?
>
> Thanks in advance!
>