ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alok Lal <a...@hortonworks.com>
Subject Re: Question about Ranger architecture
Date Tue, 13 Jan 2015 18:48:07 GMT
Let me build on to what Gautam has said, anticipating a question that you
may have given that our plugins run in-process.  Plugins do rely on the
policy manager (a Separate process running on some different machine on the
cluster) to get updates to policies.  What happens if a plugins can't read
the policy server?  The plugins keep a snapshot of last known valid set of
policies in a durable local cache and hence are resilient to network
partitions that may make policy manager unreachable.

Best,

On Tue, Jan 13, 2015 at 4:21 AM, Gautam Borad <gborad@gmail.com> wrote:

> Hi Hellmar,
>     Good to know that you are planning to use Ranger. Please find my
> answers inline.
>
> On Tue, Jan 13, 2015 at 2:16 PM, Hellmar Becker <becker@hellmar-becker.de>
> wrote:
>
> > Good morning,
> >
> > We are planning to use Ranger to secure our (Hortonworks based) datalake
> > at ING Bank. In this context, a few questions came up:
> >
> > - I read that Ranger deploys plugins to the HDFS, Hive, and HBase
> services
> > that implement access control. Do these plugins run as separate processes
> > or more like dynamic libraries inside the main service?
> >
>
> These plugins run as part of the component (namenode, master, etc)
> processes. There is no separate process that is run.
>
>
> > - What happens if one of the plugins goes down or becomes unavailable?
> > Will the services then be unsecured, or closed to all, or even unable to
> > run?
> >
> >
> As mentioned above, since after installation the plugins are part of the
> actual process, there is no scenario where the "plugins" will go down.
>
>
> > Kind regards,
> > Hellmar Becker
> >
> >
> > ========================================
> > Hellmar Becker
> > Edmond Audranstraat 55
> > NL-3543BG Utrecht
> > mail: becker@hellmar-becker.de
> > mobile: +31 6 29986670
> > ========================================
> >
> >
>
>
> --
> Regards,
> Gautam.
>



-- 
"* ... there is nothing more secure then a computer which is not connected
to the network --- and powered off!...*" - from Kerberos Introduction
<http://web.mit.edu/Kerberos/www/#what_is>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message