You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Gautam Borad <gb...@gmail.com> on 2015/05/29 21:28:29 UTC
Review Request 34824: AMBARI-11537 : Fixes required for SSL Issues on
Ranger with new properties
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/
-----------------------------------------------------------
Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
Bugs: AMBARI-11537
https://issues.apache.org/jira/browse/AMBARI-11537
Repository: ambari
Description
-------
Added the following fixes for Ranger to support SSL with new properties
1] conf/cert/unixauthservice.jks file is not copied during install
2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
3] Use ranger.service.http.port instead of kms_port (in KMS)
Diffs
-----
ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
ambari-web/app/data/HDP2.3/site_properties.js 3527e17
Diff: https://reviews.apache.org/r/34824/diff/
Testing
-------
Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
----------------------------------------------------------------------
Ran 235 tests in 7.472s
OK
----------------------------------------------------------------------
Total run:744
Total errors:0
Total failures:0
OK
Thanks,
Gautam Borad
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Andrew Onischuk <ao...@hortonworks.com>.
> On May 29, 2015, 10:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py, line 149
> > <https://reviews.apache.org/r/34824/diff/1/?file=974579#file974579line149>
> >
> > This needs to check if the property above is valid.
> > ranger_admin_hosts = default('/clusterHostInfo/ranger_admin_hosts', [])
I think for Ranger it always is in place.
- Andrew
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85827
-----------------------------------------------------------
On May 29, 2015, 7:28 p.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 29, 2015, 7:28 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Gautam Borad <gb...@gmail.com>.
> On May 29, 2015, 10:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py, line 149
> > <https://reviews.apache.org/r/34824/diff/1/?file=974579#file974579line149>
> >
> > This needs to check if the property above is valid.
> > ranger_admin_hosts = default('/clusterHostInfo/ranger_admin_hosts', [])
>
> Andrew Onischuk wrote:
> I think for Ranger it always is in place.
As per Andrews comment, this will always be present.
> On May 29, 2015, 10:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py, line 45
> > <https://reviews.apache.org/r/34824/diff/1/?file=974580#file974580line45>
> >
> > Are there any other valid response codes besides 200?
No, Ranger will return 200 if everything is up and running.
> On May 29, 2015, 10:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py, line 279
> > <https://reviews.apache.org/r/34824/diff/1/?file=974583#file974583line279>
> >
> > Does the credential_file directory need to be created first?
The credential_file is defined as ```credential_file = format('/etc/ranger/{repo_name}/cred.jceks')```
and we already create a directory before the code in question as :
```
Directory([os.path.join('/etc', 'ranger', params.repo_name), os.path.join('/etc', 'ranger', params.repo_name, 'policycache')],
owner = params.kms_user,
group = params.kms_group,
mode=0775,
recursive = True
)
```
- Gautam
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85827
-----------------------------------------------------------
On May 29, 2015, 7:28 p.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 29, 2015, 7:28 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85827
-----------------------------------------------------------
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
<https://reviews.apache.org/r/34824/#comment137655>
This needs to check if the property above is valid.
ranger_admin_hosts = default('/clusterHostInfo/ranger_admin_hosts', [])
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py
<https://reviews.apache.org/r/34824/#comment137656>
Are there any other valid response codes besides 200?
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
<https://reviews.apache.org/r/34824/#comment137657>
Does the credential_file directory need to be created first?
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
<https://reviews.apache.org/r/34824/#comment137658>
Does this need a description?
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json
<https://reviews.apache.org/r/34824/#comment137659>
Can you remove all of the unrelated properties for Spark, Kafka, etc.?
- Alejandro Fernandez
On May 29, 2015, 7:28 p.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 29, 2015, 7:28 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Gautam Borad <gb...@gmail.com>.
> On May 29, 2015, 10:28 p.m., Andrew Onischuk wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml, line 101
> > <https://reviews.apache.org/r/34824/diff/1/?file=974578#file974578line101>
> >
> > Cannot we just substitute {{ranger_host}} here?
Andrew, we cannot substitute this property because there are scenarios like: https, loadbalancer etc. where we would want the user to enter this value.
- Gautam
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85830
-----------------------------------------------------------
On May 29, 2015, 7:28 p.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 29, 2015, 7:28 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Gautam Borad <gb...@gmail.com>.
> On May 29, 2015, 10:28 p.m., Andrew Onischuk wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml, line 101
> > <https://reviews.apache.org/r/34824/diff/1/?file=974578#file974578line101>
> >
> > Cannot we just substitute {{ranger_host}} here?
>
> Gautam Borad wrote:
> Andrew, we cannot substitute this property because there are scenarios like: https, loadbalancer etc. where we would want the user to enter this value.
>
> Andrew Onischuk wrote:
> What about providing default, and in that scenarios ask to change?
Users were missing this field when we keep localhost as default. This caused some confusions and we decided to make the entry blank, so user can fill the right value.
- Gautam
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85830
-----------------------------------------------------------
On May 30, 2015, 11:43 a.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 30, 2015, 11:43 a.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml 7052dbc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b0f56a5
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml 43d5050
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml 0c57c23
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml 12c4c51
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ecf0cc0
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml 026c80b
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Andrew Onischuk <ao...@hortonworks.com>.
> On May 29, 2015, 10:28 p.m., Andrew Onischuk wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml, line 101
> > <https://reviews.apache.org/r/34824/diff/1/?file=974578#file974578line101>
> >
> > Cannot we just substitute {{ranger_host}} here?
