Re: Review Request 50612: Hive Ranger plug in broken after upgrade to HDP 2.4.0
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50612/#review144138
---
Ship it!
Ship It!
- Alejandro Fernandez
On July 29, 2016, 5:43 p.m., Dmitro Lisnichenko wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50612/
> ---
>
> (Updated July 29, 2016, 5:43 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
>
>
> Bugs: AMBARI-17964
> https://issues.apache.org/jira/browse/AMBARI-17964
>
>
> Repository: ambari
>
>
> Description
> ---
>
> I've managed to reproduce the issue during Ambari upgrade 2.0.2 to 2.2.1.1.
>
> The issue seems to be that hive_security_authorization is missing in 2.0.2,
> so during upgrade hive_security_authorization it is added with value None
> (because code supports only Kerberos, and not Ranger), and then
> {{hive.security.authorization.manager}} and
> {{hive.security.authenticator.manager}} are immediately removed at
> UpgradeCatalog210 if hive_security_authorization value is None.
>
> {code}
> boolean isHiveSecurityAuthPresent =
> cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization");
> String hiveSecurityAuth="";
>
> if ("kerberos".equalsIgnoreCase(hive_server2_auth) &&
> cluster.getServices().containsKey("KERBEROS")){
> hiveSecurityAuth = "SQLStdAuth";
> isHiveSecurityAuthPresent = true;
> hiveEnvProps.put("hive_security_authorization", hiveSecurityAuth);
> } else {
> if (isHiveSecurityAuthPresent) {
> hiveSecurityAuth =
> cluster.getDesiredConfigByType("hive-env").getProperties().get("hive_security_authorization");
> }
> }
>
> if (isHiveSecurityAuthPresent && "none".equalsIgnoreCase(hiveSecurityAuth)) {
> hiveServerSiteRemoveProps.add("hive.security.authorization.manager");
> hiveServerSiteRemoveProps.add("hive.security.authenticator.manager");
> }
> updateConfigurationPropertiesForCluster(cluster, "hive-env", hiveEnvProps,
> true, true);
> removeConfigurationPropertiesFromCluster(cluster, "hiveserver2-site",
> hiveServerSiteRemoveProps);
> }
> {code}
>
>
> Diffs
> -
>
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
> b958f3a
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
> 72ae7b4
>
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
> f0ec36f
>
> Diff: https://reviews.apache.org/r/50612/diff/
>
>
> Testing
> ---
>
> tested on live cluster
>
> mvn clean test
>
>
> Thanks,
>
> Dmitro Lisnichenko
>
>
Re: Review Request 50612: Hive Ranger plug in broken after upgrade to HDP 2.4.0
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50612/
---
(Updated July 29, 2016, 8:43 p.m.)
Review request for Ambari, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
Bugs: AMBARI-17964
https://issues.apache.org/jira/browse/AMBARI-17964
Repository: ambari
Description
---
I've managed to reproduce the issue during Ambari upgrade 2.0.2 to 2.2.1.1.
The issue seems to be that hive_security_authorization is missing in 2.0.2, so
during upgrade hive_security_authorization it is added with value None (because
code supports only Kerberos, and not Ranger), and then
{{hive.security.authorization.manager}} and
{{hive.security.authenticator.manager}} are immediately removed at
UpgradeCatalog210 if hive_security_authorization value is None.
{code}
boolean isHiveSecurityAuthPresent =
cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization");
String hiveSecurityAuth="";
if ("kerberos".equalsIgnoreCase(hive_server2_auth) &&
cluster.getServices().containsKey("KERBEROS")){
hiveSecurityAuth = "SQLStdAuth";
isHiveSecurityAuthPresent = true;
hiveEnvProps.put("hive_security_authorization", hiveSecurityAuth);
} else {
if (isHiveSecurityAuthPresent) {
hiveSecurityAuth =
cluster.getDesiredConfigByType("hive-env").getProperties().get("hive_security_authorization");
}
}
if (isHiveSecurityAuthPresent && "none".equalsIgnoreCase(hiveSecurityAuth)) {
hiveServerSiteRemoveProps.add("hive.security.authorization.manager");
hiveServerSiteRemoveProps.add("hive.security.authenticator.manager");
}
updateConfigurationPropertiesForCluster(cluster, "hive-env", hiveEnvProps,
true, true);
removeConfigurationPropertiesFromCluster(cluster, "hiveserver2-site",
hiveServerSiteRemoveProps);
}
{code}
Diffs
-
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
b958f3a
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
72ae7b4
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
f0ec36f
Diff: https://reviews.apache.org/r/50612/diff/
Testing (updated)
---
tested on live cluster
mvn clean test
Thanks,
Dmitro Lisnichenko
Review Request 50612: Hive Ranger plug in broken after upgrade to HDP 2.4.0
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50612/
---
Review request for Ambari, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
Bugs: AMBARI-17964
https://issues.apache.org/jira/browse/AMBARI-17964
Repository: ambari
Description
---
I've managed to reproduce the issue during Ambari upgrade 2.0.2 to 2.2.1.1.
The issue seems to be that hive_security_authorization is missing in 2.0.2, so
during upgrade hive_security_authorization it is added with value None (because
code supports only Kerberos, and not Ranger), and then
{{hive.security.authorization.manager}} and
{{hive.security.authenticator.manager}} are immediately removed at
UpgradeCatalog210 if hive_security_authorization value is None.
{code}
boolean isHiveSecurityAuthPresent =
cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization");
String hiveSecurityAuth="";
if ("kerberos".equalsIgnoreCase(hive_server2_auth) &&
cluster.getServices().containsKey("KERBEROS")){
hiveSecurityAuth = "SQLStdAuth";
isHiveSecurityAuthPresent = true;
hiveEnvProps.put("hive_security_authorization", hiveSecurityAuth);
} else {
if (isHiveSecurityAuthPresent) {
hiveSecurityAuth =
cluster.getDesiredConfigByType("hive-env").getProperties().get("hive_security_authorization");
}
}
if (isHiveSecurityAuthPresent && "none".equalsIgnoreCase(hiveSecurityAuth)) {
hiveServerSiteRemoveProps.add("hive.security.authorization.manager");
hiveServerSiteRemoveProps.add("hive.security.authenticator.manager");
}
updateConfigurationPropertiesForCluster(cluster, "hive-env", hiveEnvProps,
true, true);
removeConfigurationPropertiesFromCluster(cluster, "hiveserver2-site",
hiveServerSiteRemoveProps);
}
{code}
Diffs
-
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
b958f3a
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
72ae7b4
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
f0ec36f
Diff: https://reviews.apache.org/r/50612/diff/
Testing
---
mvn clean test
Thanks,
Dmitro Lisnichenko
