[jira] [Comment Edited] (RANGER-3206) Enhance db_setup.py to allow reading env variables set in ranger-admin-env scripts

Sun, 16 May 2021 22:49:16 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-3206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17314674#comment-17314674
 ] 

Dineshkumar Yadav edited comment on RANGER-3206 at 5/17/21, 5:48 AM:
---------------------------------------------------------------------

comment : [Apache Commit 
|https://github.com/apache/ranger/commit/fce041bd2dc74d40482d3871fe653a5626a2d731]

Patch 2 for python 3 support
[Apache commit 
|https://github.com/apache/ranger/commit/f6b69ca5846de9a7dfced70ae8e403388ecb89fe]


was (Author: dineshkumar-yadav):
comment : [Apache Commit 
|https://github.com/apache/ranger/commit/fce041bd2dc74d40482d3871fe653a5626a2d731]

> Enhance db_setup.py to allow reading env variables set in ranger-admin-env 
> scripts
> ----------------------------------------------------------------------------------
>
>                 Key: RANGER-3206
>                 URL: https://issues.apache.org/jira/browse/RANGER-3206
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Dineshkumar Yadav
>            Assignee: Dineshkumar Yadav
>            Priority: Major
>
> During the upgrade Ranger admin may fail applying Java patch to change all 
> admin password if 
> hadoop.security.credstore.java-keystore-provider.password-file property is 
> set in core-site. 
> This option uses a “side file” that has its location configured in the 
> hadoop.security.credstore.java-keystore-provider.password-file configuration 
> property to communicate the password that should be used when interrogating 
> all of the keystores that are configured in the 
> hadoop.security.credential.provider.path configuration property.
> Repro steps: 
> 1. vi core-site.xml (under ranger conf path /etc/ranger/admin/conf )
> <property>
>     
> <name>hadoop.security.credstore.java-keystore-provider.password-file</name>
>     <value>secure/password</value>
> </property>
> 2. run db_setup.py to change the admin password 
> 3. /usr/bin/python db_setup.py -changepassword -pair <userid> <current_pass> 
> <new_pass>
> this will give exception java.io.IOException: Password file does not exist
> Solution : Enhanced db_setup.py to read environment value set in 
> ranger-admin-env*.sh 
> This fix required below manual steps before upgrade. 
> 1. ssh to ranger admin host
> 2. cd /etc/ranger/admin/conf/
> 3. vi ranger-admin-env-credstore.sh
> 4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the 
> "ranger-admin-env-credstore.sh" file
> 5. chown ranger:ranger ranger-admin-env-credstore.sh
> 6. chmod 755 ranger-admin-env-credstore.sh



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to