[
https://issues.apache.org/jira/browse/AMBARI-25929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
caijialiang updated AMBARI-25929:
---------------------------------
Description:
Add ranger 2.4 support in ambari bigtop stacks
h3. Currently, the work of adapting Ranger to Bigtop and Ambari has been
completed. Due to the large number of issues involved in the adaptation, they
are summarized as follows:
h2. apache ambari related issues
The main issues related to adapting Ranger in Ambari 2.8 are related to the
advisor functionality. Enabling Ranger would trigger the advisor to recommend
updates to the component's Ranger-related configurations, thus adapting Ranger
requires fixing this part first. Otherwise, after enabling Ranger plugin in
Ambari, manual updates to the Ranger-related configurations would still be
required.
1.AMBARI-25894: Missing file service_advisor.py in some serivces (merged)
[https://github.com/apache/ambari/pull/3677
|https://github.com/apache/ambari/pull/3677]
2.AMBARI-25932: Wrong config file name in spark service advisor ({*}merged{*})
https://issues.apache.org/jira/browse/AMBARI-25932
h2. ambari ranger support related issues:
Here, we additionally adapted Ambari Infra because the Ambari Ranger service
relies on the Infra client to perform Solr-related automation settings for
Ranger.
h4. 1.ambari infra PR
1.Add support for Ambari Infra in Ambari 2.8 wait for review ({*}merged{*})
https://issues.apache.org/jira/browse/AMBARI-25933
h4. 2.ambari ranger service support (wait for merge in next version)
https://issues.apache.org/jira/browse/AMBARI-25929
h4. 3.ambari infra service support wait for review (merged)
[https://github.com/apache/ambari/pull/3696]
h2. apache bigtop related issues
To adapt Ranger to Ambari, we need to first build RPM packages related to
Ranger using Bigtop. The following are the pull requests required for Bigtop to
support Ranger.
1.BIGTOP-3925 ranger support {*}({*}{*}merged{*}{*}){*}
[https://github.com/apache/bigtop/pull/1100]
2.BIGTOP-3923: Add missing jars for Ranger {*}({*}{*}merged{*}{*}){*}
[https://github.com/apache/bigtop/pull/1099]
3.BIGTOP-3910: Bigtop-select support Ranger ({*}merged{*})
[https://github.com/apache/bigtop/pull/1089]
4.BIGTOP-3950: fix ranger etc conf dir (in review)
[https://github.com/apache/bigtop/pull/1120]
Bigtop support for Ranger requires three PRs:
# BIGTOP-3925: This PR mainly addresses issues with Ranger RPM packaging and
includes a patch that resolves problems with starting HBase after integrating
with Ranger.
# BIGTOP-3923: This PR addresses package dependency issues when running "java
-cp '/usr/bigtop/current/ranger-usersync/lib/*'
org.apache.ranger.credentialapi.buildks create
ranger.usersync.policymgr.password -value [PROTECTED] -provider
jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks" command.
# BIGTOP-3910: This PR adds support for Ranger in Bigtop-select.
h3. ranger related issues:
These are the PRs encountered during the process of adapting Ranger in Bigtop
Ambari. All 3 PRs have been made into patches and submitted to the
aforementioned Bigtop Ranger support-related PRs. The review of the related
issues on the Ranger side is also currently underway.
1.fix Kafka2.8 can't restart after enable ranger plugin
https://issues.apache.org/jira/browse/RANGER-4228 wait for review
2.addresses the issue of HBase not starting after integrating with Ranger due
to class loading order
https://issues.apache.org/jira/browse/RANGER-4201 wait for review
3.mainly addresses the missing dependency issue when running the Ranger command
"java -cp '/usr/bigtop/current/ranger-usersync/lib/*'
org.apache.ranger.credentialapi.buildks create
ranger.usersync.policymgr.password -value [PROTECTED] -provider
jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks".
https://issues.apache.org/jira/browse/RANGER-3992 wait for review
manual test:
before enable kerberos all compoent works smoonthly
!image-2023-05-09-11-08-47-864.png!
!image-2023-05-09-11-08-57-472.png!
after enable kerberos all compoent works smoonthly
!image-2023-05-09-11-09-14-373.png!
