[jira] [Commented] (RANGER-1774) When the security admin and mysql service is not the same computer, the security admin was installed failed.

Thu, 14 Sep 2017 03:52:21 -0700 

    [ 
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16166068#comment-16166068
 ] 

Pradeep Agrawal commented on RANGER-1774:
-----------------------------------------

I installed MySQL 5.5.35 on centos : 
{code:java}
mysql> select version();
+-----------+
| version() |
+-----------+
| 5.5.35    |
+-----------+
1 row in set (0.00 sec)
{code}
After Install entries in mysql.user table was like this : 
{code:java}
mysql> select user,host from mysql.user;
+------+--------------+
| user | host         |
+------+--------------+
| root | 127.0.0.1    |
| root | ::1          |
| root | localhost    |
| root | pk-ear6694-1 |
+------+--------------+
{code}
After that, I created root user with '%' host and granted privileges. 
{code:java}
mysql>create user 'root'@'%' identified by 'root';
mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT 
OPTION;
mysql> select user,host from mysql.user;
+------+--------------+
| user | host         |
+------+--------------+
| root | %            |
| root | 127.0.0.1    |
| root | ::1          |
| root | localhost    |
| root | pk-ear6694-1 |
+------+--------------+
{code}
Added Ranger Host and MYSQL host entry in /etc/hosts file of both the node. For 
example in my case both the node have below given entries in /etc/hosts file.
{code:java}
172.22.112.148  pagrawal-mysql-ssl-1.openstacklocal     pagrawal-mysql-ssl-1    
pagrawal-mysql-ssl-1.openstacklocal.
172.22.93.14    pk-ear6694-1.openstacklocal     pk-ear6694-1    
pk-ear6694-1.openstacklocal.
{code}
On node *pagrawal-mysql-ssl-1* executed setup.sh script with below config : 
{code:java}
db_root_user=root
db_root_password=root
db_host=pk-ear6694-1.openstacklocal
db_name=ranger091401
db_user=ranger091401
db_password=ranger091401
{code}
Ranger installation completed successfully and entries in mysql.user are like 
this : 
{code:java}
mysql> select user,host from mysql.user;
+--------------+-----------------------------+
| user         | host                        |
+--------------+-----------------------------+
| ranger091401 | %                           |
| root         | %                           |
| root         | 127.0.0.1                   |
| root         | ::1                         |
| ranger091401 | localhost                   |
| root         | localhost                   |
| root         | pk-ear6694-1                |
| ranger091401 | pk-ear6694-1.openstacklocal |
+--------------+-----------------------------+
{code}
After above tried to run script with short host name; please refer below config 
for ranger installation
{code:java}
db_root_user=root
db_root_password=root
db_host=pk-ear6694-1
db_name=ranger091403
db_user=ranger091403
db_password=ranger091403
{code}
Ranger installation completed successfully and entries in mysql.user are like 
this : 
{code:java}
mysql> select user,host from mysql.user order by user;
+--------------+-----------------------------+
| user         | host                        |
+--------------+-----------------------------+
| ranger091401 | %                           |
| ranger091401 | pk-ear6694-1.openstacklocal |
| ranger091401 | localhost                   |
| ranger091403 | localhost                   |
| ranger091403 | pk-ear6694-1                |
| ranger091403 | %                           |
| root         | %                           |
| root         | ::1                         |
| root         | 127.0.0.1                   |
| root         | pk-ear6694-1                |
| root         | localhost                   |
+--------------+-----------------------------+
{code}
==> So its not reproducing at my end.

> When the security admin and mysql service is not the same computer, the 
> security admin was installed failed.
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1774
>                 URL: https://issues.apache.org/jira/browse/RANGER-1774
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 1.0.0, master
>            Reporter: peng.jianhua
>            Assignee: peng.jianhua
>              Labels: patch
>         Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to 
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525  [JISQL] /usr/java/jdk/bin/java  -cp 
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '********' -noheader 
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant 
> all privileges' command. That is the following code segment should be add the 
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ......
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with 
> grant option;\"" %(db_name,db_user, host)
> ......
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to