subject:"Review Request 50030\: AMBARI\-17688 Ranger stack changes in Ambari to support secure Solr"

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-15 Thread Jayush Luniya



> On July 15, 2016, 5:25 p.m., Jayush Luniya wrote:
> > Ship It!

Committed patch. Please close review.


- Jayush


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/#review142401
---


On July 15, 2016, 8:43 a.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50030/
> ---
> 
> (Updated July 15, 2016, 8:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan 
> Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: AMBARI-17688
> https://issues.apache.org/jira/browse/AMBARI-17688
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Below properties should be introduced to Ranger admin and plugins to support 
> secure Solr. Also recommend for plugin in any of the below property chnages 
> on Ranger Admin:
> 
> xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> xasecure.audit.jaas.Client.loginModuleControlFlag=required
> xasecure.audit.jaas.Client.option.useKeyTab=true
> xasecure.audit.jaas.Client.option.storeKey=false
> xasecure.audit.jaas.Client.option.serviceName=solr
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
>  145c216 
>   
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
>  6bb2cbc 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  fad4b9b 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
>  529ac8c 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
>  1b2b5e0 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
>  341cff7 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
>  3f50774 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
>  dfcad32 
>   
> ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
> e570a5b7 
>   ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
> 2a2a3a3 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  efeea5f 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
>  019602a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
>  02b7565 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 5fccb2a 
>   ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 
> 86bf14d 
>   ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py 
> a6baeea 
>   ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json 
> 67b00a1 
>   ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json 
> 9911e10 
>   ambari-web/app/data/HDP2/site_properties.js 23fbf5e 
>   ambari-web/app/models/stack_service.js c63df3d 
> 
> Diff: https://reviews.apache.org/r/50030/diff/
> 
> 
> Testing
> ---
> 
> Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure 
> cluster.
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-15 Thread Jayush Luniya


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/#review142401
---


Ship it!




Ship It!

- Jayush Luniya


On July 15, 2016, 8:43 a.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50030/
> ---
> 
> (Updated July 15, 2016, 8:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan 
> Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: AMBARI-17688
> https://issues.apache.org/jira/browse/AMBARI-17688
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Below properties should be introduced to Ranger admin and plugins to support 
> secure Solr. Also recommend for plugin in any of the below property chnages 
> on Ranger Admin:
> 
> xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> xasecure.audit.jaas.Client.loginModuleControlFlag=required
> xasecure.audit.jaas.Client.option.useKeyTab=true
> xasecure.audit.jaas.Client.option.storeKey=false
> xasecure.audit.jaas.Client.option.serviceName=solr
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
>  145c216 
>   
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
>  6bb2cbc 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  fad4b9b 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
>  529ac8c 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
>  1b2b5e0 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
>  341cff7 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
>  3f50774 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
>  dfcad32 
>   
> ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
> e570a5b7 
>   ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
> 2a2a3a3 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  efeea5f 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
>  019602a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
>  02b7565 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 5fccb2a 
>   ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 
> 86bf14d 
>   ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py 
> a6baeea 
>   ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json 
> 67b00a1 
>   ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json 
> 9911e10 
>   ambari-web/app/data/HDP2/site_properties.js 23fbf5e 
>   ambari-web/app/models/stack_service.js c63df3d 
> 
> Diff: https://reviews.apache.org/r/50030/diff/
> 
> 
> Testing
> ---
> 
> Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure 
> cluster.
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-15 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/#review142357
---


Ship it!




Ship It!

- Robert Levas


On July 15, 2016, 4:43 a.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50030/
> ---
> 
> (Updated July 15, 2016, 4:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan 
> Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: AMBARI-17688
> https://issues.apache.org/jira/browse/AMBARI-17688
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Below properties should be introduced to Ranger admin and plugins to support 
> secure Solr. Also recommend for plugin in any of the below property chnages 
> on Ranger Admin:
> 
> xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> xasecure.audit.jaas.Client.loginModuleControlFlag=required
> xasecure.audit.jaas.Client.option.useKeyTab=true
> xasecure.audit.jaas.Client.option.storeKey=false
> xasecure.audit.jaas.Client.option.serviceName=solr
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
>  145c216 
>   
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
>  6bb2cbc 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  fad4b9b 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
>  529ac8c 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
>  1b2b5e0 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
>  341cff7 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
>  3f50774 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
>  dfcad32 
>   
> ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
> e570a5b7 
>   ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
> 2a2a3a3 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  efeea5f 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
>  019602a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
>  02b7565 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 5fccb2a 
>   ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 
> 86bf14d 
>   ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py 
> a6baeea 
>   ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json 
> 67b00a1 
>   ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json 
> 9911e10 
>   ambari-web/app/data/HDP2/site_properties.js 23fbf5e 
>   ambari-web/app/models/stack_service.js c63df3d 
> 
> Diff: https://reviews.apache.org/r/50030/diff/
> 
> 
> Testing
> ---
> 
> Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure 
> cluster.
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-15 Thread Mugdha Varadkar