!image-2023-05-09-11-09-22-441.png!
was:
Add ranger 2.4 support in ambari bigtop stacks
h3. Currently, the work of adapting Ranger to Bigtop and Ambari has been
completed. Due to the large number of issues involved in the adaptation, they
are summarized as follows:
h2. apache ambari related issues
The main issues related to adapting Ranger in Ambari 2.8 are related to the
advisor functionality. Enabling Ranger would trigger the advisor to recommend
updates to the component's Ranger-related configurations, thus adapting Ranger
requires fixing this part first. Otherwise, after enabling Ranger plugin in
Ambari, manual updates to the Ranger-related configurations would still be
required.
1.AMBARI-25894: Missing file service_advisor.py in some serivces ({*}wait
for review{*})
[https://github.com/apache/ambari/pull/3677
|https://github.com/apache/ambari/pull/3677]
2.AMBARI-25932: Wrong config file name in spark service advisor ({*}merged{*})
https://issues.apache.org/jira/browse/AMBARI-25932
h2. ambari ranger support related issues:
Here, we additionally adapted Ambari Infra because the Ambari Ranger service
relies on the Infra client to perform Solr-related automation settings for
Ranger.
h4. 1.ambari infra PR
1.Add support for Ambari Infra in Ambari 2.8 wait for review ({*}wait for
review{*})
https://issues.apache.org/jira/browse/AMBARI-25933
h4. 2.ambari ranger service support (wait for review)
https://issues.apache.org/jira/browse/AMBARI-25929
h4. 3.ambari infra service support wait for review (wait for review)
[https://github.com/apache/ambari/pull/3696]
h2. apache bigtop related issues
To adapt Ranger to Ambari, we need to first build RPM packages related to
Ranger using Bigtop. The following are the pull requests required for Bigtop to
support Ranger.
1.BIGTOP-3925 ranger support {*}({*}{*}merged{*}{*}){*}
[https://github.com/apache/bigtop/pull/1100]
2.BIGTOP-3923: Add missing jars for Ranger {*}({*}{*}merged{*}{*}){*}
[https://github.com/apache/bigtop/pull/1099]
3.BIGTOP-3910: Bigtop-select support Ranger ({*}merged{*})
[https://github.com/apache/bigtop/pull/1089]
Bigtop support for Ranger requires three PRs:
# BIGTOP-3925: This PR mainly addresses issues with Ranger RPM packaging and
includes a patch that resolves problems with starting HBase after integrating
with Ranger.
# BIGTOP-3923: This PR addresses package dependency issues when running "java
-cp '/usr/bigtop/current/ranger-usersync/lib/*'
org.apache.ranger.credentialapi.buildks create
ranger.usersync.policymgr.password -value [PROTECTED] -provider
jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks" command.
# BIGTOP-3910: This PR adds support for Ranger in Bigtop-select.
h3. ranger related issues:
These are the PRs encountered during the process of adapting Ranger in Bigtop
Ambari. All 3 PRs have been made into patches and submitted to the
aforementioned Bigtop Ranger support-related PRs. The review of the related
issues on the Ranger side is also currently underway.
1.fix Kafka2.8 can't restart after enable ranger plugin
https://issues.apache.org/jira/browse/RANGER-4228 wait for review
2.addresses the issue of HBase not starting after integrating with Ranger due
to class loading order
https://issues.apache.org/jira/browse/RANGER-4201 wait for review
3.mainly addresses the missing dependency issue when running the Ranger command
"java -cp '/usr/bigtop/current/ranger-usersync/lib/*'
org.apache.ranger.credentialapi.buildks create
ranger.usersync.policymgr.password -value [PROTECTED] -provider
jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks".
https://issues.apache.org/jira/browse/RANGER-3992 wait for review
manual test:
before enable kerberos all compoent works smoonthly
!image-2023-05-09-11-08-47-864.png!
!image-2023-05-09-11-08-57-472.png!
after enable kerberos all compoent works smoonthly
!image-2023-05-09-11-09-14-373.png!
!image-2023-05-09-11-09-22-441.png!
