date:20180413

Re: How to update DB password in Ranger Admin...

2018-04-13 Thread Don Bosco Durai

Perfect, this worked. Vel, thanks a lot. 

Bosco

On 4/13/18, 2:38 PM, "Velmurugan Periasamy"  wrote:

Bosco:

Can you please try the below?

 Take a backup of rangeradmin.jceks (just in case)
 Go to ranger admin install folder
 Execute the below command. Adjust according to your path. You should see
one entry called rangeradmin (from
ranger-admin-site.xml->ranger.jpa.jdbc.credential.alias).
java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks list -provider
"jceks://file/etc/ranger/admin/rangeradmin.jceks²
 You can update that with your new value using the below command. Again,
update according to your path.
java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create
rangeradmin -value ³"  -provider
"jceks://file/tmp/rangeradmin.jceks"

Hope this helps.
Thanks,
Vel

From:  Don Bosco Durai 
Reply-To:  "u...@ranger.apache.org" 
Date:  Friday, April 13, 2018 at 5:03 PM
To:  "u...@ranger.apache.org" , ranger

Subject:  How to update DB password in Ranger Admin...

I had to the change the Ranger DB password. Does anyone know how I can
update the Ranger Admin keystore with the new DB password, without running
the install.sh again?
 
FYI, my Ranger is manually installed (not via Ambari)
 
Thanks
 
Bosco

How to update DB password in Ranger Admin...

2018-04-13 Thread Don Bosco Durai

I had to the change the Ranger DB password. Does anyone know how I can update 
the Ranger Admin keystore with the new DB password, without running the 
install.sh again?

 

FYI, my Ranger is manually installed (not via Ambari)

 

Thanks

 

Bosco

[jira] [Comment Edited] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family

2018-04-13 Thread Abhay Kulkarni (JIRA)


[ 
https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16436818#comment-16436818
 ] 

Abhay Kulkarni edited comment on RANGER-2066 at 4/13/18 7:19 PM:
-

Patch is available at the review board:

master:

[https://reviews.apache.org/r/66588/]

ranger-1.0:

https://reviews.apache.org/r/66599/

ranger-0.7:

https://reviews.apache.org/r/66593/

 


was (Author: abhayk):
Patch is available at the review board:

https://reviews.apache.org/r/66588/

> Hbase column family access is authorized by a tagged column in the column 
> family
> 
>
> Key: RANGER-2066
> URL: https://issues.apache.org/jira/browse/RANGER-2066
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master, 0.7.1
>Reporter: Anuja Leekha
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 0.7.2, 1.1.0, 1.0.1
>
>
> SCENARIO:
> Table emp has 2 column families: personal_data(name,SSN,age) ; 
> prof_data(role, manager)
>  Column emp/prof_data/role is tagged with OFFICIAL tag.
> Create following policies:
>  Resource policy allows Read on all tables, all column-families and all 
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> When test_user executes "scan 'emp' " command, two audit log records are 
> created:
>  1. Resource: emp/personal_data
>  Name / Type: column-family
>  Allowed
>  Policy allowing: Resource based policy
> 2. Resource: emp/prof_data
>  Name / Type: column-family
>  Allowed
>  Policy allowing: TAG based policy for OFFICIAL tag
> prof_data column-family should be authorized by resource policy. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family

2018-04-13 Thread Abhay Kulkarni (JIRA)


[ 
https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16437774#comment-16437774
 ] 

Abhay Kulkarni commented on RANGER-2066:


ranger-1.0:

https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=e9085bc3721abb22d812ff11f2fd8345449a3b28

> Hbase column family access is authorized by a tagged column in the column 
> family
> 
>
> Key: RANGER-2066
> URL: https://issues.apache.org/jira/browse/RANGER-2066
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master, 0.7.1
>Reporter: Anuja Leekha
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 0.7.2, 1.1.0, 1.0.1
>
>
> SCENARIO:
> Table emp has 2 column families: personal_data(name,SSN,age) ; 
> prof_data(role, manager)
>  Column emp/prof_data/role is tagged with OFFICIAL tag.
> Create following policies:
>  Resource policy allows Read on all tables, all column-families and all 
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> When test_user executes "scan 'emp' " command, two audit log records are 
> created:
>  1. Resource: emp/personal_data
>  Name / Type: column-family
>  Allowed
>  Policy allowing: Resource based policy
> 2. Resource: emp/prof_data
>  Name / Type: column-family
>  Allowed
>  Policy allowing: TAG based policy for OFFICIAL tag
> prof_data column-family should be authorized by resource policy. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66599: RANGER-2066: Hbase column family access is authorized by a tagged column in the column family

2018-04-13 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66599/#review201122
---


Ship it!