> On July 14, 2016, 6:30 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py,
> >  line 630
> > 
> >
> > Whynot use `hive_server2_keytab` from line 336?
> > 
> > ```
> > hive_server2_keytab = 
> > config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
> > ```

hive_server2_keytab variable seems to be used in python code under appropriate 
if "security_enabled" conditions. However in our case the variable is to be 
consumed in xml, which does not have support for if. And it will break with 
configuration not available error in case of simple mode. 

That is the reason i used a new variable. Do you have a better approach? Maybe 
i can add an "if security_enabled:" condition for the declaration of 
hive_server2_keytab variable, but not sure if it will break something.


> On July 14, 2016, 6:30 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py,
> >  line 191
> > 
> >
> > `master_keytab_path` is not be set/created if `securiry_enabled` is 
> > `false`.  This may cause an issue down the road if some other variable 
> > needs it... For Example:
> > 
> > ```
> > ranger_hbase_keytab = master_keytab_path
> > ```
> > 
> > Note: the above example will only exeucte if `security_enabled` is 
> > `true`; but this is still a possible issue.

Please see my comment for hive_server2_keytab. Same applies here also.


> On July 14, 2016, 6:30 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py,
> >  line 240
> > 
> >
> > please verify the indent on this line, it appears to be a character off.

Updated in latest patch


> On July 14, 2016, 6:30 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py, 
> > line 1504
> > 
> >
> > The existance of KERBEROS in the services list does not indicate 
> > whether Kerberos is enabled or not.  Use  `cluster-env/security_enabled`, 
> > which used by the `isSecurityEnabled` - see 
> > `stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled`

Updated in latest patch


> On July 14, 2016, 6:30 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py, 
> > lines 1629-1632
> > 
> >
> > The existance or non-existance of the KERBEROS service should not be 
> > used to determine if Kerberos is enabled.  Use 
> > `stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled` instead.

Updated in latest patch


- Mugdha


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/#review142261
---


On July 15, 2016, 8:43 a.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50030/
> ---
> 
> (Updated July 15, 2016, 8:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan 
> Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: AMBARI-17688
> https://issues.apache.org/jira/browse/AMBARI-17688
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Below properties should be introduced to Ranger admin and plugins to support 
> secure Solr. Also recommend for plugin in any of the below property chnages 
> on Ranger Admin:
> 
> xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> xasecure.audit.jaas.Client.loginModuleControlFlag=required
> xasecure.audit.jaas.Client.option.useKeyTab=true
> xasecure.audit.jaas.Client.option.storeKey=false
> xasecure.audit.jaas.Client.option.serviceName=solr
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
>  145c216 
>   
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
>  6bb2cbc 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  fad4b9b 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
>  529ac8c 
>   
>

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-15 Thread Mugdha Varadkar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/
---

(Updated July 15, 2016, 8:43 a.m.)


Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan Hurley, 
Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan Periasamy.


Changes
---

Handle Robert Levas comments for stack advisor changes


Bugs: AMBARI-17688
https://issues.apache.org/jira/browse/AMBARI-17688


Repository: ambari


Description
---

Below properties should be introduced to Ranger admin and plugins to support 
secure Solr. Also recommend for plugin in any of the below property chnages on 
Ranger Admin:

xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
xasecure.audit.jaas.Client.loginModuleControlFlag=required
xasecure.audit.jaas.Client.option.useKeyTab=true
xasecure.audit.jaas.Client.option.storeKey=false
xasecure.audit.jaas.Client.option.serviceName=solr


Diffs (updated)
-

  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
 145c216 
  
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
 6bb2cbc 
  
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
 fad4b9b 
  
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
 529ac8c 
  
ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
 1b2b5e0 
  
ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
 341cff7 
  
ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
 3f50774 
  
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
 dfcad32 
  
ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
 d3f9143 
  ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
e570a5b7 
  ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
2a2a3a3 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
 efeea5f 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
 019602a 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
 02b7565 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
 d3f9143 
  ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
5fccb2a 
  ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 86bf14d 
  ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py a6baeea 
  ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json 
67b00a1 
  ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json 
9911e10 
  ambari-web/app/data/HDP2/site_properties.js 23fbf5e 
  ambari-web/app/models/stack_service.js c63df3d 

Diff: https://reviews.apache.org/r/50030/diff/


Testing
---

Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure 
cluster.


