-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50445/#review143535
-----------------------------------------------------------




ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
(line 16)
<https://reviews.apache.org/r/50445/#comment209352>

    Python templates are generally problematic in Kerberos descritptors.  Is 
there another way to figure out the `ranger_host`. Maybe using something like 
`${clusterHostInfo/ranger_host}`



ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
(line 17)
<https://reviews.apache.org/r/50445/#comment209358>

    Would Solr not be Kerberized if Kerberos is enabled for the cluster?
    
    It seems like this is redundant info and possible problematic if a user 
changes the value via Ranger's service config page or the REST API.



ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
(lines 18 - 22)
<https://reviews.apache.org/r/50445/#comment209354>

    it seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json 
(lines 61 - 65)
<https://reviews.apache.org/r/50445/#comment209361>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json 
(lines 49 - 53)
<https://reviews.apache.org/r/50445/#comment209364>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json 
(line 1)
<https://reviews.apache.org/r/50445/#comment209366>

    Is this change specific to HDP 2.5 or could some other stack benefit from 
the changes.  For example PHD X.Y?
    
    If so, then maybe a new common service version of HDFS should be created 
and referenced from HDP/2.5/HDFS.



ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json 
(lines 32 - 36)
<https://reviews.apache.org/r/50445/#comment209367>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json 
(lines 40 - 44)
<https://reviews.apache.org/r/50445/#comment209369>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json 
(line 1)
<https://reviews.apache.org/r/50445/#comment209375>

    Is this change specific to HDP 2.5 or could some other stack benefit from 
the changes.  For example PHD X.Y?
    
    If so, then maybe a new common service version of KAFKA should be created 
and referenced from HDP/2.5/KAFKA.



ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json 
(lines 22 - 26)
<https://reviews.apache.org/r/50445/#comment209370>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json 
(line 1)
<https://reviews.apache.org/r/50445/#comment209377>

    Is this change specific to HDP 2.5 or could some other stack benefit from 
the changes.  For example PHD X.Y?
    
    If so, then maybe a new common service version of KNOX should be created 
and referenced from HDP/2.5/KNOX.



ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json 
(lines 68 - 72)
<https://reviews.apache.org/r/50445/#comment209371>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json
 (lines 28 - 32)
<https://reviews.apache.org/r/50445/#comment209372>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?



ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json 
(lines 55 - 59)
<https://reviews.apache.org/r/50445/#comment209373>

    It seems like these should be set in a Jinja2 template rather than make the 
properties here.
    
    Is it expected that a user might change them?


- Robert Levas


On July 26, 2016, 10:49 a.m., Mugdha Varadkar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50445/
> -----------------------------------------------------------
> 
> (Updated July 26, 2016, 10:49 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jaimin Jetly, 
> Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-17902
>     https://issues.apache.org/jira/browse/AMBARI-17902
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Ranger Service needs to support the following two scenarios in case when 
> audit to solr is enabled and solrCloud is used as destination.
> 
> External Solr
> If Audit to Solr is Enabled and Solr Cloud == true and Kerberos is Enabled
>  If is_external_solr == true
>   If is_external_solr_kerberized == true
>    Then recommend ranger.is.solr.kerberised as true.
> 
> 
> Ambari Internal Solr
> If Audit to Solr is Enabled and Solr Cloud == true
>   If is_external_solr == false and Kerberos is Enabled
>    Then directly recommend ranger.is.solr.kerberised as true.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json 
> 3d6e25c 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  3ec4b53 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
>  1670d69 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
>  a456688 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
>  eacf541 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
>  2cf3539 
>   ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
> ffebb11 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
>  e65c9b2 
>   
> ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
>  1c869ed 
>   ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json 
> f9fa30d 
>   ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml 
> bfdb3d3 
>   
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
>  a1b93e3 
>   ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml 
> 96b1400 
>   ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml 
> b2cc1c4 
>   
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
>  86e0964 
>   ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml 
> 2099958 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  ac22729 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
>  cc9f0d2 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json 
> ada02ad 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
>  0a04953 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json 
> PRE-CREATION 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
>  671c08e 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json 
> f9a0caf 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
>  6aca7e7 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json 
> PRE-CREATION 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
>  bdd1994 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json 
> PRE-CREATION 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
>  8c8278a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json
>  bfd142a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
>  da24576 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json 
> 38896f5 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 4972972 
>   ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py 
> 2345b8e 
> 
> Diff: https://reviews.apache.org/r/50445/diff/
> 
> 
> Testing
> -------
> 
> 1) External solr cloud on simple env (i.e. external solr cloud)
> - audit to solr ON
> - solr cloud ON
> - external solr cloud ON
> - external solr kerberos OFF
> 
> 2) Internal solr cloud on simple env (i.e. log search)
> - audit to solr ON
> - solr cloud ON
> - external solr cloud OFF
> - external solr kerberos OFF
> 
> 3) Internal solr cloud on secure env (i.e. log search + kerberos)
> - audit to solr ON
> - solr cloud ON
> - external solr cloud OFF
> - external solr kerberos OFF
> 
> 4) External solr cloud on secure env (i.e. external solr cloud +kerberos env)
> - audit to solr ON
> - solr cloud ON
> - external Solr cloud ON
> - external solr kerberos OFF
> 
> 5) External solr cloud on secure env (i.e. external solr cloud +kerberos env)
> - audit to solr ON
> - solr cloud ON
> - external Solr cloud ON
> - external solr kerberos ON
> - 
> 
> 
> Also verified upgrade from 2.4 to 2.5 in simple as well as kerberos
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Reply via email to