Re: Review Request 56607: AMBARI-19915 Add Ranger KMS SSL properties in ambari stack

Tue, 14 Feb 2017 23:08:34 -0800 


> On Feb. 13, 2017, 7:18 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py,
> >  line 148
> > <https://reviews.apache.org/r/56607/diff/1/?file=1632316#file1632316line148>
> >
> >     Today, we have symlinks from /etc/$comp/conf -> 
> > /usr/hdp/current/$comp/conf so that configs still work during stack 
> > upgrades (RU/EU). This seems to be a flat directory.
> >     
> >     How is it going to be used?
> >     What will happen during stack upgrades or downgrades?
> 
> Mugdha Varadkar wrote:
>     Hi Alejandro,
>     
>     For Ranger KMS: the "conf" symlinks is created under the path 
> /etc/ranger/kms/. This flat directory path is created by rpm package. I added 
> this code if in case the path is not created, it may be created from Ambari, 
> also this path is needed to create some additional files.
> 
> Alejandro Fernandez wrote:
>     What is actually stored in that directory?
>     If any files are overriden by installing a different version, then that 
> will cause problems during stack upgrade.
>     We shouldn't be using fixed paths any more.

Basically there are two directories created
1. /etc/ranger/kms/conf (created by rpm/deb package installation which helps 
for manual/non-ambari installation)
2. /etc/ranger-kms/<build-version>/0 (created by conf-select installation for 
ambari based installs)
3. /usr/hdp/current/ranger-kms/conf is also a symlink which points to 
/etc/ranger-kms/<build-version>/0

What is actually stored in that directory?
      rangerkms.jceks file is stored in that directory. The file is 
created/modified during every start of ranger-kms service.

Below is the structure of the /etc/ranger/kms/ directory:

- conf -> /usr/hdp/current/ranger-kms/conf
- conf.backup
- rangerkms.jceks

During upgrade we do conf-select which will set versioned config directories 
and it copies /usr/hdp/current/ranger-kms/conf/* to 
/etc/ranger-kms/<build-version>/0

For Downgrade the versioned config directories will be present already on the 
machine.

EU has been tested and it went through the upgrade process successfully.


- Mugdha


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56607/#review165378
-----------------------------------------------------------


On Feb. 14, 2017, 1:18 p.m., Mugdha Varadkar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56607/
> -----------------------------------------------------------
> 
> (Updated Feb. 14, 2017, 1:18 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-19915
>     https://issues.apache.org/jira/browse/AMBARI-19915
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Below SSL properties needs to be added in Ambari for Ranger KMS service
> - ranger.service.https.attrib.keystore.file
> - ranger.service.https.attrib.client.auth
> - ranger.service.https.attrib.keystore.keyalias  
> - ranger.service.https.attrib.keystore.pass
> - ranger.credential.provider.path
> - ranger.service.https.attrib.keystore.credential.alias
> 
> Along with addition of these properties, need to secure password property.
> 
> 
> Diffs
> -----
> 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/constants.py
>  8fd5c8d 
>   ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml 
> 12fde7e 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-env.xml
>  7dea07f 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
>  742cb93 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
>  05e8881 
>   
> ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
>  0fd1766 
>   ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml 
> 54072ad 
>   
> ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
>  31b20cf 
>   ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml 
> 88486e6 
>   ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml 
> 44a9b7c 
>   
> ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
>  4d70156 
>   ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml 
> 5b92e5f 
>   ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml 
> 23564ad 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
>  24db720 
>   ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml 
> 818a6c0 
>   
> ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-site.xml
>  PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py 
> 969c3dd 
>   ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py 
> 57f9f34 
>   ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py 
> b7f8cbb 
> 
> Diff: https://reviews.apache.org/r/56607/diff/
> 
> 
> Testing
> -------
> 
> Test Case:
> 
> Running tests for stack:2.5 service:RANGER_KMS
> test_configure_default (test_kms_server.TestRangerKMS) ... 2017-02-13 
> 19:08:27,451 - Stack Feature Version Info: stack_version=2.5, 
> version=2.5.0.0-777, current_cluster_version=2.5.0.0-777 -> 2.5.0.0-777
> 2017-02-13 19:08:27,467 - Using hadoop conf dir: 
> /usr/hdp/current/hadoop-client/conf
> ok
> test_configure_secured (test_kms_server.TestRangerKMS) ... 2017-02-13 
> 19:08:27,502 - Stack Feature Version Info: stack_version=2.5, 
> version=2.5.0.0-801, current_cluster_version=2.5.0.0-801 -> 2.5.0.0-801
> 2017-02-13 19:08:27,518 - Using hadoop conf dir: 
> /usr/hdp/current/hadoop-client/conf
> ok
> test_start_default (test_kms_server.TestRangerKMS) ... 2017-02-13 
> 19:08:27,533 - Stack Feature Version Info: stack_version=2.5, 
> version=2.5.0.0-777, current_cluster_version=2.5.0.0-777 -> 2.5.0.0-777
> 2017-02-13 19:08:27,550 - Using hadoop conf dir: 
> /usr/hdp/current/hadoop-client/conf
> 2017-02-13 19:08:27,555 - Rangeradmin: Skip ranger admin if it's down !
> ok
> test_start_secured (test_kms_server.TestRangerKMS) ... 2017-02-13 
> 19:08:27,568 - Stack Feature Version Info: stack_version=2.5, 
> version=2.5.0.0-801, current_cluster_version=2.5.0.0-801 -> 2.5.0.0-801
> 2017-02-13 19:08:27,597 - Using hadoop conf dir: 
> /usr/hdp/current/hadoop-client/conf
> 2017-02-13 19:08:27,602 - RangeradminV2: Skip ranger admin if it's down !
> 2017-02-13 19:08:27,602 - KMS repository c1_kms exist
> ok
> test_stop_default (test_kms_server.TestRangerKMS) ... 2017-02-13 19:08:27,618 
> - Stack Feature Version Info: stack_version=2.5, version=2.5.0.0-777, 
> current_cluster_version=2.5.0.0-777 -> 2.5.0.0-777
> 2017-02-13 19:08:27,639 - Using hadoop conf dir: 
> /usr/hdp/current/hadoop-client/conf
> ok
> 
> ----------------------------------------------------------------------
> Ran 5 tests in 0.277s
> 
> OK
> 
> test_recommendRangerKMSConfigurations 
> (test_stack_advisor.TestHDP26StackAdvisor) ... ok
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Reply via email to