[
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165446#comment-16165446
]
peng.jianhua edited comment on RANGER-1774 at 9/13/17 11:10 PM:
----------------------------------------------------------------
[~vperiasamy], I configured the rangeradmin in install.properties to provide
privileges (with grant option) to 'rangeradmin'@'%'. I can see two records,
which are the right result we hope, after executed "select user,host from
mysql.user" command. Please refer to grant-privileges.png.
This problem only appears in a specific database version, such as 5.5.35-log,
To be able to access specific version mysql, the ip address of the computer
installed Ranger must be set explicitly.In other words, set the %, other
machines can not also access the specific version mysql.
We should add the ip address of the computer installed Ranger. This has the
following advantages:
1. Does not affect the existing program logic and functionality.
2. Resolved the problem that can not access specific mysql version, such as
the issue.
Do you agree with this view? That is to say we modify the issue to solve the
problem and there is no any harm.
was (Author: peng.jianhua):
[~vperiasamy], I configured the rangeradmin in install.properties to provide
privileges (with grant option) to 'rangeradmin'@'%'. I can see two records,
which are the right result we hope, after executed "select user,host from
mysql.user" command.
This problem only appears in a specific database version, such as 5.5.35-log,
To be able to access specific version mysql, the ip address of the computer
installed Ranger must be set explicitly.In other words, set the %, other
machines can not also access the specific version mysql.
We should add the ip address of the computer installed Ranger. This has the
following advantages:
1. Does not affect the existing program logic and functionality.
2. Resolved the problem that can not access specific mysql version, such as
the issue.
Do you agree with this view? That is to say we modify the issue to solve the
problem and there is no any harm.
> When the security admin and mysql service is not the same computer, the
> security admin was installed failed.
> ------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 1.0.0, master
> Reporter: peng.jianhua
> Assignee: peng.jianhua
> Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525 [JISQL] /usr/java/jdk/bin/java -cp
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
> org.apache.util.sql.Jisql -driver mysqlconj -cstring
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '********' -noheader
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant
> all privileges' command. That is the following code segment should be add the
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ......
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with
> grant option;\"" %(db_name,db_user, host)
> ......
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
