Re: Review Request 73226: RANGER-3206 : Enhance db_setup.py to allow reading env variables set in ranger-admin-env scripts

Sun, 04 Apr 2021 22:16:50 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73226/#review222776
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On April 5, 2021, 5:13 a.m., Dineshkumar Yadav wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73226/
> -----------------------------------------------------------
> 
> (Updated April 5, 2021, 5:13 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Kishor Gollapalliwar, Abhay 
> Kulkarni, Mehul Parikh, Nitin Galave, and Vishal Suvagia.
> 
> 
> Bugs: RANGER-3206
>     https://issues.apache.org/jira/browse/RANGER-3206
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> During the upgrade Ranger admin may fail applying Java patch to change all 
> admin password if 
> hadoop.security.credstore.java-keystore-provider.password-file property is 
> set in core-site.
> 
> This option uses a “side file” that has its location configured in the 
> hadoop.security.credstore.java-keystore-provider.password-file configuration 
> property to communicate the password that should be used when interrogating 
> all of the keystores that are configured in the 
> hadoop.security.credential.provider.path configuration property.
> 
> Solution : Enhanced db_setup.py to read environment value set in 
> ranger-admin-env*.sh
> This fix required below manual steps before upgrade. 
> 1. ssh to ranger admin host
> 2. cd /etc/ranger/admin/conf/
> 3. vi ranger-admin-env-credstore.sh
> 4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the 
> "ranger-admin-env-credstore.sh" file
> 5. chown ranger:ranger ranger-admin-env-credstore.sh
> 6. chmod 755 ranger-admin-env-credstore.sh
> 
> 
> Diffs
> -----
> 
>   security-admin/scripts/db_setup.py 724a47b5a 
> 
> 
> Diff: https://reviews.apache.org/r/73226/diff/2/
> 
> 
> Testing
> -------
> 
> use case:
> 
> 1. vi core-site.xml (under ranger conf path /etc/ranger/admin/conf in HDP or 
> add from CM UI in HDFS service wide config)
> <property>
> <name>hadoop.security.credstore.java-keystore-provider.password-file</name>
> <value>secure/password</value>
> </property>
> 2. run db_setup.py to change the admin password 
> 3. /usr/bin/python db_setup.py -changepassword -pair <userid> <current_pass> 
> <new_pass>
> this will give exception 
> 
> after the fix db_setup.py runs successfully and the password gets changed.
> 
> 
> Thanks,
> 
> Dineshkumar Yadav
> 
>

Reply via email to