Re: Review Request 57127: The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.

Qiang Zhang Mon, 13 Mar 2017 21:07:09 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57127/
-----------------------------------------------------------


(Updated March 14, 2017, 4:06 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, 
Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-1415
    https://issues.apache.org/jira/browse/RANGER-1415


Repository: ranger


Description
-------

The ranger can be opened when the user enters http://localhost:6080/ in the 
browser address bar. But request policy from hadoop to ranger will failed after 
installing hdfs plugin if we set POLICY_MGR_URL equal to 
http://localhost:6080/.The error was as following:
2017-02-27 21:16:42,859 ERROR 
org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; 
service not found. secureMode=false, user=root (auth:SIMPLE), response=404, 
serviceName=hadoopdev, lastKnownVersion=4, 
lastActivationTimeInMillis=1488246663112
2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: 
PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up 
local cache of policies (4)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev
        at 
org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
        at 
org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170)
Reason:
The brower will remove the last '/' character when the user enters 
http://localhost:6080/ in the browser address bar. The rest request address 
will be 
http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev
 when hadoop periodically requests policy from ranger. The request will fail 
because there are two '/' character after 'Http://localhost:6080' in 
http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev.
 The result is that we can't see the hdfs plugins in audit web UI.

The program should be compatible with this situation like the browser. 

Scenario:
The issue can be reoccurred after we set the value of 
ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in 
../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml

Test and verify:
I carefully tested and verified the patch before commit the issue.


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
 9334607 


Diff: https://reviews.apache.org/r/57127/diff/6/

Changes: https://reviews.apache.org/r/57127/diff/5-6/


Testing
-------


Thanks,

Qiang Zhang

Re: Review Request 57127: The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing hdfs plugin if we set POLICY_MGR_URL equal to http://localhost:6080/.

Reply via email to