> On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json, > > line 1 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452674#file1452674line1> > > > > Is this change specific to HDP 2.5 or could some other stack benefit > > from the changes. For example PHD X.Y? > > > > If so, then maybe a new common service version of KAFKA should be > > created and referenced from HDP/2.5/KAFKA.
I am not sure whether we have privilege to take that decision on adding new common version for KAFKA. @Jayush can you please let use know if we can add common service version of KAFKA > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json, > > lines 40-44 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452672#file1452672line40> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json, > > lines 55-59 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452680#file1452680line55> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json, > > lines 28-32 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452678#file1452678line28> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json, > > lines 68-72 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452676#file1452676line68> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json, > > line 1 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452676#file1452676line1> > > > > Is this change specific to HDP 2.5 or could some other stack benefit > > from the changes. For example PHD X.Y? > > > > If so, then maybe a new common service version of KNOX should be > > created and referenced from HDP/2.5/KNOX. Till now this is specific to HDP only. @Jayush can you please take the decision on the same. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json, > > lines 22-26 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452674#file1452674line22> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json, > > lines 32-36 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452670#file1452670line32> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json, > > lines 49-53 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452668#file1452668line49> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json, > > lines 61-65 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452659#file1452659line61> > > > > It seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json, > > lines 18-22 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452656#file1452656line18> > > > > it seems like these should be set in a Jinja2 template rather than make > > the properties here. > > > > Is it expected that a user might change them? Ranger Code doesn't support jaas.conf file. That is why can't use jinja2 template. > On July 26, 2016, 3:35 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json, > > line 1 > > <https://reviews.apache.org/r/50445/diff/1/?file=1452670#file1452670line1> > > > > Is this change specific to HDP 2.5 or could some other stack benefit > > from the changes. For example PHD X.Y? > > > > If so, then maybe a new common service version of HDFS should be > > created and referenced from HDP/2.5/HDFS. Till now this is specific to HDP only. @Jayush can you please take the decision on the same. - Mugdha ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50445/#review143535 ----------------------------------------------------------- On July 26, 2016, 2:49 p.m., Mugdha Varadkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50445/ > ----------------------------------------------------------- > > (Updated July 26, 2016, 2:49 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jaimin Jetly, > Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan Periasamy. > > > Bugs: AMBARI-17902 > https://issues.apache.org/jira/browse/AMBARI-17902 > > > Repository: ambari > > > Description > ------- > > Ranger Service needs to support the following two scenarios in case when > audit to solr is enabled and solrCloud is used as destination. > > External Solr > If Audit to Solr is Enabled and Solr Cloud == true and Kerberos is Enabled > If is_external_solr == true > If is_external_solr_kerberized == true > Then recommend ranger.is.solr.kerberised as true. > > > Ambari Internal Solr > If Audit to Solr is Enabled and Solr Cloud == true > If is_external_solr == false and Kerberos is Enabled > Then directly recommend ranger.is.solr.kerberised as true. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json > 3d6e25c > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py > 3ec4b53 > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py > 1670d69 > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2 > PRE-CREATION > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2 > a456688 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml > eacf541 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml > 2cf3539 > ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json > ffebb11 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json > e65c9b2 > > ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml > 1c869ed > ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json > f9fa30d > ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml > bfdb3d3 > > ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml > a1b93e3 > ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml > 96b1400 > ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml > b2cc1c4 > > ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml > 86e0964 > ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml > 2099958 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml > ac22729 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml > cc9f0d2 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json > ada02ad > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml > 0a04953 > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml > 671c08e > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json > f9a0caf > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml > 6aca7e7 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml > bdd1994 > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml > 8c8278a > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json > bfd142a > > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml > da24576 > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/kerberos.json > 38896f5 > ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py > 4972972 > ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py > 2345b8e > > Diff: https://reviews.apache.org/r/50445/diff/ > > > Testing > ------- > > 1) External solr cloud on simple env (i.e. external solr cloud) > - audit to solr ON > - solr cloud ON > - external solr cloud ON > - external solr kerberos OFF > > 2) Internal solr cloud on simple env (i.e. log search) > - audit to solr ON > - solr cloud ON > - external solr cloud OFF > - external solr kerberos OFF > > 3) Internal solr cloud on secure env (i.e. log search + kerberos) > - audit to solr ON > - solr cloud ON > - external solr cloud OFF > - external solr kerberos OFF > > 4) External solr cloud on secure env (i.e. external solr cloud +kerberos env) > - audit to solr ON > - solr cloud ON > - external Solr cloud ON > - external solr kerberos OFF > > 5) External solr cloud on secure env (i.e. external solr cloud +kerberos env) > - audit to solr ON > - solr cloud ON > - external Solr cloud ON > - external solr kerberos ON > - > > > Also verified upgrade from 2.4 to 2.5 in simple as well as kerberos > > > Thanks, > > Mugdha Varadkar > >