You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2017/03/29 18:05:45 UTC

Review Request 58034: 'Ranger KMS' repo is not getting created in manual installation

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/
-----------------------------------------------------------

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-1482
    https://issues.apache.org/jira/browse/RANGER-1482


Repository: ranger


Description
-------

When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created. 

The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003 


Diff: https://reviews.apache.org/r/58034/diff/1/


Testing
-------

Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.


Thanks,

Abhay Kulkarni

Re: Review Request 58034: 'Ranger KMS' repo is not getting created in manual installation

Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/
-----------------------------------------------------------

(Updated April 3, 2017, 9:11 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
-------

Addressed review comments


Bugs: RANGER-1482
    https://issues.apache.org/jira/browse/RANGER-1482


Repository: ranger


Description
-------

When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created. 

The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java 4d6acda 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003 


Diff: https://reviews.apache.org/r/58034/diff/3/

Changes: https://reviews.apache.org/r/58034/diff/2-3/


Testing
-------

Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.


Thanks,

Abhay Kulkarni

Re: Review Request 58034: 'Ranger KMS' repo is not getting created in manual installation

Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/#review170896
-----------------------------------------------------------


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
Lines 163 (patched)
<https://reviews.apache.org/r/58034/#comment243759>

    I think just the tag-name for the policy would be better - "EXPIRES_ON", instead of "expires_on-tag_policy"



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 2524 (patched)
<https://reviews.apache.org/r/58034/#comment243760>

    Consider excluding user names like {OWNER}, {USER} from here.


- Madhan Neethiraj


On March 31, 2017, 7:31 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58034/
> -----------------------------------------------------------
> 
> (Updated March 31, 2017, 7:31 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1482
>     https://issues.apache.org/jira/browse/RANGER-1482
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created. 
> 
> The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java 4d6acda 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003 
> 
> 
> Diff: https://reviews.apache.org/r/58034/diff/2/
> 
> 
> Testing
> -------
> 
> Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 58034: 'Ranger KMS' repo is not getting created in manual installation

Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/
-----------------------------------------------------------

(Updated March 31, 2017, 7:31 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
-------

Fixed the name of default tag policy.


Bugs: RANGER-1482
    https://issues.apache.org/jira/browse/RANGER-1482


Repository: ranger


Description
-------

When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created. 

The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java 4d6acda 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003 


Diff: https://reviews.apache.org/r/58034/diff/2/

Changes: https://reviews.apache.org/r/58034/diff/1-2/


Testing
-------

Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.


Thanks,

Abhay Kulkarni