----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50030/#review142261 -----------------------------------------------------------
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py (line 191) <https://reviews.apache.org/r/50030/#comment207807> `master_keytab_path` is not be set/created if `securiry_enabled` is `false`. This may cause an issue down the road if some other variable needs it... For Example: ``` ranger_hbase_keytab = master_keytab_path ``` Note: the above example will only exeucte if `security_enabled` is `true`; but this is still a possible issue. ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py (line 630) <https://reviews.apache.org/r/50030/#comment207811> Whynot use `hive_server2_keytab` from line 336? ``` hive_server2_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab'] ``` ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py (line 239) <https://reviews.apache.org/r/50030/#comment207812> please verify the indent on this line, it appears to be a character off. ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py (line 1504) <https://reviews.apache.org/r/50030/#comment207814> The existance of KERBEROS in the services list does not indicate whether Kerberos is enabled or not. Use `cluster-env/security_enabled`, which used by the `isSecurityEnabled` - see `stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled` ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py (lines 1629 - 1632) <https://reviews.apache.org/r/50030/#comment207815> The existance or non-existance of the KERBEROS service should not be used to determine if Kerberos is enabled. Use `stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled` instead. - Robert Levas On July 14, 2016, 9:08 a.m., Mugdha Varadkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50030/ > ----------------------------------------------------------- > > (Updated July 14, 2016, 9:08 a.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan > Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan > Periasamy. > > > Bugs: AMBARI-17688 > https://issues.apache.org/jira/browse/AMBARI-17688 > > > Repository: ambari > > > Description > ------- > > Below properties should be introduced to Ranger admin and plugins to support > secure Solr. Also recommend for plugin in any of the below property chnages > on Ranger Admin: > > xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule > xasecure.audit.jaas.Client.loginModuleControlFlag=required > xasecure.audit.jaas.Client.option.useKeyTab=true > xasecure.audit.jaas.Client.option.storeKey=false > xasecure.audit.jaas.Client.option.serviceName=solr > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py > 145c216 > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py > 63a1100 > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py > fad4b9b > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py > 529ac8c > > ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml > 1b2b5e0 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml > 341cff7 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json > 3f50774 > > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py > dfcad32 > > ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml > d3f9143 > ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py > e570a5b7 > ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py > 2a2a3a3 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml > efeea5f > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml > 019602a > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml > 02b7565 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml > d3f9143 > ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py > 0e455e9 > ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py > 86bf14d > ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json > 67b00a1 > ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json > 9911e10 > ambari-web/app/data/HDP2/site_properties.js 23fbf5e > ambari-web/app/models/stack_service.js c63df3d > > Diff: https://reviews.apache.org/r/50030/diff/ > > > Testing > ------- > > Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure > cluster. > > > Thanks, > > Mugdha Varadkar > >
