----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73226/ -----------------------------------------------------------
(Updated March 31, 2021, 1:01 p.m.) Review request for ranger, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, and Vishal Suvagia. Repository: ranger Description ------- During the upgrade Ranger admin may fail applying Java patch to change all admin password if hadoop.security.credstore.java-keystore-provider.password-file property is set in core-site. This option uses a “side file” that has its location configured in the hadoop.security.credstore.java-keystore-provider.password-file configuration property to communicate the password that should be used when interrogating all of the keystores that are configured in the hadoop.security.credential.provider.path configuration property. Solution : Enhanced db_setup.py to read environment value set in ranger-admin-env*.sh This fix required below manual steps before upgrade. 1. ssh to ranger admin host 2. cd /etc/ranger/admin/conf/ 3. vi ranger-admin-env-credstore.sh 4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the "ranger-admin-env-credstore.sh" file 5. chown ranger:ranger ranger-admin-env-credstore.sh 6. chmod 755 ranger-admin-env-credstore.sh Diffs ----- security-admin/scripts/db_setup.py 724a47b5a Diff: https://reviews.apache.org/r/73226/diff/2/ Testing ------- use case: 1. vi core-site.xml (under ranger conf path /etc/ranger/admin/conf in HDP or add from CM UI in HDFS service wide config) <property> <name>hadoop.security.credstore.java-keystore-provider.password-file</name> <value>secure/password</value> </property> 2. run db_setup.py to change the admin password 3. /usr/bin/python db_setup.py -changepassword -pair <userid> <current_pass> <new_pass> this will give exception after the fix db_setup.py runs successfully and the password gets changed. Thanks, Dineshkumar Yadav
