You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2017/03/29 18:05:45 UTC
Review Request 58034: 'Ranger KMS' repo is not getting created in
manual installation
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/
-----------------------------------------------------------
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-1482
https://issues.apache.org/jira/browse/RANGER-1482
Repository: ranger
Description
-------
When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created.
The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003
Diff: https://reviews.apache.org/r/58034/diff/1/
Testing
-------
Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.
Thanks,
Abhay Kulkarni
Re: Review Request 58034: 'Ranger KMS' repo is not getting created in
manual installation
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/
-----------------------------------------------------------
(Updated April 3, 2017, 9:11 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Addressed review comments
Bugs: RANGER-1482
https://issues.apache.org/jira/browse/RANGER-1482
Repository: ranger
Description
-------
When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created.
The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java 4d6acda
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003
Diff: https://reviews.apache.org/r/58034/diff/3/
Changes: https://reviews.apache.org/r/58034/diff/2-3/
Testing
-------
Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.
Thanks,
Abhay Kulkarni
Re: Review Request 58034: 'Ranger KMS' repo is not getting created in
manual installation
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/#review170896
-----------------------------------------------------------
Fix it, then Ship it!
agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
Lines 163 (patched)
<https://reviews.apache.org/r/58034/#comment243759>
I think just the tag-name for the policy would be better - "EXPIRES_ON", instead of "expires_on-tag_policy"
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 2524 (patched)
<https://reviews.apache.org/r/58034/#comment243760>
Consider excluding user names like {OWNER}, {USER} from here.
- Madhan Neethiraj
On March 31, 2017, 7:31 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58034/
> -----------------------------------------------------------
>
> (Updated March 31, 2017, 7:31 p.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-1482
> https://issues.apache.org/jira/browse/RANGER-1482
>
>
> Repository: ranger
>
>
> Description
> -------
>
> When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created.
>
> The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java 4d6acda
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003
>
>
> Diff: https://reviews.apache.org/r/58034/diff/2/
>
>
> Testing
> -------
>
> Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 58034: 'Ranger KMS' repo is not getting created in
manual installation
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/
-----------------------------------------------------------
(Updated March 31, 2017, 7:31 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Fixed the name of default tag policy.
Bugs: RANGER-1482
https://issues.apache.org/jira/browse/RANGER-1482
Repository: ranger
Description
-------
When KMS default policies are created as part of KMS repo creation, two service users (defined by Ranger-Admin configuration variables in ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and ranger.kms.service.user.hive) are expected to be pre-created. They are precreated when Ranger is installed with Ambari. For manual installation of Ranger, they may not have been pre-created before KMS repo is created.
The fix is to parse default policies that need to be created to find any users/groups that do not exist in Ranger, and create them before attempting to create default policies.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java 4d6acda
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 2a9c003
Diff: https://reviews.apache.org/r/58034/diff/2/
Changes: https://reviews.apache.org/r/58034/diff/1-2/
Testing
-------
Provided non-existent user-names as values of ranger.kms.service.user.hdfs and ranger.kms.service.user.hive configuration variables, and successfully created a KMS repo. The users configured as ranger.kms.service.user.hdfs and ranger.kms.service.user.hive were created in Ranger.
Thanks,
Abhay Kulkarni