[jira] [Updated] (RANGER-3206) Enhance db_setup.py to allow reading env variables set in ranger-admin-env scripts

Tue, 24 Aug 2021 16:24:04 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-3206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-3206:
--------------------------------
    Fix Version/s: 2.2.0
                   3.0.0

> Enhance db_setup.py to allow reading env variables set in ranger-admin-env 
> scripts
> ----------------------------------------------------------------------------------
>
>                 Key: RANGER-3206
>                 URL: https://issues.apache.org/jira/browse/RANGER-3206
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Dineshkumar Yadav
>            Assignee: Dineshkumar Yadav
>            Priority: Major
>             Fix For: 3.0.0, 2.2.0
>
>
> During the upgrade Ranger admin may fail applying Java patch to change all 
> admin password if 
> hadoop.security.credstore.java-keystore-provider.password-file property is 
> set in core-site. 
> This option uses a “side file” that has its location configured in the 
> hadoop.security.credstore.java-keystore-provider.password-file configuration 
> property to communicate the password that should be used when interrogating 
> all of the keystores that are configured in the 
> hadoop.security.credential.provider.path configuration property.
> Repro steps: 
> 1. vi core-site.xml (under ranger conf path /etc/ranger/admin/conf )
> <property>
>     
> <name>hadoop.security.credstore.java-keystore-provider.password-file</name>
>     <value>secure/password</value>
> </property>
> 2. run db_setup.py to change the admin password 
> 3. /usr/bin/python db_setup.py -changepassword -pair <userid> <current_pass> 
> <new_pass>
> this will give exception java.io.IOException: Password file does not exist
> Solution : Enhanced db_setup.py to read environment value set in 
> ranger-admin-env*.sh 
> This fix required below manual steps before upgrade. 
> 1. ssh to ranger admin host
> 2. cd /etc/ranger/admin/conf/
> 3. vi ranger-admin-env-credstore.sh
> 4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the 
> "ranger-admin-env-credstore.sh" file
> 5. chown ranger:ranger ranger-admin-env-credstore.sh
> 6. chmod 755 ranger-admin-env-credstore.sh



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to