Ship It!

- Madhan Neethiraj


On April 13, 2018, 5:36 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66599/
> ---
> 
> (Updated April 13, 2018, 5:36 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2066
> https://issues.apache.org/jira/browse/RANGER-2066
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> SCENARIO:
> 
> Table emp has 2 column families: personal_data(name,SSN,age) ; 
> prof_data(role, manager)
> Column emp/prof_data/role is tagged with OFFICIAL tag.
> 
> Create following policies:
> Resource policy allows Read on all tables, all column-families and all 
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> 
> When test_user executes "scan 'emp' " command, two audit log records are 
> created:
> 1. Resource: emp/personal_data
> Name / Type: column-family
> Allowed
> Policy allowing: Resource based policy
> 
> 2. Resource: emp/prof_data
> Name / Type: column-family
> Allowed
> Policy allowing: TAG based policy for OFFICIAL tag
> 
> prof_data column-family should be authorized by resource policy.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
>  415d4a499 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java
>  349ab360b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  ab4a9d27e 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
>  956456551 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java
>  cacae5a5b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  7a890b8b2 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
>  e4864031b 
>   
> agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 
> 11f31e317 
> 
> 
> Diff: https://reviews.apache.org/r/66599/diff/1/
> 
> 
> Testing
> ---
> 
> Developed and passed unit tests.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 66563: Entity is readable even if there is no entity-read-classification permission.

2018-04-13 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66563/#review201110
---


Ship it!




Ship It!

- Madhan Neethiraj


On April 13, 2018, 6:09 a.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66563/
> ---
> 
> (Updated April 13, 2018, 6:09 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Pradeep 
> Agrawal.
> 
> 
> Bugs: RANGER-2065
> https://issues.apache.org/jira/browse/RANGER-2065
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch includes changes to verify entity-read-classification permission 
> is available for entity resource to given user/ group when entity is 
> associated with classifications.
> 
> 
> Diffs
> -
> 
>   
> plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
>  465b06fb6 
> 
> 
> Diff: https://reviews.apache.org/r/66563/diff/3/
> 
> 
> Testing
> ---
> 
> Tested user with and without entity-read-classification permission to access 
> entities with and without classification
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

[jira] [Updated] (RANGER-2058) Add SSL enabled Postgres support in Ranger Admin

2018-04-13 Thread Velmurugan Periasamy (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2058:
-
Fix Version/s: (was: 1.0.1)

> Add SSL enabled Postgres support in Ranger Admin
> 
>
> Key: RANGER-2058
> URL: https://issues.apache.org/jira/browse/RANGER-2058
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-2058-Add-SSL-enabled-Postgres-support-in-Rang.patch
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

2018-04-13 Thread Qiang Zhang (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-2068:

Attachment: 0001-RANGER-2068-Fix-ranger.plugin.hbase.policy.rest.ssl..patch

> Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.
> 
>
> Key: RANGER-2068
> URL: https://issues.apache.org/jira/browse/RANGER-2068
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master, 1.1.0, 1.0.1
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Major
>  Labels: patch
> Attachments: 
> 0001-RANGER-2068-Fix-ranger.plugin.hbase.policy.rest.ssl..patch
>
>
> 1. Set configuration items.
> COMPONENT_INSTALL_DIR_NAME=/usr/local/hbase
> POLICY_MGR_URL=https://sslrangerserver:6182
> 2. Install hbase plugin.
> 3. Execute 'hbase-daemon.sh start master' command.
> error log:
> 2018-04-12 08:38:47,495 ERROR [sslmaster:16000.activeMasterManager] 
> util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to 
> refresh policies. Will continue to use last known version of policies (-1)
> com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: 
> Unexpected end of file from server
> at 
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
> at com.sun.jersey.api.client.Client.handle(Client.java:648)
> at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
> at 
> com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> at 
> com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
> at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:131)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
> at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:170)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1032)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1072)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$Environment.startup(CoprocessorHost.java:414)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadInstance(CoprocessorHost.java:255)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadSystemCoprocessors(CoprocessorHost.java:161)
> at 
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.(MasterCoprocessorHost.java:87)
> at 
> org.apache.hadoop.hbase.master.HMaster.finishActiveMasterInitialization(HMaster.java:721)
> at org.apache.hadoop.hbase.master.HMaster.access$600(HMaster.java:189)
> at org.apache.hadoop.hbase.master.HMaster$2.run(HMaster.java:1803)
> at java.lang.Thread.run(Thread.java:748)
> 4. error reason: the ranger.plugin.hbase.policy.rest.ssl.config.file was set 
> to /etc/hbase/conf/ranger-policymgr-ssl.xml. But the ranger-policymgr-ssl.xml 
> file is located under the /usr/local/hbase/conf path. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

