kumaab opened a new pull request, #8037: URL: https://github.com/apache/ozone/pull/8037
## What changes were proposed in this pull request? - Adds support for ozone integration with ranger in the `compose/ozone` subpath. (Support in `compose/ozonesecure` to follow soon) - Enables OM container to come up with ranger plugin enabled and authorizer class set to: `org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer` - Adds support for ranger containers to come up along with ozone containers sharing a common network. ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-11454 ## How was this patch tested? In docker containers on local machine with published binaries for ozone using version 1.4.1 and ranger version 2.6.0 The changes in the PR were copied over to `ozone-1.4.1/compose/ozone` and the following commands were run: ``` chmod +x ranger-ozone-plugin-setup.sh ./ranger-ozone-plugin-setup.sh docker compose -f docker-compose.yaml -f docker-compose.ranger.yaml up -d ``` The following were verified: - Verified all ranger and ozone containers come up with docker compose. - Ranger plugin for Ozone is enabled once OM container starts. (attached logs to jira) - Verified restart of `ozone-om-1` container, plugin installation is skipped! - Policies are synced to the plugin.<img width="2461" alt="policies_synced_to_plugin" src="https://github.com/user-attachments/assets/de93392d-2628-4548-a8f3-823af253ba52"; /> - The plugin is able to download policies, tags and roles to `etc/ranger/dev_ozone/policycache`  - Verified authorization for `hadoop` and `om` user, attaching audits seen in Ranger UI: <img width="2025" alt="audits" src="https://github.com/user-attachments/assets/dfa0a837-c593-4521-bb6d-9abdf7abc2b3"; /> - No relevant errors are seen in `ozone-om-1` container. - Running `chmod +x test-ranger.sh && ./test-ranger.sh` also brings up all the required containers. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
