You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Kirby Zhou <ki...@gmail.com> on 2022/03/02 03:51:03 UTC
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/
-----------------------------------------------------------
(Updated 三月 2, 2022, 3:51 a.m.)
Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
Summary (updated)
-----------------
RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Bugs: RANGER-3612
https://issues.apache.org/jira/browse/RANGER-3612
Repository: ranger
Description
-------
If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
There seems only one chance for plugin to auth to KDC, so it can not auto recover.
And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
This situation is too unfriendly to administrators.
KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
Diffs
-----
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
Diff: https://reviews.apache.org/r/73841/diff/1/
Testing
-------
mvn clean compile package test
Thanks,
Kirby Zhou
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Posted by Kirby Zhou <ki...@gmail.com>.
> On 五月 10, 2022, 6:16 a.m., bhavik patel wrote:
> > Ship It!
Thanks, can anybody else review it?
- Kirby
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/#review224429
-----------------------------------------------------------
On 三月 2, 2022, 3:51 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73841/
> -----------------------------------------------------------
>
> (Updated 三月 2, 2022, 3:51 a.m.)
>
>
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3612
> https://issues.apache.org/jira/browse/RANGER-3612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
>
> ]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
> 2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
>
> There seems only one chance for plugin to auth to KDC, so it can not auto recover.
> And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
>
> This situation is too unfriendly to administrators.
> KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
>
> My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
> plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
> ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
>
>
> Diff: https://reviews.apache.org/r/73841/diff/1/
>
>
> Testing
> -------
>
> mvn clean compile package test
>
>
> Thanks,
>
> Kirby Zhou
>
>
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/#review224429
-----------------------------------------------------------
Ship it!
Ship It!
- bhavik patel
On March 2, 2022, 3:51 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73841/
> -----------------------------------------------------------
>
> (Updated March 2, 2022, 3:51 a.m.)
>
>
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3612
> https://issues.apache.org/jira/browse/RANGER-3612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
>
> ]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
> 2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
>
> There seems only one chance for plugin to auth to KDC, so it can not auto recover.
> And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
>
> This situation is too unfriendly to administrators.
> KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
>
> My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
> plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
> ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
>
>
> Diff: https://reviews.apache.org/r/73841/diff/1/
>
>
> Testing
> -------
>
> mvn clean compile package test
>
>
> Thanks,
>
> Kirby Zhou
>
>
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Posted by Kirby Zhou <ki...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/#review224491
-----------------------------------------------------------
Any other idea?
- Kirby Zhou
On 三月 2, 2022, 3:51 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73841/
> -----------------------------------------------------------
>
> (Updated 三月 2, 2022, 3:51 a.m.)
>
>
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3612
> https://issues.apache.org/jira/browse/RANGER-3612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
>
> ]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
> 2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
>
> There seems only one chance for plugin to auth to KDC, so it can not auto recover.
> And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
>
> This situation is too unfriendly to administrators.
> KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
>
> My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
> plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
> ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
>
>
> Diff: https://reviews.apache.org/r/73841/diff/1/
>
>
> Testing
> -------
>
> mvn clean compile package test
>
>
> Thanks,
>
> Kirby Zhou
>
>
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Posted by Kirby Zhou <ki...@gmail.com>.
> On 四月 8, 2022, 6:12 a.m., bhavik patel wrote:
> > your patch is Supporting auto recovery when KDC is down for sometime?
>
> Kirby Zhou wrote:
> If KDC is up at startup, and then down for sometime, This situation is already supported by the old code.
>
> My patch is to let KMS quit directly if it can't connect to KDC or fails to authenticate during the startup phase.
Any idea?
- Kirby
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/#review224272
-----------------------------------------------------------
On 三月 2, 2022, 3:51 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73841/
> -----------------------------------------------------------
>
> (Updated 三月 2, 2022, 3:51 a.m.)
>
>
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3612
> https://issues.apache.org/jira/browse/RANGER-3612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
>
> ]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
> 2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
>
> There seems only one chance for plugin to auth to KDC, so it can not auto recover.
> And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
>
> This situation is too unfriendly to administrators.
> KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
>
> My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
> plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
> ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
>
>
> Diff: https://reviews.apache.org/r/73841/diff/1/
>
>
> Testing
> -------
>
> mvn clean compile package test
>
>
> Thanks,
>
> Kirby Zhou
>
>
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Posted by Kirby Zhou <ki...@gmail.com>.
> On 四月 8, 2022, 6:12 a.m., bhavik patel wrote:
> > your patch is Supporting auto recovery when KDC is down for sometime?
If KDC is up at startup, and then down for sometime, This situation is already supported by the old code.
My patch is to let KMS quit directly if it can't connect to KDC or fails to authenticate during the startup phase.
- Kirby
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/#review224272
-----------------------------------------------------------
On 三月 2, 2022, 3:51 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73841/
> -----------------------------------------------------------
>
> (Updated 三月 2, 2022, 3:51 a.m.)
>
>
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3612
> https://issues.apache.org/jira/browse/RANGER-3612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
>
> ]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
> 2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
>
> There seems only one chance for plugin to auth to KDC, so it can not auto recover.
> And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
>
> This situation is too unfriendly to administrators.
> KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
>
> My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
> plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
> ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
>
>
> Diff: https://reviews.apache.org/r/73841/diff/1/
>
>
> Testing
> -------
>
> mvn clean compile package test
>
>
> Thanks,
>
> Kirby Zhou
>
>
Re: Review Request 73841: RANGER-3612: Ranger plugin should cause kms to fail at startup when auth to krb5 failed.
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73841/#review224272
-----------------------------------------------------------
your patch is Supporting auto recovery when KDC is down for sometime?
- bhavik patel
On March 2, 2022, 3:51 a.m., Kirby Zhou wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73841/
> -----------------------------------------------------------
>
> (Updated March 2, 2022, 3:51 a.m.)
>
>
> Review request for ranger, Bhavik Bavishi, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3612
> https://issues.apache.org/jira/browse/RANGER-3612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If we install ranger agent to KMS, the agent would auth itself to KDC at startup. But if it failed due to network or keytab problem, it just print a log in ranger-kms-<hostname>.log, and the KMS can never recover to refresh its policies.
>
> ]$ tail -f log/ranger-kms-ranger_kms-.log | fgrep ERROR
> 2022-02-09 19:00:18,227 ERROR MiscUtil - Failed to login with given keytab and principal
>
> There seems only one chance for plugin to auth to KDC, so it can not auto recover.
> And MiscUtil.authWithKerberos never fail when auth failed, so KMS would not die when the plugin failed.
>
> This situation is too unfriendly to administrators.
> KMS should either Die or Auto-Recover when its ranger-agent auth to KDC failed.
>
> My patch here is let it die on startup. Auto recovery is only useful when KDC temporarily unavailable.
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b69e27693
> plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 799eb322c
> ranger-kms-plugin-shim/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 7fa36ce79
>
>
> Diff: https://reviews.apache.org/r/73841/diff/1/
>
>
> Testing
> -------
>
> mvn clean compile package test
>
>
> Thanks,
>
> Kirby Zhou
>
>