2018-04-13 Thread Qiang Zhang (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-2068:

Attachment: (was: 
0001-RANGER-2068-Fix-ranger.plugin.hbase.policy.rest.ssl..patch)

> Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.
> 
>
> Key: RANGER-2068
> URL: https://issues.apache.org/jira/browse/RANGER-2068
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master, 1.1.0, 1.0.1
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Major
>  Labels: patch
> Attachments: 
> 0001-RANGER-2068-Fix-ranger.plugin.hbase.policy.rest.ssl..patch
>
>
> 1. Set configuration items.
> COMPONENT_INSTALL_DIR_NAME=/usr/local/hbase
> POLICY_MGR_URL=https://sslrangerserver:6182
> 2. Install hbase plugin.
> 3. Execute 'hbase-daemon.sh start master' command.
> error log:
> 2018-04-12 08:38:47,495 ERROR [sslmaster:16000.activeMasterManager] 
> util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to 
> refresh policies. Will continue to use last known version of policies (-1)
> com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: 
> Unexpected end of file from server
> at 
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
> at com.sun.jersey.api.client.Client.handle(Client.java:648)
> at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
> at 
> com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> at 
> com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
> at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:131)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
> at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:170)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1032)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1072)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$Environment.startup(CoprocessorHost.java:414)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadInstance(CoprocessorHost.java:255)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadSystemCoprocessors(CoprocessorHost.java:161)
> at 
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.(MasterCoprocessorHost.java:87)
> at 
> org.apache.hadoop.hbase.master.HMaster.finishActiveMasterInitialization(HMaster.java:721)
> at org.apache.hadoop.hbase.master.HMaster.access$600(HMaster.java:189)
> at org.apache.hadoop.hbase.master.HMaster$2.run(HMaster.java:1803)
> at java.lang.Thread.run(Thread.java:748)
> 4. error reason: the ranger.plugin.hbase.policy.rest.ssl.config.file was set 
> to /etc/hbase/conf/ranger-policymgr-ssl.xml. But the ranger-policymgr-ssl.xml 
> file is located under the /usr/local/hbase/conf path. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 66600: Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

2018-04-13 Thread Qiang Zhang


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66600/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, 
Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, Selvamohan Neethiraj, 
sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.


Bugs: RANGER-2068
https://issues.apache.org/jira/browse/RANGER-2068


Repository: ranger


Description
---

1. Set configuration items.
COMPONENT_INSTALL_DIR_NAME=/usr/local/hbase
POLICY_MGR_URL=https://sslrangerserver:6182
2. Install hbase plugin.
3. Execute 'hbase-daemon.sh start master' command.
error log:
2018-04-12 08:38:47,495 ERROR [sslmaster:16000.activeMasterManager] 
util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to refresh 
policies. Will continue to use last known version of policies (-1)
com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: 
Unexpected end of file from server
at 
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
at 
org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:131)
at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
at 
org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
at 
org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:170)
at 
org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1032)
at 
org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1072)
at 
org.apache.hadoop.hbase.coprocessor.CoprocessorHost$Environment.startup(CoprocessorHost.java:414)
at 
org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadInstance(CoprocessorHost.java:255)
at 
org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadSystemCoprocessors(CoprocessorHost.java:161)
at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.(MasterCoprocessorHost.java:87)
at 
org.apache.hadoop.hbase.master.HMaster.finishActiveMasterInitialization(HMaster.java:721)
at org.apache.hadoop.hbase.master.HMaster.access$600(HMaster.java:189)
at org.apache.hadoop.hbase.master.HMaster$2.run(HMaster.java:1803)
at java.lang.Thread.run(Thread.java:748)

4. error reason: the ranger.plugin.hbase.policy.rest.ssl.config.file was set to 
/etc/hbase/conf/ranger-policymgr-ssl.xml. But the ranger-policymgr-ssl.xml file 
is located under the /usr/local/hbase/conf path.


