[
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16164194#comment-16164194
]
peng.jianhua edited comment on RANGER-1774 at 9/13/17 6:27 AM:
---------------------------------------------------------------
Hi [~pradeep.agrawal], Please refer to grant-privileges.png.
Hi [~vperiasamy], I have provided mysql privileges "with grant option". I
installed Ranger in 10.43.183.133. And we can see two records after executed
"select user,host from mysql.user" command. Please refer to
grant-privileges.png. The ip address of localhost is 10.43.183.132. The mysql
was installed in 10.43.183.132 and the Ranger was installed in 10.43.183.133.
The issue is based on these configurations.
The install is ok once I grant privilege for 10.43.183.133.
In addition, from the security point of view, we can only let the computer,
which installed Ranger, access mysql service, rather than let all computers can
access mysql services using rangeradmin user. Do you think this view is
reasonable?
The two following question will be fixed if we resolved the issue:
1. Resolve security access issues.
2. Resolve install error when Ranger and mysql are installed on different
machines.
was (Author: peng.jianhua):
Hi [~pradeep.agrawal], Please refer to grant-privileges.png.
Hi [~vperiasamy], I have provided mysql privileges "with grant option". I
installed Ranger in 10.43.183.133. And we can see two records after executed
"select user,host from mysql.user" command. Please refer to
grant-privileges.png. The ip address of localhost is 10.43.183.132. The mysql
was installed in 10.43.183.132 and the Ranger was installed in 10.43.183.133.
The issue is based on these configurations.
The install is ok once I grant privilege for 10.43.183.133.
In addition, from the security point of view, we can only let the computer,
which installed Ranger, access mysql service, rather than let all computers can
access mysql services. Do you think this view is reasonable?
The two following question will be fixed if we resolved the issue:
1. Resolve security access issues.
2. Resolve install error when Ranger and mysql are installed on different
machines.
> When the security admin and mysql service is not the same computer, the
> security admin was installed failed.
> ------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 1.0.0, master
> Reporter: peng.jianhua
> Assignee: peng.jianhua
> Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525 [JISQL] /usr/java/jdk/bin/java -cp
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
> org.apache.util.sql.Jisql -driver mysqlconj -cstring
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '********' -noheader
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant
> all privileges' command. That is the following code segment should be add the
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ......
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with
> grant option;\"" %(db_name,db_user, host)
> ......
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
