You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/11/24 14:20:11 UTC

[jira] [Commented] (AMBARI-14036) Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)

    [ https://issues.apache.org/jira/browse/AMBARI-14036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15024493#comment-15024493 ] 

Hadoop QA commented on AMBARI-14036:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12774048/AMBARI-14036.patch
  against trunk revision .

    {color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/4381//console

This message is automatically generated.

> Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
> ------------------------------------------------------------------------------------
>
>                 Key: AMBARI-14036
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14036
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.3
>            Reporter: Vitaly Brodetskyi
>            Assignee: Vitaly Brodetskyi
>            Priority: Critical
>             Fix For: 2.1.3
>
>         Attachments: AMBARI-14036.patch
>
>
> Basic implementation AMBARI-9587
> *1st task:*
> While upgrading a cluster above 2.0.0 Ambari version, if knox topology file is present without authorization provider then add correct authorization provider i.e
> # If Ranger plugin is not enabled for Knox then
> {code}
> <provider> <role>authorization</role> <name>AclsAuthz</name> <enabled>true</enabled> </provider> 
> {code}
> # If Ranger plugin for knox is enabled then
> {code}
> <provider> <role>authorization</role> <name>XASecurePDPKnox</name> <enabled>true</enabled> </provider> 
> {code}
> NOTE: If this logic is going in upgrade catalog for 2.0.0 then we can simply modify knox topology to add "<provider> <role>authorization</role> <name>AclsAuthz</name> <enabled>true</enabled> </provider>" as Ranger service itself was added in 2.0.0 
> *2nd task:*
> Stack advisor right now recommends the value of authorization provider in topology file when ranger plugin is enabled or disabled. But this will happen only if authorization provider tag is present in topology file or else the recommendation logic will be skipped. Stack advisor code needs to be changed so that while enabling or disabling ranger plugin for knox if authorization provider tag does not exist then the corresponding authorization provider tag should be added while sending back recommendation to ambari-web.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)