Re: Review Request 55135: RANGER-1288 : Add SSL enabled MySQL support in Ranger Admin

Tue, 17 Jan 2017 10:03:12 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/55135/#review161895
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Jan. 3, 2017, 12:45 p.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/55135/
> -----------------------------------------------------------
> 
> (Updated Jan. 3, 2017, 12:45 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1288
>     https://issues.apache.org/jira/browse/RANGER-1288
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Ranger can not communicate to ssl enabled MySQL server
> 
> **Proposed Solution:** 
> To connect to a SSL Enabled MySQL Server JDBC connection string could be : 
> "jdbc:mysql://127.0.0.1:3306/ranger?verifyServerCertificate=false&useSSL=true&requireSSL=true".
> The 'useSSL=true' property is added to the JDBC URL to attempt to communicate 
> via SSL. 
> The 'verifyServerCerticate=false' property is set to bypass certificate 
> validation.
> The 'requireSSL=true' property is set to refuse to connect if the MySQL 
> server does not support SSL. If user want to connect using truststore then he 
> can configure truststore files(certificate information for the mysql server 
> and client both). 
> Ranger application and jisql utility should know from where to pick the 
> certificates which can be set in System properties like this :
> -Djavax.net.ssl.keyStore=path_to_keystore_file
> -Djavax.net.ssl.keyStorePassword=password
> -Djavax.net.ssl.trustStore=path_to_truststore_file
> -Djavax.net.ssl.trustStorePassword=password
> 
> Following properties have been added in install.properties to add SSL enabled 
> MySQL configuration in ranger admin: 
> 
> db_ssl_enabled=false
> db_ssl_required=false
> db_ssl_verifyServerCertificate=false
> javax_net_ssl_keyStore=/etc/mysql/keystore
> javax_net_ssl_keyStorePassword=secret
> javax_net_ssl_trustStore=/etc/mysql/truststore
> javax_net_ssl_trustStorePassword=secret
> 
> 
> Diffs
> -----
> 
>   embeddedwebserver/scripts/ranger-admin-services.sh c19598a 
>   kms/config/kms-webapp/dbks-site.xml ebf06d7 
>   kms/scripts/db_setup.py f1342fd 
>   kms/scripts/dba_script.py 4366743 
>   kms/scripts/install.properties d07dc2c 
>   kms/scripts/setup.sh 568350b 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java f350dce 
>   plugin-kms/scripts/enable-kms-plugin.sh b2701a8 
>   security-admin/scripts/db_setup.py 430aa47 
>   security-admin/scripts/dba_script.py 1b29c75 
>   security-admin/scripts/install.properties 693129f 
>   security-admin/scripts/setup.sh 82250b1 
>   security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
> 5636ed3 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> e73b6c6 
> 
> Diff: https://reviews.apache.org/r/55135/diff/
> 
> 
> Testing
> -------
> 
> **Steps Performed(with patch):**
> 1. Installed MySQL and enabled SSL with the help of doc : 
> http://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
> https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
> 
> 2. Untar ranger-admin from Build having changes of proposed patch.
> 3. Provided ranger db root and admin db details in install.properties.
> 4. Provided values in below introduced properties of install.properties file.
> db_ssl_enabled=true
> db_ssl_required=true
> db_ssl_verifyServerCertificate=true
> javax_net_ssl_keyStore=/root/keystore
> javax_net_ssl_keyStorePassword=secret
> javax_net_ssl_trustStore=/root/truststore
> javax_net_ssl_trustStorePassword=secret
> 
> 5. Executed setup.sh script.
> 6. Tried to start ranger admin service.
> 
> **Expected behaviour :** Ranger admin should start normally and User should 
> able to see Dashboard page after login.
> 
> **Actual behaviour :** Ranger admin was started and was able to login and see 
> Ranger UI.
> 
> **Note :** Tried below combination of SSL properties also with different 
> ranger db combination to install ranger.
> 
> **db_ssl_enabled | db_ssl_required | db_ssl_verifyServerCertificate**
> true           |true             |true
> true           |true             |false
> true           |false            |true
> true           |false            |false
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Reply via email to