ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pradeep Agrawal <pradeepagrawal8...@gmail.com>
Subject Re: Review Request 69347: RANGER-2286: Ranger install may be prevented by leftover DB entry
Date Thu, 15 Nov 2018 18:44:57 GMT


> On Nov. 15, 2018, 3:40 p.m., Velmurugan Periasamy wrote:
> > security-admin/scripts/db_setup.py
> > Lines 485 (patched)
> > <https://reviews.apache.org/r/69347/diff/1/?file=2108095#file2108095line585>
> >
> >     1] Would be better to isolate this logic to a method so that it can be reused
instead of repeating in all places, i.e. import_db_patches, execute_java_patches, change_admin_default_password,
change_all_admin_default_password, import_core_db_schema all of these places have the same
logic.
> >     
> >     2] Should this 10 min be made configurable?

1) Will be tracking it separately with RANGER-2287
2) I have introduced one variable at line 32 to make it configurable. but currently it may
not be possible for all db specifically postgres however will explore this further.


- Pradeep


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69347/#review210579
-----------------------------------------------------------


On Nov. 15, 2018, 1:43 p.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69347/
> -----------------------------------------------------------
> 
> (Updated Nov. 15, 2018, 1:43 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P,
Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2286
>     https://issues.apache.org/jira/browse/RANGER-2286
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Before execution of any db/java patch db_setup.py file makes an
entry in x_db_version_h table for that patch version and keep status active='N'. after this
it steps ahead and try to apply the patch. if patch gets applies then active status is updated
to 'Y'. if patch execution fails then it deletes that entry and terminates ranger installation
so that user can retry the ranger install process. Sometime due to network or a runtime error
Ranger could not change the active status to 'Y' or delete the entry in that case ranger install
may be prevented due to leftover DB entry as the next install attempt may wait for the status
to be 'Y' while it could be possible that there would not be any process which can apply the
patch(this will happen in Non-HA case).
> This prevents any further attempt to install/start Ranger without manually deleting the
entry from the database.
> 
> **Proposed Solution:**
> if entries made by a host is older than 10 minute then ranger setup process will try
to delete such entry and retry the patch execution.
> 
> Patch execution process shall have following rules after this patch.
> 1) Before execution a patch setup process will check whether a patch is applied or not;
if patch is already applied then it will move to next patch.
> 2) If patch is not applied then it will check whether patch status entry exist with active='N'
in x_db_version_h table from any of the host.  
> 3) If patch status entry with active='N' exist in x_db_version_h table for a different
host then ranger setup process will wait untill the another host applies the patch successfully
and update the patch status entry to active='Y'. Please note that patch recheck such entry
in every 2 minutes(default recheck interval)
> 4) If patch status entry with active='N' exist in x_db_version_h table for the same host
then ranger setup process will wait for maximum 10 minutes. After that ranger process will
delete that entry and check the entry again. if entry does not exist then it will try to apply
the patch again else it will wait for forever or unless you delete such entries manually.
 Please note that ranger will be checking the status entry every 2 minutes untill 10 minute
wait time expires.
> 
> **Note**
> 1) Patch has been provided for ranger supported all the db flavors.
> 2) Cureent patch also removes several lines of audit db related dead code which is not
required now.
> 
> 
> Diffs
> -----
> 
>   security-admin/scripts/db_setup.py 73b24aca0 
> 
> 
> Diff: https://reviews.apache.org/r/69347/diff/1/
> 
> 
> Testing
> -------
> 
> **Steps performed for Ranger-admin **
> 
> 1. To reproduce the case first installed ranger-0.7:
> 2. Now from the master branch.
> 3. Created Build with patch and untar the build.
> 4. Opened install.properties and provided db configuration in install.properties which
was provided in ranger-0.7 branch build.
> 5. Called setup.sh
> 6. Ranger setup process shall try to apply the new db/java patches.
> 7. As soon as setup process started executing the patch J10014, terminated the script
by using ctrl+c
> 8. logged into ranger db and ensured that J10014 patch entry has active='N'
> 9. Called the setup.sh again
> 10. setup process waited for the patch J10014 status for sometime and then it deleted
the entry of J10014 patch from x_db_version_h table.
> 11.  setup process continues and applied the patch J10014 successfully.
> 12.  setup process completed successfully after applying all the patches.
> 13.  started ranger-admin and was able to see the ranger-admin dashboard page.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message