> On July 26, 2016, 3:35 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json,
> >  line 17
> > <https://reviews.apache.org/r/50445/diff/1/?file=1452656#file1452656line17>
> >
> >     Would Solr not be Kerberized if Kerberos is enabled for the cluster?
> >     
> >     It seems like this is redundant info and possible problematic if a user 
> > changes the value via Ranger's service config page or the REST API.
> 
> Jayush Luniya wrote:
>     Agreed. As we had discussed in our call we should have is_external_solr 
> and is_external_solr_kerberized flags. The is_external_solr_kerberized is 
> effective only if is_external_solr = TRUE.

BTW even if we need to keep ranger.is.solr.kerberised property, we can avoid 
any changes in stack advisor extra by always computing and setting this 
property based on other properties. We shouldnt give the option of setting this 
property at all to the user. I will sync up with you on this.


- Jayush


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50445/#review143535
-----------------------------------------------------------


On July 26, 2016, 2:49 p.m., Mugdha Varadkar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50445/
> -----------------------------------------------------------
> 
> (Updated July 26, 2016, 2:49 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jaimin Jetly, 
> Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-17902
>     https://issues.apache.org/jira/browse/AMBARI-17902
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Ranger Service needs to support the following two scenarios in case when 
> audit to solr is enabled and solrCloud is used as destination.
> 
> External Solr
> If Audit to Solr is Enabled and Solr Cloud == true and Kerberos is Enabled
>  If is_external_solr == true
>   If is_external_solr_kerberized == true
>    Then recommend ranger.is.solr.kerberised as true.
> 
> 
> Ambari Internal Solr
> If Audit to Solr is Enabled and Solr Cloud == true
>   If is_external_solr == false and Kerberos is Enabled
>    Then directly recommend ranger.is.solr.kerberised as true.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json 
> 3d6e25c 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  3ec4b53 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
>  1670d69 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
>  a456688 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
>  eacf541 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
>  2cf3539 
>   ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
> ffebb11 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
>  e65c9b2 
>   
> ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
>  1c869ed 
>   ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json 
> f9fa30d 
>   ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml 
> bfdb3d3 
>   
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
>  a1b93e3 
>   ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml 
> 96b1400 
>   ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml 
> b2cc1c4 
>   
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
>  86e0964 
>   ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml 
> 2099958 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  ac22729 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
>  cc9f0d2 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json 
> ada02ad 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
>  0a04953 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json 
> PRE-CREATION 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
>  671c08e 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json 
> f9a0caf 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
>  6aca7e7 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json 
> PRE-CREATION 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
>  bdd1994 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json 
> PRE-CREATION 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
>  8c8278a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json
>  bfd142a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
>  da24576 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json 
> 38896f5 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 4972972 
>   ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py 
> 2345b8e 
> 
> Diff: https://reviews.apache.org/r/50445/diff/
> 
> 
> Testing
> -------
> 
> 1) External solr cloud on simple env (i.e. external solr cloud)
> - audit to solr ON
> - solr cloud ON
> - external solr cloud ON
> - external solr kerberos OFF
> 
> 2) Internal solr cloud on simple env (i.e. log search)
> - audit to solr ON
> - solr cloud ON
> - external solr cloud OFF
> - external solr kerberos OFF
> 
> 3) Internal solr cloud on secure env (i.e. log search + kerberos)
> - audit to solr ON
> - solr cloud ON
> - external solr cloud OFF
> - external solr kerberos OFF
> 
> 4) External solr cloud on secure env (i.e. external solr cloud +kerberos env)
> - audit to solr ON
> - solr cloud ON
> - external Solr cloud ON
> - external solr kerberos OFF
> 
> 5) External solr cloud on secure env (i.e. external solr cloud +kerberos env)
> - audit to solr ON
> - solr cloud ON
> - external Solr cloud ON
> - external solr kerberos ON
> - 
> 
> 
> Also verified upgrade from 2.4 to 2.5 in simple as well as kerberos
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Reply via email to