You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2016/05/24 19:13:12 UTC
Review Request 47789: RANGER-994:Enable Audit to Secure Solr
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47789/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Repository: ranger
Description
-------
RANGER-994:Enable Audit to Secure Solr
Diffs
-----
agents-audit/pom.xml 35ef2b6
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 43b8244
agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java PRE-CREATION
hbase-agent/pom.xml 4a2a25f
hdfs-agent/pom.xml f5e42eb
hive-agent/pom.xml a7ee08b
kms/pom.xml a9f6c6c
knox-agent/pom.xml 20d8237
plugin-kafka/pom.xml e148539
plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java fc82dfd
plugin-yarn/pom.xml 92c7dfb
pom.xml 327f30c
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b9caa76
security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java 913b9f0
src/main/assembly/hdfs-agent.xml f0fbe19
src/main/assembly/hive-agent.xml 92a312a
src/main/assembly/knox-agent.xml 0657e87
src/main/assembly/plugin-solr.xml c96e63f
src/main/assembly/plugin-yarn.xml 19e88d4
storm-agent/pom.xml c816644
Diff: https://reviews.apache.org/r/47789/diff/
Testing
-------
Tested in Secure Cluster.
For Ranger UI to work JAAS config for sorlclient has to be addded to ranger-admin-site.xml
For Ranger Plugins JASS config for sorlclient has to be addded to ranger-<component>-site.xml
Config to be added.
JAAS.inmemory.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
JAAS.inmemory.Client.loginModuleControlFlag=required
JAAS.inmemory.Client.option.useKeyTab=true
JAAS.inmemory.Client.option.debug=true
JAAS.inmemory.Client.option.doNotPrompt=true
JAAS.inmemory.Client.option.storeKey=false
JAAS.inmemory.Client.option.serviceName=solr
JAAS.inmemory.Client.option.keyTab=/etc/security/keytabs/solrclient.keytab
JAAS.inmemory.Client.option.principal=solrclient@EXAMPLE.COM
Thanks,
Ramesh Mani
Re: Review Request 47789: RANGER-994: Ranger support Audit to Secure
Solr
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47789/#review136210
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On June 3, 2016, 12:50 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47789/
> -----------------------------------------------------------
>
> (Updated June 3, 2016, 12:50 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-994: Ranger support Audit to Secure Solr
>
>
> Diffs
> -----
>
> agents-audit/pom.xml 35ef2b6
> agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 43b8244
> agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java PRE-CREATION
> hbase-agent/pom.xml 4a2a25f
> hdfs-agent/pom.xml f5e42eb
> hive-agent/pom.xml a7ee08b
> kms/pom.xml a9f6c6c
> knox-agent/pom.xml 20d8237
> plugin-kafka/pom.xml e148539
> plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java fc82dfd
> plugin-yarn/pom.xml 92c7dfb
> pom.xml 29292a7
> security-admin/contrib/solr_for_audit_setup/setup.sh 1c05762
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b9caa76
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java 433f5c9
> security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java 913b9f0
> src/main/assembly/hdfs-agent.xml f0fbe19
> src/main/assembly/hive-agent.xml 92a312a
> src/main/assembly/knox-agent.xml 0657e87
> src/main/assembly/plugin-solr.xml c96e63f
> src/main/assembly/plugin-yarn.xml 19e88d4
> storm-agent/pom.xml c816644
>
> Diff: https://reviews.apache.org/r/47789/diff/
>
>
> Testing
> -------
>
> Tested in Secure Cluster.
>
> For Ranger UI to work JAAS config for sorlclient has to be addded to ranger-admin-site.xml
>
> For Ranger Plugins JASS config for sorlclient has to be addded to ranger-<component>-site.xml
>
>
> Config to be added.
>
> xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> xasecure.audit.jaas.Client.loginModuleControlFlag=required
> xasecure.audit.jaas.Client.option.useKeyTab=true
> xasecure.audit.jaas.Client.option.debug=true
> xasecure.audit.jaas.Client.option.doNotPrompt=true
> xasecure.audit.jaas.Client.option.storeKey=false
> xasecure.audit.jaas.Client.option.serviceName=solr
> xasecure.audit.jaas.Client.option.keyTab=/etc/security/keytabs/solrclient.keytab
> xasecure.audit.jaas.Client.option.principal=solrclient@EXAMPLE.COM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 47789: RANGER-994: Ranger support Audit to Secure
Solr
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47789/
-----------------------------------------------------------
(Updated June 3, 2016, 12:50 a.m.)
Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Repository: ranger
Description
-------
RANGER-994: Ranger support Audit to Secure Solr
Diffs
-----
agents-audit/pom.xml 35ef2b6
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 43b8244
agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java PRE-CREATION
hbase-agent/pom.xml 4a2a25f
hdfs-agent/pom.xml f5e42eb
hive-agent/pom.xml a7ee08b
kms/pom.xml a9f6c6c
knox-agent/pom.xml 20d8237
plugin-kafka/pom.xml e148539
plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java fc82dfd
plugin-yarn/pom.xml 92c7dfb
pom.xml 29292a7
security-admin/contrib/solr_for_audit_setup/setup.sh 1c05762
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b9caa76
security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java 433f5c9
security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java 913b9f0
src/main/assembly/hdfs-agent.xml f0fbe19
src/main/assembly/hive-agent.xml 92a312a
src/main/assembly/knox-agent.xml 0657e87
src/main/assembly/plugin-solr.xml c96e63f
src/main/assembly/plugin-yarn.xml 19e88d4
storm-agent/pom.xml c816644
Diff: https://reviews.apache.org/r/47789/diff/
Testing (updated)
-------
Tested in Secure Cluster.
For Ranger UI to work JAAS config for sorlclient has to be addded to ranger-admin-site.xml
For Ranger Plugins JASS config for sorlclient has to be addded to ranger-<component>-site.xml
Config to be added.
xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
xasecure.audit.jaas.Client.loginModuleControlFlag=required
xasecure.audit.jaas.Client.option.useKeyTab=true
xasecure.audit.jaas.Client.option.debug=true
xasecure.audit.jaas.Client.option.doNotPrompt=true
xasecure.audit.jaas.Client.option.storeKey=false
xasecure.audit.jaas.Client.option.serviceName=solr
xasecure.audit.jaas.Client.option.keyTab=/etc/security/keytabs/solrclient.keytab
xasecure.audit.jaas.Client.option.principal=solrclient@EXAMPLE.COM
Thanks,
Ramesh Mani
Re: Review Request 47789: RANGER-994: Ranger support Audit to Secure
Solr
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47789/
-----------------------------------------------------------
(Updated June 1, 2016, 8:28 p.m.)
Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Changes
-------
Patch after corrrecting the review comments
Repository: ranger
Description
-------
RANGER-994: Ranger support Audit to Secure Solr
Diffs (updated)
-----
agents-audit/pom.xml 35ef2b6
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 43b8244
agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java PRE-CREATION
hbase-agent/pom.xml 4a2a25f
hdfs-agent/pom.xml f5e42eb
hive-agent/pom.xml a7ee08b
kms/pom.xml a9f6c6c
knox-agent/pom.xml 20d8237
plugin-kafka/pom.xml e148539
plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java fc82dfd
plugin-yarn/pom.xml 92c7dfb
pom.xml 29292a7
security-admin/contrib/solr_for_audit_setup/setup.sh 1c05762
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b9caa76
security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java 433f5c9
security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java 913b9f0
src/main/assembly/hdfs-agent.xml f0fbe19
src/main/assembly/hive-agent.xml 92a312a
src/main/assembly/knox-agent.xml 0657e87
src/main/assembly/plugin-solr.xml c96e63f
src/main/assembly/plugin-yarn.xml 19e88d4
storm-agent/pom.xml c816644
Diff: https://reviews.apache.org/r/47789/diff/
Testing
-------
Tested in Secure Cluster.
For Ranger UI to work JAAS config for sorlclient has to be addded to ranger-admin-site.xml
For Ranger Plugins JASS config for sorlclient has to be addded to ranger-<component>-site.xml
Config to be added.
JAAS.inmemory.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
JAAS.inmemory.Client.loginModuleControlFlag=required
JAAS.inmemory.Client.option.useKeyTab=true
JAAS.inmemory.Client.option.debug=true
JAAS.inmemory.Client.option.doNotPrompt=true
JAAS.inmemory.Client.option.storeKey=false
JAAS.inmemory.Client.option.serviceName=solr
JAAS.inmemory.Client.option.keyTab=/etc/security/keytabs/solrclient.keytab
JAAS.inmemory.Client.option.principal=solrclient@EXAMPLE.COM
Thanks,
Ramesh Mani
Re: Review Request 47789: RANGER-994: Ranger support Audit to Secure
Solr
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47789/#review135734
-----------------------------------------------------------
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java (line 51)
<https://reviews.apache.org/r/47789/#comment200798>
"PROP_SOLR_KERBEROR" ==> PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG"
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java (line 234)
<https://reviews.apache.org/r/47789/#comment200796>
Include exception object in LOG.error() call.
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java (line 235)
<https://reviews.apache.org/r/47789/#comment200795>
LOG.debug() is not necessary, as the same message is logged above with 'error' priority.
agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java (line 101)
<https://reviews.apache.org/r/47789/#comment200797>
"JAAS.inmemory." ==> "xasecure.audit.jaas."
