You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Vishal Suvagia <vi...@yahoo.com> on 2017/02/07 16:28:00 UTC
Review Request 56394: Provide user-warning while upgrading clusters
to move certificates/keystores/truststores out of conf folder
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56394/
-----------------------------------------------------------
Review request for Ambari, Alejandro Fernandez, Gautam Borad, Mugdha Varadkar, Oliver Szabo, Sumit Mohanty, and Velmurugan Periasamy.
Bugs: AMBARI-19897
https://issues.apache.org/jira/browse/AMBARI-19897
Repository: ambari
Description
-------
As certificates/ keystores/ truststores present in /etc/ranger/*/conf path, this may affect the upgrade scenarios, where user needs to manually move the files to new conf directories.
Hence users upgrading to new stacks should be warned on prior basis to do the same manually (i.e move certificates/keystores/truststores out of conf folder).
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java 8d8f540
ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java PRE-CREATION
ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml 8da11ff
ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml 01fc102
ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml 046904b
ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml 70bb2ca
ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml 5b8351b
ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 2f07c97
ambari-server/src/test/java/org/apache/ambari/server/checks/RangerSSLConfigCheckTest.java PRE-CREATION
Diff: https://reviews.apache.org/r/56394/diff/
Testing (updated)
-------
Verified upgrade process after fresh install on Cent-os 6.
Thanks,
Vishal Suvagia
Re: Review Request 56394: Provide user-warning while upgrading
clusters to move certificates/keystores/truststores out of conf folder
Posted by Vishal Suvagia <vi...@yahoo.com>.
> On Feb. 9, 2017, 7:17 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java, line 328
> > <https://reviews.apache.org/r/56394/diff/1/?file=1626642#file1626642line328>
> >
> > Minor suggestions,
> > "default value of"
> >
> > ". Since the certificates/keystores/truststores in this path may affect the upgrade/downgrade process, it is recommended to manually move the certificates/keystores/truststores out of the conf folders and change the appropriate config values before proceeding.".
> >
> > Is this needed on all Ranger hosts?
> >
> > Can this be done instead with a custom python function?
> > We already have such logic for components like Namenode that need to take a backup.
> >
> > Can this be handled during the RU/EU as a manual step just before Ranger?
Hi Alejandro,
Can this be done instead with a custom python function? We already have such logic for components like Namenode that need to take a backup.
The motive is to just provide a check and a warning to the user to move existing certificate, keystore and truststore from the /etc/ranger/*/conf directories to another directories which may not be affected by RU/EU during upgrades/downgrades.Hence just a java check.
Can this be handled during the RU/EU as a manual step just before Ranger?
If the user is in the middle of an upgrade and is shows a information/warning to change the configurations.Then user will need to downgrade first, then do the required changes in configuration and then again try for an upgrade. Hence have preferred a warning check prior to upgrade, rather than showing the information in the middle of the upgrade.
Is this needed on all Ranger hosts?
Yes.
- Vishal
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56394/#review164978
-----------------------------------------------------------
On Feb. 7, 2017, 4:27 p.m., Vishal Suvagia wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56394/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2017, 4:27 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Mugdha Varadkar, Oliver Szabo, Sumit Mohanty, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-19897
> https://issues.apache.org/jira/browse/AMBARI-19897
>
>
> Repository: ambari
>
>
> Description
> -------
>
> As certificates/ keystores/ truststores present in /etc/ranger/*/conf path, this may affect the upgrade scenarios, where user needs to manually move the files to new conf directories.
> Hence users upgrading to new stacks should be warned on prior basis to do the same manually (i.e move certificates/keystores/truststores out of conf folder).
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java 8d8f540
> ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java PRE-CREATION
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml 8da11ff
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml 01fc102
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml 046904b
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml 70bb2ca
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml 5b8351b
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 2f07c97
> ambari-server/src/test/java/org/apache/ambari/server/checks/RangerSSLConfigCheckTest.java PRE-CREATION
>
> Diff: https://reviews.apache.org/r/56394/diff/
>
>
> Testing
> -------
>
> Verified upgrade process after fresh install on Cent-os 6.
>
>
> Thanks,
>
> Vishal Suvagia
>
>
Re: Review Request 56394: Provide user-warning while upgrading
clusters to move certificates/keystores/truststores out of conf folder
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56394/#review164978
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java (line 328)
<https://reviews.apache.org/r/56394/#comment236813>
Minor suggestions,
"default value of"
". Since the certificates/keystores/truststores in this path may affect the upgrade/downgrade process, it is recommended to manually move the certificates/keystores/truststores out of the conf folders and change the appropriate config values before proceeding.".
Is this needed on all Ranger hosts?
Can this be done instead with a custom python function?