Thanks,

Mugdha Varadkar

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-14 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/#review142261
---




ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
 (line 191)


`master_keytab_path` is not be set/created if `securiry_enabled` is 
`false`.  This may cause an issue down the road if some other variable needs 
it... For Example:

```
ranger_hbase_keytab = master_keytab_path
```

Note: the above example will only exeucte if `security_enabled` is `true`; 
but this is still a possible issue.



ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
 (line 630)


Whynot use `hive_server2_keytab` from line 336?

```
hive_server2_keytab = 
config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
```



ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
 (line 239)


please verify the indent on this line, it appears to be a character off.



ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py (line 
1504)


The existance of KERBEROS in the services list does not indicate whether 
Kerberos is enabled or not.  Use  `cluster-env/security_enabled`, which used by 
the `isSecurityEnabled` - see 
`stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled`



ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
(lines 1629 - 1632)


The existance or non-existance of the KERBEROS service should not be used 
to determine if Kerberos is enabled.  Use 
`stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled` instead.


- Robert Levas


On July 14, 2016, 9:08 a.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50030/
> ---
> 
> (Updated July 14, 2016, 9:08 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan 
> Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: AMBARI-17688
> https://issues.apache.org/jira/browse/AMBARI-17688
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Below properties should be introduced to Ranger admin and plugins to support 
> secure Solr. Also recommend for plugin in any of the below property chnages 
> on Ranger Admin:
> 
> xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
> xasecure.audit.jaas.Client.loginModuleControlFlag=required
> xasecure.audit.jaas.Client.option.useKeyTab=true
> xasecure.audit.jaas.Client.option.storeKey=false
> xasecure.audit.jaas.Client.option.serviceName=solr
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
>  145c216 
>   
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
>  63a1100 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  fad4b9b 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
>  529ac8c 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
>  1b2b5e0 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
>  341cff7 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
>  3f50774 
>   
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
>  dfcad32 
>   
> ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
>  d3f9143 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
> e570a5b7 
>   ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
> 2a2a3a3 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  efeea5f 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
>  d3f9143 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
>  019602a 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
>  d3f9143 
>   
>

Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

2016-07-14 Thread Mugdha Varadkar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50030/
---

Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan Hurley, 
Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan Periasamy.


Bugs: AMBARI-17688
https://issues.apache.org/jira/browse/AMBARI-17688


Repository: ambari


Description
---

Below properties should be introduced to Ranger admin and plugins to support 
secure Solr. Also recommend for plugin in any of the below property chnages on 
Ranger Admin:

xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
xasecure.audit.jaas.Client.loginModuleControlFlag=required
xasecure.audit.jaas.Client.option.useKeyTab=true
xasecure.audit.jaas.Client.option.storeKey=false
xasecure.audit.jaas.Client.option.serviceName=solr


Diffs
-

  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
 145c216 
  
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
 63a1100 
  
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
 fad4b9b 
  
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
 529ac8c 
  
ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
 1b2b5e0 
  
ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
 341cff7 
  
ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
 3f50774 
  
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
 dfcad32 
  
ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
 d3f9143 
  ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
e570a5b7 
  ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
2a2a3a3 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
 efeea5f 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
 019602a 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
 d3f9143 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
 02b7565 
  
ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
 d3f9143 
  ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
0e455e9 
  ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 86bf14d 
  ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json 
67b00a1 
  ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json 
9911e10 
  ambari-web/app/data/HDP2/site_properties.js 23fbf5e 
  ambari-web/app/models/stack_service.js c63df3d 

Diff: https://reviews.apache.org/r/50030/diff/


Testing
---

Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure 
cluster.


Thanks,

Mugdha Varadkar

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

Re: Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

Review Request 50030: AMBARI-17688 Ranger stack changes in Ambari to support secure Solr

7 matches

Site Navigation

Mail list logo

Footer information