You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Jalpan Randeri (Jira)" <ji...@apache.org> on 2020/07/31 01:00:28 UTC
[jira] [Created] (RANGER-2936) Support for policy download mode
configuration on plugin
Jalpan Randeri created RANGER-2936:
--------------------------------------
Summary: Support for policy download mode configuration on plugin
Key: RANGER-2936
URL: https://issues.apache.org/jira/browse/RANGER-2936
Project: Ranger
Issue Type: Improvement
Components: plugins
Reporter: Jalpan Randeri
h3. Description
Ranger Plugins uses RangerAdminRESTClient to download policies. Ranger Admin server exposes two different endpoints for policy downloads
# Secure mode
# normal mode RangerAdminRESTClient select mode secure mode if Hadoop cluster is running in Kerberos. [https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java#L129]
Since, Ranger admin server is capable of managing heterogeneous Hadoop clusters. Ranger plugins are unable to communicate with Ranger admin server under following scenario
* Ranger Plugin is running on Hadoop cluster protected by Kerberos
* Ranger Admin server is running in non-Kerberos mode
Above mentioned scenario, ranger plugins are observing following error
{quote}
{{2020-06-13 03:47:20 WARN RangerAdminRESTClient:176 - [] Error getting policies.
secureMode=true,
user=hive (auth:KERBEROS),
response=
{"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
,
serviceName=hivedev}}
{quote}
h3. How to this patch mitigate issue?
This patch introduces boolean configuration {{ranger.plugin.\{service}.policyDownload.secureMode}} in RangerAdminRESTClient.
* true use secure mode to download policies
* false use simple mode to download policies
Plugin will read this configuration to determine policy download mode
--
This message was sent by Atlassian Jira
(v8.3.4#803005)