Diffs
-

  hbase-agent/conf/ranger-hbase-security-changes.cfg 31505b3 


Diff: https://reviews.apache.org/r/66600/diff/1/


Testing
---


Thanks,

Qiang Zhang

[jira] [Updated] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

2018-04-13 Thread Qiang Zhang (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-2068:

Attachment: 0001-RANGER-2068-Fix-ranger.plugin.hbase.policy.rest.ssl..patch

> Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.
> 
>
> Key: RANGER-2068
> URL: https://issues.apache.org/jira/browse/RANGER-2068
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master, 1.1.0, 1.0.1
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Major
>  Labels: patch
> Attachments: 
> 0001-RANGER-2068-Fix-ranger.plugin.hbase.policy.rest.ssl..patch
>
>
> 1. Set configuration items.
> COMPONENT_INSTALL_DIR_NAME=/usr/local/hbase
> POLICY_MGR_URL=https://sslrangerserver:6182
> 2. Install hbase plugin.
> 3. Execute 'hbase-daemon.sh start master' command.
> error log:
> 2018-04-12 08:38:47,495 ERROR [sslmaster:16000.activeMasterManager] 
> util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to 
> refresh policies. Will continue to use last known version of policies (-1)
> com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: 
> Unexpected end of file from server
> at 
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
> at com.sun.jersey.api.client.Client.handle(Client.java:648)
> at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
> at 
> com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> at 
> com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
> at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:131)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
> at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:170)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1032)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1072)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$Environment.startup(CoprocessorHost.java:414)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadInstance(CoprocessorHost.java:255)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadSystemCoprocessors(CoprocessorHost.java:161)
> at 
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.(MasterCoprocessorHost.java:87)
> at 
> org.apache.hadoop.hbase.master.HMaster.finishActiveMasterInitialization(HMaster.java:721)
> at org.apache.hadoop.hbase.master.HMaster.access$600(HMaster.java:189)
> at org.apache.hadoop.hbase.master.HMaster$2.run(HMaster.java:1803)
> at java.lang.Thread.run(Thread.java:748)
> 4. error reason: the ranger.plugin.hbase.policy.rest.ssl.config.file was set 
> to /etc/hbase/conf/ranger-policymgr-ssl.xml. But the ranger-policymgr-ssl.xml 
> file is located under the /usr/local/hbase/conf path. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

2018-04-13 Thread Qiang Zhang (JIRA)

Qiang Zhang created RANGER-2068:
---

 Summary: Fix ranger.plugin.hbase.policy.rest.ssl.config.file 
parameter error.
 Key: RANGER-2068
 URL: https://issues.apache.org/jira/browse/RANGER-2068
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: master, 1.1.0, 1.0.1
Reporter: Qiang Zhang
Assignee: Qiang Zhang


1. Set configuration items.
COMPONENT_INSTALL_DIR_NAME=/usr/local/hbase
POLICY_MGR_URL=https://sslrangerserver:6182
2. Install hbase plugin.
3. Execute 'hbase-daemon.sh start master' command.
error log:
2018-04-12 08:38:47,495 ERROR [sslmaster:16000.activeMasterManager] 
util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to refresh 
policies. Will continue to use last known version of policies (-1)
com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: 
Unexpected end of file from server
at 
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at 
com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
at 
org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:131)
at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
at 
org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
at 
org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:170)
at 
org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1032)
at 
org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1072)
at 
org.apache.hadoop.hbase.coprocessor.CoprocessorHost$Environment.startup(CoprocessorHost.java:414)
at 
org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadInstance(CoprocessorHost.java:255)
at 
org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadSystemCoprocessors(CoprocessorHost.java:161)
at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.(MasterCoprocessorHost.java:87)
at 
org.apache.hadoop.hbase.master.HMaster.finishActiveMasterInitialization(HMaster.java:721)
at org.apache.hadoop.hbase.master.HMaster.access$600(HMaster.java:189)
at org.apache.hadoop.hbase.master.HMaster$2.run(HMaster.java:1803)
at java.lang.Thread.run(Thread.java:748)

