You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@kudu.apache.org by "Hao Hao (Code Review)" <ge...@cloudera.org> on 2019/07/23 22:21:04 UTC

[kudu-CR] docs: add the required config for Sentry

Hao Hao has uploaded this change for review. ( http://gerrit.cloudera.org:8080/13902


Change subject: docs: add the required config for Sentry
......................................................................

docs: add the required config for Sentry

Staged version here:
https://github.com/haohaoc/kudu/blob/master/docs/security.adoc

Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
---
M docs/security.adoc
1 file changed, 7 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/02/13902/1
-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 1
Gerrit-Owner: Hao Hao <ha...@cloudera.com>

[kudu-CR] docs: add the required config for Sentry

Posted by "Andrew Wong (Code Review)" <ge...@cloudera.org>.

Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 2: Code-Review+1

(1 comment)

http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc
File docs/security.adoc:

http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc@302
PS2, Line 302: servers:
nit: should we mention it's the sentry-site.xml file specifically? Are there other XML files that this might refer to?



-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 2
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 23:03:19 +0000
Gerrit-HasComments: Yes

[kudu-CR] docs: add the required config for Sentry

Posted by "Andrew Wong (Code Review)" <ge...@cloudera.org>.

Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 1:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/13902/1//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/13902/1//COMMIT_MSG@7
PS1, Line 7: docs: add the required config for Sentry
> Could you add a note that this is for upstream only?
Maybe something like, "Thirdparty cluster management software like Cloudera Manager may configure these automatically. If not using such software, it's necessary to set these configurations manually."


http://gerrit.cloudera.org:8080/#/c/13902/1/docs/security.adoc
File docs/security.adoc:

http://gerrit.cloudera.org:8080/#/c/13902/1/docs/security.adoc@306
PS1, Line 306: ---sentry.service.allow.connect=kudu
             : ---sentry.service.admin.group=kudu
Aren't these defined as XML configs? Like those defined here: https://kudu.apache.org/docs/hive_metastore.html#_enabling_the_hive_metastore_integration



-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 1
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 22:38:38 +0000
Gerrit-HasComments: Yes

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hao Hao has removed a vote on this change.

Change subject: docs: add the required config for Sentry
......................................................................


Removed Verified-1 by Kudu Jenkins (120)
-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteVote
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 3
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] docs: add the required config for Sentry

Posted by "Andrew Wong (Code Review)" <ge...@cloudera.org>.

Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 2: Code-Review+2

One nit question, otherwise LGTM


-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 2
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 23:03:57 +0000
Gerrit-HasComments: No

[kudu-CR] docs: add the required config for Sentry

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 2: -Verified Code-Review+1


-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 2
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 23:21:28 +0000
Gerrit-HasComments: No

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 2:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/13902/1//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/13902/1//COMMIT_MSG@7
PS1, Line 7: docs: add the required config for Sentry
> Maybe something like, "Thirdparty cluster management software like Cloudera
Done


http://gerrit.cloudera.org:8080/#/c/13902/1/docs/security.adoc
File docs/security.adoc:

http://gerrit.cloudera.org:8080/#/c/13902/1/docs/security.adoc@306
PS1, Line 306: <property>
             :   <name>sentry.service.allow.conne
> Aren't these defined as XML configs? Like those defined here: https://kudu.
Done



-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 2
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 22:47:52 +0000
Gerrit-HasComments: Yes

[kudu-CR] docs: add the required config for Sentry

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 3: Code-Review+2


-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 3
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 24 Jul 2019 01:49:15 +0000
Gerrit-HasComments: No

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hello Alex Rodoni, Kudu Jenkins, Andrew Wong, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/13902

to look at the new patch set (#2).

Change subject: docs: add the required config for Sentry
......................................................................

docs: add the required config for Sentry

This commit adds the required config for fine-grained authz in Sentry.
Thirdparty cluster management software like Cloudera Manager may
configure these automatically. If not using such software, it's
necessary to set these configurations manually.

Staged version here:
https://github.com/haohaoc/kudu/blob/master/docs/security.adoc

Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
---
M docs/security.adoc
1 file changed, 14 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/02/13902/2
-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 2
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hao Hao has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................

docs: add the required config for Sentry

This commit adds the required config for fine-grained authz in Sentry.
Thirdparty cluster management software like Cloudera Manager may
configure these automatically. If not using such software, it's
necessary to set these configurations manually.

Staged version here:
https://github.com/haohaoc/kudu/blob/master/docs/security.adoc

Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Reviewed-on: http://gerrit.cloudera.org:8080/13902
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Tested-by: Hao Hao <ha...@cloudera.com>
---
M docs/security.adoc
1 file changed, 14 insertions(+), 0 deletions(-)

Approvals:
  Alexey Serbin: Looks good to me, approved
  Hao Hao: Verified

-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 4
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] docs: add the required config for Sentry

Posted by "Alex Rodoni (Code Review)" <ge...@cloudera.org>.

Alex Rodoni has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 1:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/13902/1//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/13902/1//COMMIT_MSG@7
PS1, Line 7: docs: add the required config for Sentry
Could you add a note that this is for upstream only?



-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 1
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 22:22:45 +0000
Gerrit-HasComments: Yes

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 3:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc
File docs/security.adoc:

http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc@302
PS2, Line 302: e.xml` o
> nit: should we mention it's the sentry-site.xml file specifically? Are ther
Yeah, good point.

No, only sentry-site.xml is involved.


http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc@304
PS2, Line 304: # This example setup configures the Kudu service user as a privileged user to be
             : # able to
> nit: it would be nice to add a hint why this is necessary
Done



-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 3
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 24 Jul 2019 01:42:11 +0000
Gerrit-HasComments: Yes

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hello Alex Rodoni, Alexey Serbin, Kudu Jenkins, Andrew Wong, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/13902

to look at the new patch set (#3).

Change subject: docs: add the required config for Sentry
......................................................................

docs: add the required config for Sentry

This commit adds the required config for fine-grained authz in Sentry.
Thirdparty cluster management software like Cloudera Manager may
configure these automatically. If not using such software, it's
necessary to set these configurations manually.

Staged version here:
https://github.com/haohaoc/kudu/blob/master/docs/security.adoc

Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
---
M docs/security.adoc
1 file changed, 14 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/02/13902/3
-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 3
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] docs: add the required config for Sentry

Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.

Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 3: Verified+1

Unrelated flaky test


-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 3
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 24 Jul 2019 17:47:51 +0000
Gerrit-HasComments: No

[kudu-CR] docs: add the required config for Sentry

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13902 )

Change subject: docs: add the required config for Sentry
......................................................................


Patch Set 2: Verified+1

(1 comment)

http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc
File docs/security.adoc:

http://gerrit.cloudera.org:8080/#/c/13902/2/docs/security.adoc@304
PS2, Line 304: # This example setup configures the Kudu service user as a privileged user in
             : # Sentry.
nit: it would be nice to add a hint why this is necessary



-- 
To view, visit http://gerrit.cloudera.org:8080/13902
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Gerrit-Change-Number: 13902
Gerrit-PatchSet: 2
Gerrit-Owner: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Alex Rodoni <ar...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Tue, 23 Jul 2019 23:21:20 +0000
Gerrit-HasComments: Yes