Re: Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65752/#review198275 --- Ship it! Ship It! - Mehul Parikh On Feb. 22, 2018, 10:31 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65752/ > --- > > (Updated Feb. 22, 2018, 10:31 a.m.) > > > Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-1990 > https://issues.apache.org/jira/browse/RANGER-1990 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL > server but only if 2-way SSL config is provided, Ranger should support for > MySQL configured in Standard SSL(one-way) mode. > > **Proposed Solution:** For mutual SSL (2-way) support keystore is required, > which is currently mandatory even if user want to connect to MySQL by using > Standard(1-way). Proposed solution requires changes in install.properites to > have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. > Default value shall be '2-way'. In case of '1-way', support keystore won't be > required however truststore is mandatory. > > > Diffs > - > > kms/config/kms-webapp/dbks-site.xml a098db1 > kms/scripts/db_setup.py 663d60d > kms/scripts/dba_script.py c0dc7a4 > kms/scripts/install.properties 5d4945e > kms/scripts/ranger-kms c279bc1 > kms/scripts/setup.sh 2da1e96 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7 > security-admin/scripts/db_setup.py 79d79d0 > security-admin/scripts/dba_script.py c71ca42 > security-admin/scripts/install.properties 268b8ac > security-admin/scripts/setup.sh 4d09bc2 > security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java > 1392421 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 9dfc03d > > > Diff: https://reviews.apache.org/r/65752/diff/1/ > > > Testing > --- > > Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and > two-way ssl configurations. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65752/#review198211 --- Ship it! Ship It! - Zsombor Gegesy On Feb. 22, 2018, 10:31 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65752/ > --- > > (Updated Feb. 22, 2018, 10:31 a.m.) > > > Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-1990 > https://issues.apache.org/jira/browse/RANGER-1990 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL > server but only if 2-way SSL config is provided, Ranger should support for > MySQL configured in Standard SSL(one-way) mode. > > **Proposed Solution:** For mutual SSL (2-way) support keystore is required, > which is currently mandatory even if user want to connect to MySQL by using > Standard(1-way). Proposed solution requires changes in install.properites to > have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. > Default value shall be '2-way'. In case of '1-way', support keystore won't be > required however truststore is mandatory. > > > Diffs > - > > kms/config/kms-webapp/dbks-site.xml a098db1 > kms/scripts/db_setup.py 663d60d > kms/scripts/dba_script.py c0dc7a4 > kms/scripts/install.properties 5d4945e > kms/scripts/ranger-kms c279bc1 > kms/scripts/setup.sh 2da1e96 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7 > security-admin/scripts/db_setup.py 79d79d0 > security-admin/scripts/dba_script.py c71ca42 > security-admin/scripts/install.properties 268b8ac > security-admin/scripts/setup.sh 4d09bc2 > security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java > 1392421 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 9dfc03d > > > Diff: https://reviews.apache.org/r/65752/diff/1/ > > > Testing > --- > > Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and > two-way ssl configurations. > > > Thanks, > > Pradeep Agrawal > >
Review Request 65752: RANGER-1990: Add One-way SSL MySQL support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65752/ --- Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1990 https://issues.apache.org/jira/browse/RANGER-1990 Repository: ranger Description --- **Problem Statement:** Currently Ranger can communicate to SSL enabled MySQL server but only if 2-way SSL config is provided, Ranger should support for MySQL configured in Standard SSL(one-way) mode. **Proposed Solution:** For mutual SSL (2-way) support keystore is required, which is currently mandatory even if user want to connect to MySQL by using Standard(1-way). Proposed solution requires changes in install.properites to have a property 'db_ssl_auth_type' which can have value '1-way' or '2-way'. Default value shall be '2-way'. In case of '1-way', support keystore won't be required however truststore is mandatory. Diffs - kms/config/kms-webapp/dbks-site.xml a098db1 kms/scripts/db_setup.py 663d60d kms/scripts/dba_script.py c0dc7a4 kms/scripts/install.properties 5d4945e kms/scripts/ranger-kms c279bc1 kms/scripts/setup.sh 2da1e96 kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 87366b7 security-admin/scripts/db_setup.py 79d79d0 security-admin/scripts/dba_script.py c71ca42 security-admin/scripts/install.properties 268b8ac security-admin/scripts/setup.sh 4d09bc2 security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 1392421 security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03d Diff: https://reviews.apache.org/r/65752/diff/1/ Testing --- Tested Ranger admin and Ranger kms on SSL enabled MySQL with one-way and two-way ssl configurations. Thanks, Pradeep Agrawal
