[jira] [Updated] (AMBARI-16084) [RU] Hbase is losing table access permissions during upgrade.

Sun, 24 Apr 2016 11:53:46 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-16084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmitry Lysnichenko updated AMBARI-16084:
----------------------------------------
    Attachment: AMBARI-16084.patch

> [RU] Hbase is losing table access permissions during upgrade.
> -------------------------------------------------------------
>
>                 Key: AMBARI-16084
>                 URL: https://issues.apache.org/jira/browse/AMBARI-16084
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>         Attachments: AMBARI-16084.patch
>
>
> So here's where we are:
> - https://reviews.apache.org/r/45890/diff/2#index_header removed hard-coded 
> python code which was trying to figure out which coprocessor to use. With 
> these values gone, it's now up to Ambari to set the _right_ value in the 
> configurations.
> - However, after removing the above code, we never change the ranger 
> configurations to reflect the proper value
> - To fix this, we need to fix the values on Ambari upgrade. When upgrading 
> Ambari from 2.0, we'll need to do the following:
> -- If Ranger is disabled; do nothing
> -- If Ranger is enabled and the cluster's current stack is HDP 2.2, then set 
> the master/region coprocessors to
> {code}
> hbase_coprocessor_master_classes = 
> "com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
> hbase_coprocessor_regionserver_classes = 
> "com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
> hbase_coprocessor_region_classes = 
> "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
> {code}
> -- If Ranger is enabled and the cluster's current stack is HDP 2.3, then set 
> the master/region coprocessors to
> {code}
> hbase_coprocessor_master_classes = 
> "org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor "
> hbase_coprocessor_regionserver_classes = 
> "org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor"
> hbase_coprocessor_region_classes = 
> "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor"
> {code}
> Now HDP stack upgrades will work since we look for 
> {{XaSecureAuthorizationCoprocessor}} and change it to 
> {{RangerAuthorizationCoprocessor}} as needed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to