ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj" <mad...@apache.org>
Subject Re: Review Request 42063: Enable tagsync to run in secure mode
Date Fri, 08 Jan 2016 16:12:51 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42063/#review113482
-----------------------------------------------------------



src/main/assembly/tagsync.xml (line 72)
<https://reviews.apache.org/r/42063/#comment174222>

    I guess this is needed only for dev-testing. Please review and remember to remove before
pushing the commit.



tagsync/conf.dist/ranger-tagsync-env-setup-hadoop-home.sh (line 24)
<https://reviews.apache.org/r/42063/#comment174221>

    How about the condition [ $CLASSPATH != "" ]? Shouldn't $HADOOP_HOME/conf be appended
to CLASSPATH?



tagsync/scripts/install.properties (line 61)
<https://reviews.apache.org/r/42063/#comment174220>

    Looking at the contents of this file, I guess this patch is from tag-policy branch. That
branch is no more used for development. Please create the patch from master branch.



tagsync/scripts/setup.py (line 273)
<https://reviews.apache.org/r/42063/#comment174223>

    Review how jassFilenameFileName file would be updated in Ambari managed cluster. For example,
the jass file location configuration is updated in Ambari, how will jaasFilenameFileName be
refreshed?
    
    One option to consider is to not use jassFilenameFileName file at all. The startup script
should read the configuraion directly from ranger-tagsync-site.xml. To help read the config
file, a simple Java program can be used - similar to XmlConfigChanger.java used to update
config files during install.



tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java (line 84)
<https://reviews.apache.org/r/42063/#comment174224>

    Consider renaming the method as doKerberosLogin().


- Madhan Neethiraj


On Jan. 8, 2016, 8:21 a.m., Alok Lal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42063/
> -----------------------------------------------------------
> 
> (Updated Jan. 8, 2016, 8:21 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-801
>     https://issues.apache.org/jira/browse/RANGER-801
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Enable tagsync to run in secure mode.  Please ignore prior review request for this change.
> - Since kafka clients only work with jass files, this change does authentication only
using jass files.  Thanks @Abhay for that feedback during my offline discussion.
> - service command passes the jass file argument during startup.
> 
> 
> Diffs
> -----
> 
>   src/main/assembly/tagsync.xml 8adc5cc 
>   tagsync/conf.dist/ranger-tagsync-env-setup-hadoop-home.sh c171d2a 
>   tagsync/scripts/install.properties b5ad580 
>   tagsync/scripts/ranger-tagsync-services.sh ca82ead 
>   tagsync/scripts/setup.py f7455b8 
>   tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java e1b5130

>   tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java 7bae973

> 
> Diff: https://reviews.apache.org/r/42063/diff/
> 
> 
> Testing
> -------
> 
> - Modified the tagsync code by hand to write to hdfs in a secure cluster.
> - Current junits all work.
> 
> 
> Thanks,
> 
> Alok Lal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message