We already have such logic for components like Namenode that need to take a backup.
Can this be handled during the RU/EU as a manual step just before Ranger?
ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java (line 53)
<https://reviews.apache.org/r/56394/#comment236815>
Is this only for upgrades to HDP 2.6?
If so, please add a comment here and in the upgrade packs so that future upgrades don't end up adding the PreCheck unnecessarily.
ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java (line 58)
<https://reviews.apache.org/r/56394/#comment236814>
Remove the trailing "/" in "/etc/ranger/admin/conf/"
- Alejandro Fernandez
On Feb. 7, 2017, 4:27 p.m., Vishal Suvagia wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56394/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2017, 4:27 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Mugdha Varadkar, Oliver Szabo, Sumit Mohanty, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-19897
> https://issues.apache.org/jira/browse/AMBARI-19897
>
>
> Repository: ambari
>
>
> Description
> -------
>
> As certificates/ keystores/ truststores present in /etc/ranger/*/conf path, this may affect the upgrade scenarios, where user needs to manually move the files to new conf directories.
> Hence users upgrading to new stacks should be warned on prior basis to do the same manually (i.e move certificates/keystores/truststores out of conf folder).
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java 8d8f540
> ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java PRE-CREATION
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml 8da11ff
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml 01fc102
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml 046904b
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml 70bb2ca
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml 5b8351b
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 2f07c97
> ambari-server/src/test/java/org/apache/ambari/server/checks/RangerSSLConfigCheckTest.java PRE-CREATION
>
> Diff: https://reviews.apache.org/r/56394/diff/
>
>
> Testing
> -------
>
> Verified upgrade process after fresh install on Cent-os 6.
>
>
> Thanks,
>
> Vishal Suvagia
>
>
Re: Review Request 56394: Provide user-warning while upgrading
clusters to move certificates/keystores/truststores out of conf folder
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56394/#review165366
-----------------------------------------------------------
Ship it!
Ship It!
- Alejandro Fernandez
On Feb. 10, 2017, 12:07 p.m., Vishal Suvagia wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56394/
> -----------------------------------------------------------
>
> (Updated Feb. 10, 2017, 12:07 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Mugdha Varadkar, Oliver Szabo, Sumit Mohanty, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-19897
> https://issues.apache.org/jira/browse/AMBARI-19897
>
>
> Repository: ambari
>
>
> Description
> -------
>
> As certificates/ keystores/ truststores present in /etc/ranger/*/conf path, this may affect the upgrade scenarios, where user needs to manually move the files to new conf directories.
> Hence users upgrading to new stacks should be warned on prior basis to do the same manually (i.e move certificates/keystores/truststores out of conf folder).
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java 8d8f540
> ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java PRE-CREATION
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml 8da11ff
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml 01fc102
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml 046904b
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml 70bb2ca
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml 5b8351b
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 2f07c97
> ambari-server/src/test/java/org/apache/ambari/server/checks/RangerSSLConfigCheckTest.java PRE-CREATION
>
> Diff: https://reviews.apache.org/r/56394/diff/
>
>
> Testing
> -------
>
> Verified upgrade process after fresh install on Cent-os 6.
>
>
> Thanks,
>
> Vishal Suvagia
>
>
Re: Review Request 56394: Provide user-warning while upgrading
clusters to move certificates/keystores/truststores out of conf folder
Posted by Vishal Suvagia <vi...@yahoo.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56394/
-----------------------------------------------------------
(Updated Feb. 10, 2017, 12:07 p.m.)
Review request for Ambari, Alejandro Fernandez, Gautam Borad, Mugdha Varadkar, Oliver Szabo, Sumit Mohanty, and Velmurugan Periasamy.
Changes
-------
Made changes as suggested.
Bugs: AMBARI-19897
https://issues.apache.org/jira/browse/AMBARI-19897
Repository: ambari
Description
-------
As certificates/ keystores/ truststores present in /etc/ranger/*/conf path, this may affect the upgrade scenarios, where user needs to manually move the files to new conf directories.
Hence users upgrading to new stacks should be warned on prior basis to do the same manually (i.e move certificates/keystores/truststores out of conf folder).
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java 8d8f540
ambari-server/src/main/java/org/apache/ambari/server/checks/RangerSSLConfigCheck.java PRE-CREATION
ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml 8da11ff
ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml 01fc102
ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml 046904b
ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml 70bb2ca
ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml 5b8351b
ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 2f07c97
ambari-server/src/test/java/org/apache/ambari/server/checks/RangerSSLConfigCheckTest.java PRE-CREATION
Diff: https://reviews.apache.org/r/56394/diff/
Testing
-------
Verified upgrade process after fresh install on Cent-os 6.
Thanks,
Vishal Suvagia