You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2018/02/22 10:31:44 UTC

Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in Ranger Admin

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65752/
-----------------------------------------------------------

Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1990
    https://issues.apache.org/jira/browse/RANGER-1990


Repository: ranger


Description
-------

**Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode. 

**Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way).  Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory.


Diffs
-----

  kms/config/kms-webapp/dbks-site.xml a098db1 
  kms/scripts/db_setup.py 663d60d 
  kms/scripts/dba_script.py c0dc7a4 
  kms/scripts/install.properties 5d4945e 
  kms/scripts/ranger-kms c279bc1 
  kms/scripts/setup.sh 2da1e96 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7 
  security-admin/scripts/db_setup.py 79d79d0 
  security-admin/scripts/dba_script.py c71ca42 
  security-admin/scripts/install.properties 268b8ac 
  security-admin/scripts/setup.sh 4d09bc2 
  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d 


Diff: https://reviews.apache.org/r/65752/diff/1/


Testing
-------

Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations.


Thanks,

Pradeep Agrawal

Re: Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in Ranger Admin

Posted by Zsombor Gegesy <gz...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65752/#review198211
-----------------------------------------------------------


Ship it!




Ship It!

- Zsombor Gegesy


On Feb. 22, 2018, 10:31 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65752/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2018, 10:31 a.m.)
> 
> 
> Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1990
>     https://issues.apache.org/jira/browse/RANGER-1990
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode. 
> 
> **Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way).  Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory.
> 
> 
> Diffs
> -----
> 
>   kms/config/kms-webapp/dbks-site.xml a098db1 
>   kms/scripts/db_setup.py 663d60d 
>   kms/scripts/dba_script.py c0dc7a4 
>   kms/scripts/install.properties 5d4945e 
>   kms/scripts/ranger-kms c279bc1 
>   kms/scripts/setup.sh 2da1e96 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7 
>   security-admin/scripts/db_setup.py 79d79d0 
>   security-admin/scripts/dba_script.py c71ca42 
>   security-admin/scripts/install.properties 268b8ac 
>   security-admin/scripts/setup.sh 4d09bc2 
>   security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d 
> 
> 
> Diff: https://reviews.apache.org/r/65752/diff/1/
> 
> 
> Testing
> -------
> 
> Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in Ranger Admin

Posted by Mehul Parikh <me...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65752/#review198275
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On Feb. 22, 2018, 10:31 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65752/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2018, 10:31 a.m.)
> 
> 
> Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1990
>     https://issues.apache.org/jira/browse/RANGER-1990
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode. 
> 
> **Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way).  Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory.
> 
> 
> Diffs
> -----
> 
>   kms/config/kms-webapp/dbks-site.xml a098db1 
>   kms/scripts/db_setup.py 663d60d 
>   kms/scripts/dba_script.py c0dc7a4 
>   kms/scripts/install.properties 5d4945e 
>   kms/scripts/ranger-kms c279bc1 
>   kms/scripts/setup.sh 2da1e96 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7 
>   security-admin/scripts/db_setup.py 79d79d0 
>   security-admin/scripts/dba_script.py c71ca42 
>   security-admin/scripts/install.properties 268b8ac 
>   security-admin/scripts/setup.sh 4d09bc2 
>   security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d 
> 
> 
> Diff: https://reviews.apache.org/r/65752/diff/1/
> 
> 
> Testing
> -------
> 
> Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>