- Madhan Neethiraj
On May 25, 2016, 10:41 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47789/
> -----------------------------------------------------------
>
> (Updated May 25, 2016, 10:41 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-994: Ranger support Audit to Secure Solr
>
>
> Diffs
> -----
>
> agents-audit/pom.xml 35ef2b6
> agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 43b8244
> agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java PRE-CREATION
> hbase-agent/pom.xml 4a2a25f
> hdfs-agent/pom.xml f5e42eb
> hive-agent/pom.xml a7ee08b
> kms/pom.xml a9f6c6c
> knox-agent/pom.xml 20d8237
> plugin-kafka/pom.xml e148539
> plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java fc82dfd
> plugin-yarn/pom.xml 92c7dfb
> pom.xml 327f30c
> security-admin/contrib/solr_for_audit_setup/setup.sh 1c05762
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b9caa76
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java 433f5c9
> security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java 913b9f0
> src/main/assembly/hdfs-agent.xml f0fbe19
> src/main/assembly/hive-agent.xml 92a312a
> src/main/assembly/knox-agent.xml 0657e87
> src/main/assembly/plugin-solr.xml c96e63f
> src/main/assembly/plugin-yarn.xml 19e88d4
> storm-agent/pom.xml c816644
>
> Diff: https://reviews.apache.org/r/47789/diff/
>
>
> Testing
> -------
>
> Tested in Secure Cluster.
>
> For Ranger UI to work JAAS config for sorlclient has to be addded to ranger-admin-site.xml
>
> For Ranger Plugins JASS config for sorlclient has to be addded to ranger-<component>-site.xml
>
>
> Config to be added.
>
> JAAS.inmemory.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> JAAS.inmemory.Client.loginModuleControlFlag=required
> JAAS.inmemory.Client.option.useKeyTab=true
> JAAS.inmemory.Client.option.debug=true
> JAAS.inmemory.Client.option.doNotPrompt=true
> JAAS.inmemory.Client.option.storeKey=false
> JAAS.inmemory.Client.option.serviceName=solr
> JAAS.inmemory.Client.option.keyTab=/etc/security/keytabs/solrclient.keytab
> JAAS.inmemory.Client.option.principal=solrclient@EXAMPLE.COM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 47789: RANGER-994: Ranger support Audit to Secure
Solr
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47789/
-----------------------------------------------------------
(Updated May 25, 2016, 10:41 p.m.)
Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Changes
-------
Adding db to solr migration script change and addition notes in solr setup.sh
Summary (updated)
-----------------
RANGER-994: Ranger support Audit to Secure Solr
Repository: ranger
Description (updated)
-------
RANGER-994: Ranger support Audit to Secure Solr
Diffs (updated)
-----
agents-audit/pom.xml 35ef2b6
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 43b8244
agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java PRE-CREATION
hbase-agent/pom.xml 4a2a25f
hdfs-agent/pom.xml f5e42eb
hive-agent/pom.xml a7ee08b
kms/pom.xml a9f6c6c
knox-agent/pom.xml 20d8237
plugin-kafka/pom.xml e148539
plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java fc82dfd
plugin-yarn/pom.xml 92c7dfb
pom.xml 327f30c
security-admin/contrib/solr_for_audit_setup/setup.sh 1c05762
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b9caa76
security-admin/src/main/java/org/apache/ranger/patch/cliutil/DbToSolrMigrationUtil.java 433f5c9
security-admin/src/main/java/org/apache/ranger/solr/SolrMgr.java 913b9f0
src/main/assembly/hdfs-agent.xml f0fbe19
src/main/assembly/hive-agent.xml 92a312a
src/main/assembly/knox-agent.xml 0657e87
src/main/assembly/plugin-solr.xml c96e63f
src/main/assembly/plugin-yarn.xml 19e88d4
storm-agent/pom.xml c816644
Diff: https://reviews.apache.org/r/47789/diff/
Testing
-------
Tested in Secure Cluster.
For Ranger UI to work JAAS config for sorlclient has to be addded to ranger-admin-site.xml
For Ranger Plugins JASS config for sorlclient has to be addded to ranger-<component>-site.xml
Config to be added.
JAAS.inmemory.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
JAAS.inmemory.Client.loginModuleControlFlag=required
JAAS.inmemory.Client.option.useKeyTab=true
JAAS.inmemory.Client.option.debug=true
JAAS.inmemory.Client.option.doNotPrompt=true
JAAS.inmemory.Client.option.storeKey=false
JAAS.inmemory.Client.option.serviceName=solr
JAAS.inmemory.Client.option.keyTab=/etc/security/keytabs/solrclient.keytab
JAAS.inmemory.Client.option.principal=solrclient@EXAMPLE.COM
Thanks,
Ramesh Mani