Srimanth Gunturi created AMBARI-9626:
----------------------------------------
Summary: Enabling ranger plugin config should modify dependent
configs
Key: AMBARI-9626
URL: https://issues.apache.org/jira/browse/AMBARI-9626
Project: Ambari
Issue Type: Bug
Components: ambari-web
Affects Versions: 2.0.0
Reporter: Srimanth Gunturi
Assignee: Srimanth Gunturi
Fix For: 2.0.0
h4. Changes required for enabling Ranger plugin
*+HDFS+*
||Property||Value||File||
|dfs.permissions.enabled|*true*|hdfs-site.xml|
-|dfs.permissions|*true*|hdfs-site.xml|- <- crossing out since this is only
for backward compatibility and no longer needed
*+HIVE+*
||Property||Value||File||
|hive.security.authorization.enabled|*true*|hive-site.xml|
|hive.security.authorization.manager|*com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory*|hiveserver2-site.xml|
|hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|
|hive.conf.restricted.list|*Must contain all elements of
hive.security.authorization.enabled,
hive.security.authorization.manager,hive.security.authenticator.manager*|hive-site.xml|
*+HBASE+*
||Property||Value||File||
|hbase.security.authorization|*true*|hbase-site.xml|
|hbase.coprocessor.master.classes|Replace
org.apache.hadoop.hbase.security.access.AccessController with
*com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor* and add if
not present|hbase-site.xml|
|hbase.coprocessor.region.classes|Replace
org.apache.hadoop.hbase.security.access.AccessController with
*com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml|
|hbase.rpc.protection|*privacy*|hbase-site.xml|
-|hbase.rpc.engine|*org.apache.hadoop.hbase.ipc.SecureRpcEngine*|hbase-site.xml|-
<- crossing out since this is no longer needed by HBase
*+KNOX+*
Replace instances of {{AclsAuthz}} with {{XASecurePDPKnox}} in all xml files
under the topologies directory
*+STORM+*
||Property||Value||File||
|nimbus.authorizer|*com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer*|storm.yaml|
Note that nimbus.authorizer should be added only when the cluster is already
Kerberized; having this property in a non-Kerberized cluster causes Storm to
fail.
h4. Changes required for disabling Ranger plugin
*+HDFS+*
||Property||Value||File||
*+HIVE+*
||Property||Value||File||
|hive.security.authorization.manager|*org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory*|hiveserver2-site.xml|
|hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|
*+HBASE+*
||Property||Value||File||
|hbase.coprocessor.master.classes|*Remove
com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
|hbase.coprocessor.region.classes|*Remove
com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
|hbase.rpc.protection|*authentication*|hbase-site.xml|
*+KNOX+*
Replace instance of {{XASecurePDPKnox}} with {{AclsAuthz}} in all xml files
under the topologies directory
*+STORM+*
||Property||Value||File||
|nimbus.authorizer|*backtype.storm.security.auth.authorizer.SimpleACLAuthorizer*
-com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer-|storm.yaml|
Note that nimbus.authorizer should be added only when the cluster is already
Kerberized; having this property in a non-Kerberized cluster causes Storm to
fail.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
