ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Luo (Jira)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-2752) Upgrade from 0.7.0 to master fails due to schema issue
Date Sat, 07 Mar 2020 19:58:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054193#comment-17054193
] 

Andrew Luo commented on RANGER-2752:
------------------------------------

The upgrade will fail every time for anyone upgrading without these DB schema change patches,
and policies won't get migrated since the subsequent Java patches won't apply if a preceding
one fails (one of the failing patches, J10015, precedes J10019 which is turns the old policy
schema into the new JSON string schema).

 

My feeling is that if everyone has to apply the patch manually even if it takes a long time,
it would be better for the upgrade to do it automatically.  Besides, these tables are generally
much smaller than the x_policy_item_user_perm table, which was already migrated previously:
[https://github.com/apache/ranger/blob/master/security-admin/db/mysql/patches/024-sortorder-column-size.sql]

 

That said, it's up to you to decide, but I can change the patch to update only the table x_access_type_def
and it would probably fix this specific issue.  But longer term this could become problematic
as the upgrade schema may be different from new installs.

> Upgrade from 0.7.0 to master fails due to schema issue
> ------------------------------------------------------
>
>                 Key: RANGER-2752
>                 URL: https://issues.apache.org/jira/browse/RANGER-2752
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin, Ranger
>    Affects Versions: 0.7.0
>            Reporter: Andrew Luo
>            Priority: Major
>         Attachments: 0001-RANGER-2752-Add-corresponding-upgrade-patch-for-RANGER-2550.patch,
ranger_admin_sql_db_patch.log
>
>
> Upgrading from 0.7.0 to the current master fails with the following error:
>  
> 2020-03-04 07:38:00,523  [JISQL] /usr/lib/jvm/java-8-openjdk-amd64/bin/java  -cp /opt/mysql-connector-java-5.1.48.jar:/opt/ranger-2.1.0-SNAPSHOT-admin/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://ranger-mysql/ranger -u 'ranger'
-p '********' -noheader -trim -c \;  -query "insert into x_db_version_h (version, inst_at,
inst_by, updated_at, updated_by,active) values ('J10015', current_timestamp, 'Ranger 2.1.0-SNAPSHOT',
current_timestamp, '306a9688fa98','N') ;"
> Wed Mar 04 07:38:01 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> 2020-03-04 07:38:01,164  [I] java patch PatchForKafkaServiceDefUpdate_J10015 is being
applied..
> Wed Mar 04 07:38:11 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> Wed Mar 04 07:38:11 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> Wed Mar 04 07:38:11 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> Wed Mar 04 07:38:11 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> Wed Mar 04 07:38:11 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> [EL Warning]: 2020-03-04 07:38:19.282--ClientSession(841450293)--Exception [EclipseLink-4002]
(Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException
> Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Out of range
value for column 'sort_order' at row 1
> Error Code: 1264
> Call: INSERT INTO x_access_type_def (ADDED_BY_ID, CREATE_TIME, datamask_options, def_id,
item_id, label, name, sort_order, rb_key_label, rowfilter_options, UPDATE_TIME, UPD_BY_ID)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
>  bind => [12 parameters bound]
> Query: ValueReadQuery(name="x_access_type_def_SEQ" sql="SELECT LAST_INSERT_ID()")
> 2020-03-04 07:38:19,406  [JISQL] /usr/lib/jvm/java-8-openjdk-amd64/bin/java  -cp /opt/mysql-connector-java-5.1.48.jar:/opt/ranger-2.1.0-SNAPSHOT-admin/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://ranger-mysql/ranger -u 'ranger'
-p '********' -noheader -trim -c \;  -query "delete from x_db_version_h where version = 'J10015'
and active = 'N' and updated_by='306a9688fa98';"
> Wed Mar 04 07:38:19 UTC 2020 WARN: Establishing SSL connection without server's identity
verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements
SSL connection must be established by default if explicit option isn't set. For compliance
with existing applications not using SSL the verifyServerCertificate property is set to 'false'.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and
provide truststore for server certificate verification.
> 2020-03-04 07:38:20,091  [E] applying java patch PatchForKafkaServiceDefUpdate_J10015
failed
>  
> This seems to be due to this commit not having corresponding handling (DDL patch) for
upgrade scenarios: https://github.com/apache/ranger/commit/2a6dd3d078c52cc1314af581f7b8e6c8cdab933a



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message