> On Feb. 14, 2017, 6:32 p.m., Alejandro Fernandez wrote: > > ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py, > > line 283 > > <https://reviews.apache.org/r/56671/diff/1/?file=1633410#file1633410line283> > > > > Make this robust, if solr_hosts is empty, then this will throw an index > > out of bounds exception.
we cannot reach that state as we are only using that method if we have at least one element. > On Feb. 14, 2017, 6:32 p.m., Alejandro Fernandez wrote: > > ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py, > > line 262 > > <https://reviews.apache.org/r/56671/diff/1/?file=1633410#file1633410line262> > > > > Make this more robust. This assumes that "@" exists. if it does not exist it returns with the full string. > On Feb. 14, 2017, 6:32 p.m., Alejandro Fernandez wrote: > > ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py, > > line 270 > > <https://reviews.apache.org/r/56671/diff/1/?file=1633410#file1633410line270> > > > > domain is never defined above so if the len is not 2 it will throw an > > error. actually its defined as we get it as a parameter (from kerberos env) but the name itself is wrong so i will rename it to realm. accidentally i used wrong naming here - Oliver ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56671/#review165538 ----------------------------------------------------------- On Feb. 14, 2017, 6:03 p.m., Oliver Szabo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56671/ > ----------------------------------------------------------- > > (Updated Feb. 14, 2017, 6:03 p.m.) > > > Review request for Ambari, Miklos Gergely, Mugdha Varadkar, and Robert > Nettleton. > > > Bugs: AMBARI-20013 > https://issues.apache.org/jira/browse/AMBARI-20013 > > > Repository: ambari > > > Description > ------- > > - make sure solr keytab and solr user is created on logsearch/ranger/atlas > hosts > - created a new solr_cloud_util method called add roles (curl for adding user > roles) > - updated secure znode method (adding infra-solr by default) > - move generated security.json into a static file > - added a custom security.json which can be used instead of the generated > security.json > > This patch still does not contain atlas/ranger fixes (it will, that review is > mosly for review, i will include ranger/atlas changes later). > > In ranger/atlas stack, the following calls can be used for securing znode and > update user-roles: > > solr_cloud_util.secure_znode(config=params.config, > zookeeper_quorum=params.zookeeper_quorum, > > solr_znode=format("{infra_solr_znode}/collections/mycollectionznode"), > jaas_file=params.logsearch_jaas_file, > java64_home=params.java64_home, > sasl_users=["myuser1@HOST", "myuser2"]) > > and > > solr_cloud_util.add_solr_roles(params.config, > roles = ["ranger_audit_user"], > new_service_principals = ["audituser1", > "audituser2"]) > > about ranger plugins: > > there is a way to use these methods in other services like storm etc. , the > problem is its needed to infra-solr be started, so if we include these in a > lot of other services, it can really slows down the deployment. that is the > reason why i kept the property dependencies in infra-solr-security-json > config. other then that, with the changes ranger can start successfully if > its added later to the cluster, and for plugins, infra-solr will be flagged > to be restarted. > > > Diffs > ----- > > > ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py > 4628211 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-security-json.xml > e193a8c > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/params.py > ab9aa61 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/setup_infra_solr.py > 8d72f42 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 > PRE-CREATION > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-security.json.j2 > ed764f0 > > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json > bc8e351 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json > 49d1b10 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py > fecd802 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py > ba91e20 > ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json > 253e32e > ambari-server/src/test/python/stacks/2.4/AMBARI_INFRA/test_infra_solr.py > cd88fec > > Diff: https://reviews.apache.org/r/56671/diff/ > > > Testing > ------- > > unit tests done, still writing unit tests for atlas/ranger additions. > > > Thanks, > > Oliver Szabo > >
