ramackri opened a new pull request, #1007: URL: https://github.com/apache/ranger/pull/1007
## Summary Fixes [RANGER-5640](https://issues.apache.org/jira/browse/RANGER-5640). Ranger’s Ozone plugin compiles against **Ozone 2.1.0** (`pom.xml`, RANGER-5393 / AssumeRole), but `dev-support/ranger-docker` still ran **Ozone 1.4.0** at runtime after RANGER-5637 (#1006). That mismatch caused Docker / Tier 4 E2E failures: - **`NoSuchMethodError: RequestContext.getSessionPolicy()`** — plugin bytecode references a 2.1 API; Ozone 1.4 OM classpath has no such method → all `checkAccess()` calls deny. - **Missing audit-server destination JARs** — `plugin-ozone.xml` moduleSet lists audit modules, but the binaries whitelist omitted `ranger-audit-core` / `ranger-audit-dest-auditserver` → `providerName=auditserver` fails at runtime. This PR: 1. **Bumps Docker Ozone runtime to 2.1.0** — `OZONE_VERSION=2.1.0` in `.env`, aligned with the plugin compile target. 2. **Switches `ozone-runner` to JDK 21** — `OZONE_RUNNER_VERSION=20260106-1-jdk21` (Ozone 2.0+ requires jdk21 runner; multi-arch arm64+amd64). `Dockerfile.ranger-ozone` default ARG kept in sync. 3. **Packages audit-server JARs explicitly** — adds `ranger-audit-core`, `ranger-audit-dest-auditserver`, and other Ranger plugin module JARs to the `lib/libext/ranger-ozone-plugin-impl` assembly whitelist in `distro/src/main/assembly/plugin-ozone.xml`. ## Files changed | File | Change | |------|--------| | `dev-support/ranger-docker/.env` | `OZONE_VERSION` 1.4.0 → 2.1.0; runner 20241108-jdk17-1 → 20260106-1-jdk21 | | `dev-support/ranger-docker/Dockerfile.ranger-ozone` | Sync default `OZONE_RUNNER_VERSION` | | `distro/src/main/assembly/plugin-ozone.xml` | Explicit Ranger audit + plugin JAR includes in binaries whitelist | ## Test plan - [x] `./download-archives.sh ozone` — `ozone-2.1.0.tar.gz` downloads from `archive.apache.org` and extracts to `downloads/ozone-2.1.0/bin/ozone` - [x] `docker pull apache/ozone-runner:20260106-1-jdk21` — multi-arch image available (arm64 + amd64) - [x] Prior Tier 4 local validation (Ozone plugin + audit-server destination + ingestor → Solr) on branch WIP with these settings — `volume create` / `bucket create` authorized; Solr `repo:dev_ozone` events observed; no `NoSuchMethodError: getSessionPolicy` when OM runs Ozone 2.1 - [ ] `mvn package -Pranger-ozone-plugin` — verify `ranger-*-ozone-plugin.tar.gz` contains `ranger-audit-core-*.jar` and `ranger-audit-dest-auditserver-*.jar` under `lib/libext/ranger-ozone-plugin-impl/` - [ ] GitHub Actions `plugins-docker-build` — ozone-scm / ozone-datanode / ozone-om containers start with updated `.env` cache key ## Notes - Tier 4 docker compose/scripts/docs remain local WIP on this branch (not in this PR). - `RangerOzoneAuthorizer` reflection shim for Ozone < 2.1 is out of scope here; bumping Docker to 2.1 removes the need for that workaround in CI/Docker. Made with [Cursor](https://cursor.com) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
