You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Dineshkumar Yadav <di...@outlook.com> on 2021/03/31 13:01:46 UTC
Re: Review Request 73226: RANGER-3206 : Enhance db_setup.py to allow
reading env variables set in ranger-admin-env scripts
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73226/
-----------------------------------------------------------
(Updated March 31, 2021, 1:01 p.m.)
Review request for ranger, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, and Vishal Suvagia.
Repository: ranger
Description
-------
During the upgrade Ranger admin may fail applying Java patch to change all admin password if hadoop.security.credstore.java-keystore-provider.password-file property is set in core-site.
This option uses a “side file” that has its location configured in the hadoop.security.credstore.java-keystore-provider.password-file configuration property to communicate the password that should be used when interrogating all of the keystores that are configured in the hadoop.security.credential.provider.path configuration property.
Solution : Enhanced db_setup.py to read environment value set in ranger-admin-env*.sh
This fix required below manual steps before upgrade.
1. ssh to ranger admin host
2. cd /etc/ranger/admin/conf/
3. vi ranger-admin-env-credstore.sh
4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the "ranger-admin-env-credstore.sh" file
5. chown ranger:ranger ranger-admin-env-credstore.sh
6. chmod 755 ranger-admin-env-credstore.sh
Diffs
-----
security-admin/scripts/db_setup.py 724a47b5a
Diff: https://reviews.apache.org/r/73226/diff/2/
Testing
-------
use case:
1. vi core-site.xml (under ranger conf path /etc/ranger/admin/conf in HDP or add from CM UI in HDFS service wide config)
<property>
<name>hadoop.security.credstore.java-keystore-provider.password-file</name>
<value>secure/password</value>
</property>
2. run db_setup.py to change the admin password
3. /usr/bin/python db_setup.py -changepassword -pair <userid> <current_pass> <new_pass>
this will give exception
after the fix db_setup.py runs successfully and the password gets changed.
Thanks,
Dineshkumar Yadav
Re: Review Request 73226: RANGER-3206 : Enhance db_setup.py to allow
reading env variables set in ranger-admin-env scripts
Posted by Dineshkumar Yadav <di...@outlook.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73226/
-----------------------------------------------------------
(Updated April 5, 2021, 5 a.m.)
Review request for ranger, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, and Vishal Suvagia.
Bugs: RANGER-3206
https://issues.apache.org/jira/browse/RANGER-3206
Repository: ranger
Description
-------
During the upgrade Ranger admin may fail applying Java patch to change all admin password if hadoop.security.credstore.java-keystore-provider.password-file property is set in core-site.
This option uses a “side file” that has its location configured in the hadoop.security.credstore.java-keystore-provider.password-file configuration property to communicate the password that should be used when interrogating all of the keystores that are configured in the hadoop.security.credential.provider.path configuration property.
Solution : Enhanced db_setup.py to read environment value set in ranger-admin-env*.sh
This fix required below manual steps before upgrade.
1. ssh to ranger admin host
2. cd /etc/ranger/admin/conf/
3. vi ranger-admin-env-credstore.sh
4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the "ranger-admin-env-credstore.sh" file
5. chown ranger:ranger ranger-admin-env-credstore.sh
6. chmod 755 ranger-admin-env-credstore.sh
Diffs
-----
security-admin/scripts/db_setup.py 724a47b5a
Diff: https://reviews.apache.org/r/73226/diff/2/
Testing
-------
use case:
1. vi core-site.xml (under ranger conf path /etc/ranger/admin/conf in HDP or add from CM UI in HDFS service wide config)
<property>
<name>hadoop.security.credstore.java-keystore-provider.password-file</name>
<value>secure/password</value>
</property>
2. run db_setup.py to change the admin password
3. /usr/bin/python db_setup.py -changepassword -pair <userid> <current_pass> <new_pass>
this will give exception
after the fix db_setup.py runs successfully and the password gets changed.
Thanks,
Dineshkumar Yadav