4. error reason: the ranger.plugin.hbase.policy.rest.ssl.config.file was set to 
/etc/hbase/conf/ranger-policymgr-ssl.xml. But the ranger-policymgr-ssl.xml file 
is located under the /usr/local/hbase/conf path. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66598: RANGER-2043 : Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs

2018-04-13 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66598/#review201089
---




kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
Lines 151 (patched)


I feel only debug message is need not Info.



kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
Lines 370 (patched)


Do we need to Info level logs? We don't a log of Info logs, debug logs are 
fine.
basically we want to avoid lot of info messages for KMS when you need debug 
we can put.



kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
Lines 408 (patched)


please consider doing 
logger.error("Keystore was tampered with, or password was incorrect.", 
t.getMessage());
for getting the entire stack trace into the kms.log file. Please review all 
the occurance like this where + e.getMessage() is used



kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java
Line 452 (original), 471 (patched)


do we need to do this printStackTraces? Just leave in log file. Also do 
Logger.error("==>RangerKeyStore.dbOperationLoad() error, e);



kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 212 (patched)


Do we need the info level log for the all the decrypts done?


- Ramesh Mani


On April 13, 2018, 5:14 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66598/
> ---
> 
> (Updated April 13, 2018, 5:14 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2043
> https://issues.apache.org/jira/browse/RANGER-2043
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs.
> 
> 
> Diffs
> -
> 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java 00dc069 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java e73b6d3 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> b9d948f 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 6cfd37e 
>   src/main/assembly/kms.xml 68512ef 
> 
> 
> Diff: https://reviews.apache.org/r/66598/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Verified Ranger Kms is working as expected.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 66598: RANGER-2043 : Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs

2018-04-13 Thread Qiang Zhang



> On April 13, 2018, 5:28 a.m., Qiang Zhang wrote:
> > Added logs will reduce program performance.
> 
> bhavik patel wrote:
> Currently if we get any error message then it will be very difficult to 
> debug so it will be helpful to debug the code at the time of any error.

if(logger.isDebugEnabled()) {
logger.debug("“);
}
You can add the above code segment.


- Qiang


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66598/#review201086
---


On April 13, 2018, 5:14 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66598/
> ---
> 
> (Updated April 13, 2018, 5:14 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2043
> https://issues.apache.org/jira/browse/RANGER-2043
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs.
> 
> 
> Diffs
> -
> 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java 00dc069 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java e73b6d3 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> b9d948f 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 6cfd37e 
>   src/main/assembly/kms.xml 68512ef 
> 
> 
> Diff: https://reviews.apache.org/r/66598/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Verified Ranger Kms is working as expected.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 66563: Entity is readable even if there is no entity-read-classification permission.

2018-04-13 Thread Nixon Rodrigues


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66563/
---

(Updated April 13, 2018, 6:09 a.m.)


Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Pradeep Agrawal.


Changes
---

This patch includes whitespace formating changes.


Bugs: RANGER-2065
https://issues.apache.org/jira/browse/RANGER-2065


Repository: ranger


Description
---

This patch includes changes to verify entity-read-classification permission is 
available for entity resource to given user/ group when entity is associated 
with classifications.


Diffs (updated)
-

  
plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
 465b06fb6 


Diff: https://reviews.apache.org/r/66563/diff/3/

Changes: https://reviews.apache.org/r/66563/diff/2-3/


Testing
---

Tested user with and without entity-read-classification permission to access 
entities with and without classification


Thanks,

Nixon Rodrigues

Re: How to update DB password in Ranger Admin...

How to update DB password in Ranger Admin...

[jira] [Comment Edited] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family

[jira] [Commented] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family

Re: Review Request 66599: RANGER-2066: Hbase column family access is authorized by a tagged column in the column family

Re: Review Request 66563: Entity is readable even if there is no entity-read-classification permission.

[jira] [Updated] (RANGER-2058) Add SSL enabled Postgres support in Ranger Admin

[jira] [Updated] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

[jira] [Updated] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

Review Request 66600: Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

[jira] [Updated] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

[jira] [Created] (RANGER-2068) Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

Re: Review Request 66598: RANGER-2043 : Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs

Re: Review Request 66598: RANGER-2043 : Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs

Re: Review Request 66563: Entity is readable even if there is no entity-read-classification permission.

15 matches

Site Navigation

Mail list logo

Footer information