You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2018/02/22 10:31:44 UTC
Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in
Ranger Admin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65752/
-----------------------------------------------------------
Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1990
https://issues.apache.org/jira/browse/RANGER-1990
Repository: ranger
Description
-------
**Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode.
**Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way). Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory.
Diffs
-----
kms/config/kms-webapp/dbks-site.xml a098db1
kms/scripts/db_setup.py 663d60d
kms/scripts/dba_script.py c0dc7a4
kms/scripts/install.properties 5d4945e
kms/scripts/ranger-kms c279bc1
kms/scripts/setup.sh 2da1e96
kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7
security-admin/scripts/db_setup.py 79d79d0
security-admin/scripts/dba_script.py c71ca42
security-admin/scripts/install.properties 268b8ac
security-admin/scripts/setup.sh 4d09bc2
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d
Diff: https://reviews.apache.org/r/65752/diff/1/
Testing
-------
Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations.
Thanks,
Pradeep Agrawal
Re: Review Request 65752: RANGER-1990: Add One-way SSL MySQL support
in Ranger Admin
Posted by Zsombor Gegesy <gz...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65752/#review198211
-----------------------------------------------------------
Ship it!
Ship It!
- Zsombor Gegesy
On Feb. 22, 2018, 10:31 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65752/
> -----------------------------------------------------------
>
> (Updated Feb. 22, 2018, 10:31 a.m.)
>
>
> Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1990
> https://issues.apache.org/jira/browse/RANGER-1990
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode.
>
> **Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way). Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml a098db1
> kms/scripts/db_setup.py 663d60d
> kms/scripts/dba_script.py c0dc7a4
> kms/scripts/install.properties 5d4945e
> kms/scripts/ranger-kms c279bc1
> kms/scripts/setup.sh 2da1e96
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7
> security-admin/scripts/db_setup.py 79d79d0
> security-admin/scripts/dba_script.py c71ca42
> security-admin/scripts/install.properties 268b8ac
> security-admin/scripts/setup.sh 4d09bc2
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d
>
>
> Diff: https://reviews.apache.org/r/65752/diff/1/
>
>
> Testing
> -------
>
> Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 65752: RANGER-1990: Add One-way SSL MySQL support
in Ranger Admin
Posted by Mehul Parikh <me...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65752/#review198275
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On Feb. 22, 2018, 10:31 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65752/
> -----------------------------------------------------------
>
> (Updated Feb. 22, 2018, 10:31 a.m.)
>
>
> Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1990
> https://issues.apache.org/jira/browse/RANGER-1990
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode.
>
> **Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way). Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml a098db1
> kms/scripts/db_setup.py 663d60d
> kms/scripts/dba_script.py c0dc7a4
> kms/scripts/install.properties 5d4945e
> kms/scripts/ranger-kms c279bc1
> kms/scripts/setup.sh 2da1e96
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7
> security-admin/scripts/db_setup.py 79d79d0
> security-admin/scripts/dba_script.py c71ca42
> security-admin/scripts/install.properties 268b8ac
> security-admin/scripts/setup.sh 4d09bc2
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d
>
>
> Diff: https://reviews.apache.org/r/65752/diff/1/
>
>
> Testing
> -------
>
> Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>