> Add ranger 2.4 support in ambari bigtop stack
> ----------------------------------------------
>
> Key: AMBARI-25929
> URL: https://issues.apache.org/jira/browse/AMBARI-25929
> Project: Ambari
> Issue Type: New Feature
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: caijialiang
> Assignee: caijialiang
> Priority: Major
> Fix For: 2.9.0
>
> Attachments: image-2023-05-09-11-08-47-864.png,
> image-2023-05-09-11-08-57-472.png, image-2023-05-09-11-09-14-373.png,
> image-2023-05-09-11-09-22-441.png
>
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> Add ranger 2.4 support in ambari bigtop stacks
> h3. Currently, the work of adapting Ranger to Bigtop and Ambari has been
> completed. Due to the large number of issues involved in the adaptation, they
> are summarized as follows:
> h2. apache ambari related issues
> The main issues related to adapting Ranger in Ambari 2.8 are related to the
> advisor functionality. Enabling Ranger would trigger the advisor to recommend
> updates to the component's Ranger-related configurations, thus adapting
> Ranger requires fixing this part first. Otherwise, after enabling Ranger
> plugin in Ambari, manual updates to the Ranger-related configurations would
> still be required.
>
> 1.AMBARI-25894: Missing file service_advisor.py in some serivces (merged)
> [https://github.com/apache/ambari/pull/3677
> |https://github.com/apache/ambari/pull/3677]
>
> 2.AMBARI-25932: Wrong config file name in spark service advisor
> ({*}merged{*})
> https://issues.apache.org/jira/browse/AMBARI-25932
>
> h2. ambari ranger support related issues:
> Here, we additionally adapted Ambari Infra because the Ambari Ranger service
> relies on the Infra client to perform Solr-related automation settings for
> Ranger.
>
> h4. 1.ambari infra PR
> 1.Add support for Ambari Infra in Ambari 2.8 wait for review ({*}merged{*})
> https://issues.apache.org/jira/browse/AMBARI-25933
> h4. 2.ambari ranger service support (wait for merge in next version)
> https://issues.apache.org/jira/browse/AMBARI-25929
> h4. 3.ambari infra service support wait for review (merged)
> [https://github.com/apache/ambari/pull/3696]
> h2. apache bigtop related issues
> To adapt Ranger to Ambari, we need to first build RPM packages related to
> Ranger using Bigtop. The following are the pull requests required for Bigtop
> to support Ranger.
>
> 1.BIGTOP-3925 ranger support {*}({*}{*}merged{*}{*}){*}
> [https://github.com/apache/bigtop/pull/1100]
> 2.BIGTOP-3923: Add missing jars for Ranger {*}({*}{*}merged{*}{*}){*}
> [https://github.com/apache/bigtop/pull/1099]
> 3.BIGTOP-3910: Bigtop-select support Ranger ({*}merged{*})
> [https://github.com/apache/bigtop/pull/1089]
> 4.BIGTOP-3950: fix ranger etc conf dir (in review)
> [https://github.com/apache/bigtop/pull/1120]
>
> Bigtop support for Ranger requires three PRs:
> # BIGTOP-3925: This PR mainly addresses issues with Ranger RPM packaging and
> includes a patch that resolves problems with starting HBase after integrating
> with Ranger.
> # BIGTOP-3923: This PR addresses package dependency issues when running
> "java -cp '/usr/bigtop/current/ranger-usersync/lib/*'
> org.apache.ranger.credentialapi.buildks create
> ranger.usersync.policymgr.password -value [PROTECTED] -provider
> jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks" command.
> # BIGTOP-3910: This PR adds support for Ranger in Bigtop-select.
> h3. ranger related issues:
>
> These are the PRs encountered during the process of adapting Ranger in Bigtop
> Ambari. All 3 PRs have been made into patches and submitted to the
> aforementioned Bigtop Ranger support-related PRs. The review of the related
> issues on the Ranger side is also currently underway.
>
>
> 1.fix Kafka2.8 can't restart after enable ranger plugin
> https://issues.apache.org/jira/browse/RANGER-4228 wait for review
> 2.addresses the issue of HBase not starting after integrating with Ranger due
> to class loading order
> https://issues.apache.org/jira/browse/RANGER-4201 wait for review
> 3.mainly addresses the missing dependency issue when running the Ranger
> command "java -cp '/usr/bigtop/current/ranger-usersync/lib/*'
> org.apache.ranger.credentialapi.buildks create
> ranger.usersync.policymgr.password -value [PROTECTED] -provider
> jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks".
> https://issues.apache.org/jira/browse/RANGER-3992 wait for review
> manual test:
> before enable kerberos all compoent works smoonthly
> !image-2023-05-09-11-08-47-864.png!
> !image-2023-05-09-11-08-57-472.png!
> after enable kerberos all compoent works smoonthly
> !image-2023-05-09-11-09-14-373.png!
> !image-2023-05-09-11-09-22-441.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
