> On Feb. 15, 2017, 5:36 p.m., Mugdha Varadkar wrote: > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py, > > line 679 > > <https://reviews.apache.org/r/56671/diff/5/?file=1634479#file1634479line679> > > > > Please add defaults for atlas, yarn and kms. For kms the default > > principal name is rangerkms.
thanks, i forget to add yarn and used wrong default principal for kms. actually atlas is not needed because that is done on atlas side (also atlas needs other permissions as well to access its own collections) - Oliver ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56671/#review165727 ----------------------------------------------------------- On Feb. 15, 2017, 2:36 p.m., Oliver Szabo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56671/ > ----------------------------------------------------------- > > (Updated Feb. 15, 2017, 2:36 p.m.) > > > Review request for Ambari, Miklos Gergely, Mugdha Varadkar, and Robert > Nettleton. > > > Bugs: AMBARI-20013 > https://issues.apache.org/jira/browse/AMBARI-20013 > > > Repository: ambari > > > Description > ------- > > - make sure solr keytab and solr user is created on logsearch/ranger/atlas > hosts > - created a new solr_cloud_util method called add roles (curl for adding user > roles) > - updated secure znode method (adding infra-solr by default) > - move generated security.json into a static file > - added a custom security.json which can be used instead of the generated > security.json > > In ranger/atlas stack, the following calls can be used for securing znode and > update user-roles: > > solr_cloud_util.secure_znode(config=params.config, > zookeeper_quorum=params.zookeeper_quorum, > > solr_znode=format("{infra_solr_znode}/collections/mycollectionznode"), > jaas_file=params.logsearch_jaas_file, > java64_home=params.java64_home, > sasl_users=["myuser1@HOST", "myuser2"]) > > and > > solr_cloud_util.add_solr_roles(params.config, > roles = ["ranger_audit_user"], > new_service_principals = ["audituser1", > "audituser2"]) > > about ranger plugins: > > there is a way to use these methods in other services like storm etc. , the > problem is its needed to infra-solr be started, so if we include these in a > lot of other services, it can really slows down the deployment. that is the > reason why i kept the property dependencies in infra-solr-security-json > config. other then that, with the changes ranger can start successfully if > its added later to the cluster, and for plugins, infra-solr will be flagged > to be restarted. > > > Diffs > ----- > > > ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py > 4628211 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-security-json.xml > e193a8c > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/params.py > ab9aa61 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/scripts/setup_infra_solr.py > 8d72f42 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 > PRE-CREATION > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-security.json.j2 > ed764f0 > > ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py > 2232bb2 > > ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py > 682fc9f > > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json > bc8e351 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json > 49d1b10 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py > fecd802 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py > ba91e20 > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py > 0b4532b > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py > ae49c4f > ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json > 253e32e > ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py > 1bbf75e > ambari-server/src/test/python/stacks/2.3/configs/secure.json 4501b81 > ambari-server/src/test/python/stacks/2.4/AMBARI_INFRA/test_infra_solr.py > cd88fec > ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py > db9cbb9 > ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py > b01e7da > ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py > 8dda363 > > Diff: https://reviews.apache.org/r/56671/diff/ > > > Testing > ------- > > unit tests done. > > > Thanks, > > Oliver Szabo > >
