ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alok Lal" <a...@hortonworks.com>
Subject Re: Review Request 42063: Enable tagsync to run in secure mode
Date Mon, 11 Jan 2016 08:54:37 GMT


> On Jan. 8, 2016, 8:12 a.m., Madhan Neethiraj wrote:
> > src/main/assembly/tagsync.xml, line 72
> > <https://reviews.apache.org/r/42063/diff/1/?file=1187234#file1187234line72>
> >
> >     I guess this is needed only for dev-testing. Please review and remember to remove
before pushing the commit.
> 
> Madhan Neethiraj wrote:
>     After looking further, I understand audit library reference is added to use MiscUtil.authWithConfig().
I think it will be cleaner to move this implementation to plugins-common library and have
tagsync (and MiscUtil.authWithConfig()) use the implementation in plugins-common.

Common depends on audit.  Upstream projects of audit are: agents-cred and ranger-solrj


> On Jan. 8, 2016, 8:12 a.m., Madhan Neethiraj wrote:
> > tagsync/scripts/install.properties, line 61
> > <https://reviews.apache.org/r/42063/diff/1/?file=1187236#file1187236line61>
> >
> >     Looking at the contents of this file, I guess this patch is from tag-policy
branch. That branch is no more used for development. Please create the patch from master branch.

I have the patch ready for master.  to make it easy to see changes, I am submitting this patch
on an old branch.  I have verified that it applies on master.


> On Jan. 8, 2016, 8:12 a.m., Madhan Neethiraj wrote:
> > tagsync/scripts/setup.py, line 273
> > <https://reviews.apache.org/r/42063/diff/1/?file=1187238#file1187238line273>
> >
> >     Review how jassFilenameFileName file would be updated in Ambari managed cluster.
For example, the jass file location configuration is updated in Ambari, how will jaasFilenameFileName
be refreshed?
> >     
> >     One option to consider is to not use jassFilenameFileName file at all. The startup
script should read the configuraion directly from ranger-tagsync-site.xml. To help read the
config file, a simple Java program can be used - similar to XmlConfigChanger.java used to
update config files during install.

Done.


- Alok


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42063/#review113482
-----------------------------------------------------------


On Jan. 11, 2016, 12:54 a.m., Alok Lal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42063/
> -----------------------------------------------------------
> 
> (Updated Jan. 11, 2016, 12:54 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-801
>     https://issues.apache.org/jira/browse/RANGER-801
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Enable tagsync to run in secure mode.  Please ignore prior review request for this change.
> - Since kafka clients only work with jass files, this change does authentication only
using jass files.  Thanks @Abhay for that feedback during my offline discussion.
> - service command passes the jass file argument during startup.
> 
> 
> Diffs
> -----
> 
>   agents-installer/pom.xml 633da6d 
>   agents-installer/src/main/java/org/apache/ranger/utils/install/ConfigPropertyReader.java
PRE-CREATION 
>   pom.xml d3a7a99 
>   src/main/assembly/tagsync.xml 8adc5cc 
>   tagsync/conf.dist/ranger-tagsync-env-setup-hadoop-home.sh c171d2a 
>   tagsync/conf/templates/installprop2xml.properties 101a1ba 
>   tagsync/conf/templates/ranger-tagsync-template.xml 9a88681 
>   tagsync/scripts/install.properties b5ad580 
>   tagsync/scripts/ranger-tagsync-services.sh ca82ead 
>   tagsync/scripts/setup.py f7455b8 
>   tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java e1b5130

>   tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java 7bae973

> 
> Diff: https://reviews.apache.org/r/42063/diff/
> 
> 
> Testing
> -------
> 
> - Modified the tagsync code by hand to write to hdfs in a secure cluster.
> - Current junits all work.
> 
> 
> Thanks,
> 
> Alok Lal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message