>
> Gautam Borad wrote:
> Andrew, we cannot substitute this property because there are scenarios like: https, loadbalancer etc. where we would want the user to enter this value.
What about providing default, and in that scenarios ask to change?
- Andrew
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85830
-----------------------------------------------------------
On May 30, 2015, 11:43 a.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 30, 2015, 11:43 a.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml 7052dbc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b0f56a5
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml 43d5050
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml 0c57c23
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml 12c4c51
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ecf0cc0
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml 026c80b
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85830
-----------------------------------------------------------
ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
<https://reviews.apache.org/r/34824/#comment137663>
Cannot we just substitute {{ranger_host}} here?
- Andrew Onischuk
On May 29, 2015, 7:28 p.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 29, 2015, 7:28 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/#review85872
-----------------------------------------------------------
Ship it!
Fix it, and Ship It
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json
<https://reviews.apache.org/r/34824/#comment137717>
Can remove spark-defaults, spark-env, spark-metric-properties, etc. completely since they don't contain any values.
- Alejandro Fernandez
On May 30, 2015, 11:43 a.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34824/
> -----------------------------------------------------------
>
> (Updated May 30, 2015, 11:43 a.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
>
>
> Bugs: AMBARI-11537
> https://issues.apache.org/jira/browse/AMBARI-11537
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Added the following fixes for Ranger to support SSL with new properties
> 1] conf/cert/unixauthservice.jks file is not copied during install
> 2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
> 3] Use ranger.service.http.port instead of kms_port (in KMS)
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml 7052dbc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b0f56a5
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml 43d5050
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml 0c57c23
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
> ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml 12c4c51
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ecf0cc0
> ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
> ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
> ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml 026c80b
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
> ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
> ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
> ambari-web/app/data/HDP2.3/site_properties.js 3527e17
>
> Diff: https://reviews.apache.org/r/34824/diff/
>
>
> Testing
> -------
>
> Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
>
> ----------------------------------------------------------------------
> Ran 235 tests in 7.472s
>
> OK
> ----------------------------------------------------------------------
> Total run:744
> Total errors:0
> Total failures:0
> OK
>
>
> Thanks,
>
> Gautam Borad
>
>
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Gautam Borad <gb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/
-----------------------------------------------------------
(Updated May 30, 2015, 7:13 p.m.)
Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
Changes
-------
Fixed test case comment.
Bugs: AMBARI-11537
https://issues.apache.org/jira/browse/AMBARI-11537
Repository: ambari
Description
-------
Added the following fixes for Ranger to support SSL with new properties
1] conf/cert/unixauthservice.jks file is not copied during install
2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
3] Use ranger.service.http.port instead of kms_port (in KMS)
Diffs (updated)
-----
ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml 7052dbc
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b0f56a5
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml 43d5050
ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml 0c57c23
ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml 12c4c51
ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ecf0cc0
ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml 026c80b
ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
ambari-web/app/data/HDP2.3/site_properties.js 3527e17
Diff: https://reviews.apache.org/r/34824/diff/
Testing
-------
Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
----------------------------------------------------------------------
Ran 235 tests in 7.472s
OK
----------------------------------------------------------------------
Total run:744
Total errors:0
Total failures:0
OK
Thanks,
Gautam Borad
Re: Review Request 34824: AMBARI-11537 : Fixes required for SSL
Issues on Ranger with new properties
Posted by Gautam Borad <gb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34824/
-----------------------------------------------------------
(Updated May 30, 2015, 11:43 a.m.)
Review request for Ambari, Alejandro Fernandez, Aleksandr Kovalenko, Andrew Onischuk, Selvamohan Neethiraj, Srimanth Gunturi, and Velmurugan Periasamy.
Changes
-------
Address review request comments.
Bugs: AMBARI-11537
https://issues.apache.org/jira/browse/AMBARI-11537
Repository: ambari
Description
-------
Added the following fixes for Ranger to support SSL with new properties
1] conf/cert/unixauthservice.jks file is not copied during install
2] UnixAuthenticationService is looking for usersync.ssl.key.password, but Ambari setup scripts are updating the credential store with usersync_ssl_key_password.
3] Use ranger.service.http.port instead of kms_port (in KMS)
Diffs (updated)
-----
ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py cfa51da
ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml 1862f37
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py 7a6dacf
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py 0a2f5ae
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py d845eb4
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml 7052dbc
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b0f56a5
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml 5446dcd
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py 9f274bc
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py 9b806eb
ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b7f80b9
ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml 43d5050
ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml a2b6362
ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml 0c57c23
ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml 057978f
ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml 12c4c51
ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml 6aa5101
ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ecf0cc0
ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml d20a68b
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b9da3a5
ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml acd77a1
ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ad08922
ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml 776b000
ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml 026c80b
ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py 8448bf5
ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py 6464efc
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json PRE-CREATION
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json PRE-CREATION
ambari-web/app/data/HDP2.3/site_properties.js 3527e17
Diff: https://reviews.apache.org/r/34824/diff/
Testing
-------
Tested on a centos6 clusted with Ranger / Ranger KMS and enabled SSL.
----------------------------------------------------------------------
Ran 235 tests in 7.472s
OK
----------------------------------------------------------------------
Total run:744
Total errors:0
Total failures:0
OK
Thanks,
Gautam Borad