Hello Andrew Wong, Anonymous Coward (314), Adar Dembo, Grant Henke,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/15601
to review the following change.
Change subject: KUDU-3081 Add Kerberos support to MiniRanger
......................................................................
KUDU-3081 Add Kerberos support to MiniRanger
As integration tests using Sentry authz provider all depend on a
Kerberized mini cluster we also need to add Kerberos support to
MiniRanger to be able to parameterize the integration tests.
As adding Kerberos support proved to be trickier than expected this
patch contains several other improvements, some of which may not
actually needed to make it work.
After configuring Kerberos for both MiniRanger and the Ranger subprocess
correctly I still ran into an error:
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos credentails)
This turned out to be due to a mismatch in forward and reverse lookup of
MiniRanger's hostname. To fix this I switched to using IP addresses in
the configuration instead of FQDNs and also to use a unique loopback
address for Ranger and Postgres. Unfortunately Ranger doesn't seem to
support setting the bind address, and it always binds to all interfaces,
we still need to use randomized ports as well.
This patch also changes the default "java" binary in Ranger client to be
the on in $JAVA_HOME/bin instead of the one in $PATH. To use the one in
$PATH a user can still simply set it to "java", or provide a full path.
During debugging the Ranger subprocess crashed which brought down the
master too in debug mode (DCHECK) which this patch also fixes.
Change-Id: I32118780ad912791fe5e371004345428b6459549
---
M src/kudu/integration-tests/master_sentry-itest.cc
M src/kudu/mini-cluster/external_mini_cluster.cc
M src/kudu/postgres/mini_postgres.cc
M src/kudu/postgres/mini_postgres.h
M src/kudu/ranger/mini_ranger.cc
M src/kudu/ranger/mini_ranger.h
M src/kudu/ranger/mini_ranger_configs.h
M src/kudu/ranger/ranger_client.cc
M src/kudu/ranger/ranger_client.h
9 files changed, 338 insertions(+), 44 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/01/15601/1
--
To view, visit http://gerrit.cloudera.org:8080/15601
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I32118780ad912791fe5e371004345428b6459549
Gerrit-Change-Number: 15601
Gerrit-PatchSet: 1
Gerrit-Owner: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Anonymous Coward (314)
Gerrit-Reviewer: Grant Henke <granthe...@apache.org>
