----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50445/#review143535 -----------------------------------------------------------
ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json (line 16) <https://reviews.apache.org/r/50445/#comment209352> Python templates are generally problematic in Kerberos descritptors. Is there another way to figure out the `ranger_host`. Maybe using something like `${clusterHostInfo/ranger_host}` ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json (line 17) <https://reviews.apache.org/r/50445/#comment209358> Would Solr not be Kerberized if Kerberos is enabled for the cluster? It seems like this is redundant info and possible problematic if a user changes the value via Ranger's service config page or the REST API. ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json (lines 18 - 22) <https://reviews.apache.org/r/50445/#comment209354> it seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json (lines 61 - 65) <https://reviews.apache.org/r/50445/#comment209361> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json (lines 49 - 53) <https://reviews.apache.org/r/50445/#comment209364> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json (line 1) <https://reviews.apache.org/r/50445/#comment209366> Is this change specific to HDP 2.5 or could some other stack benefit from the changes. For example PHD X.Y? If so, then maybe a new common service version of HDFS should be created and referenced from HDP/2.5/HDFS. ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json (lines 32 - 36) <https://reviews.apache.org/r/50445/#comment209367> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json (lines 40 - 44) <https://reviews.apache.org/r/50445/#comment209369> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json (line 1) <https://reviews.apache.org/r/50445/#comment209375> Is this change specific to HDP 2.5 or could some other stack benefit from the changes. For example PHD X.Y? If so, then maybe a new common service version of KAFKA should be created and referenced from HDP/2.5/KAFKA. ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json (lines 22 - 26) <https://reviews.apache.org/r/50445/#comment209370> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json (line 1) <https://reviews.apache.org/r/50445/#comment209377> Is this change specific to HDP 2.5 or could some other stack benefit from the changes. For example PHD X.Y? If so, then maybe a new common service version of KNOX should be created and referenced from HDP/2.5/KNOX. ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json (lines 68 - 72) <https://reviews.apache.org/r/50445/#comment209371> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json (lines 28 - 32) <https://reviews.apache.org/r/50445/#comment209372> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json (lines 55 - 59) <https://reviews.apache.org/r/50445/#comment209373> It seems like these should be set in a Jinja2 template rather than make the properties here. Is it expected that a user might change them? - Robert Levas On July 26, 2016, 10:49 a.m., Mugdha Varadkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50445/ > ----------------------------------------------------------- > > (Updated July 26, 2016, 10:49 a.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jaimin Jetly, > Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan Periasamy. > > > Bugs: AMBARI-17902 > https://issues.apache.org/jira/browse/AMBARI-17902 > > > Repository: ambari > > > Description > ------- > > Ranger Service needs to support the following two scenarios in case when > audit to solr is enabled and solrCloud is used as destination. > > External Solr > If Audit to Solr is Enabled and Solr Cloud == true and Kerberos is Enabled > If is_external_solr == true > If is_external_solr_kerberized == true > Then recommend ranger.is.solr.kerberised as true. > > > Ambari Internal Solr > If Audit to Solr is Enabled and Solr Cloud == true > If is_external_solr == false and Kerberos is Enabled > Then directly recommend ranger.is.solr.kerberised as true. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json > 3d6e25c > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py > 3ec4b53 > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py > 1670d69 > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2 > PRE-CREATION > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2 > a456688 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml > eacf541 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml > 2cf3539 > ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json > ffebb11 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json > e65c9b2 > > ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml > 1c869ed > ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json > f9fa30d > ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml > bfdb3d3 > > ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml > a1b93e3 > ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml > 96b1400 > ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml > b2cc1c4 > > ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml > 86e0964 > ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml > 2099958 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml > ac22729 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml > cc9f0d2 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json > ada02ad > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml > 0a04953 > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml > 671c08e > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json > f9a0caf > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml > 6aca7e7 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml > bdd1994 > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml > 8c8278a > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json > bfd142a > > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml > da24576 > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json > 38896f5 > ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py > 4972972 > ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py > 2345b8e > > Diff: https://reviews.apache.org/r/50445/diff/ > > > Testing > ------- > > 1) External solr cloud on simple env (i.e. external solr cloud) > - audit to solr ON > - solr cloud ON > - external solr cloud ON > - external solr kerberos OFF > > 2) Internal solr cloud on simple env (i.e. log search) > - audit to solr ON > - solr cloud ON > - external solr cloud OFF > - external solr kerberos OFF > > 3) Internal solr cloud on secure env (i.e. log search + kerberos) > - audit to solr ON > - solr cloud ON > - external solr cloud OFF > - external solr kerberos OFF > > 4) External solr cloud on secure env (i.e. external solr cloud +kerberos env) > - audit to solr ON > - solr cloud ON > - external Solr cloud ON > - external solr kerberos OFF > > 5) External solr cloud on secure env (i.e. external solr cloud +kerberos env) > - audit to solr ON > - solr cloud ON > - external Solr cloud ON > - external solr kerberos ON > - > > > Also verified upgrade from 2.4 to 2.5 in simple as well as kerberos > > > Thanks, > > Mugdha Varadkar > >
