ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 71473: RANGER-2567: Ranger fails to connect wired Solr
Date Thu, 12 Sep 2019 16:08:33 GMT


> On Sept. 12, 2019, 4:04 p.m., Madhan Neethiraj wrote:
> > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
> > Lines 470 (patched)
> > <https://reviews.apache.org/r/71473/diff/2/?file=2164777#file2164777line470>
> >
> >     Instead of updating system properties, I suggest to set SSLContext with:
> >     
> >       SSLConext sslContext = getSSLContext(); // from application config; refer
to RangerRESTClient.getSSLContext()
> >     
> >       SSLContext.setDefault(sslContext);

if calling SSLContext.setDefault() doesn't work, try the following alternate (a little more
involved):

        HttpClientUtil.setSchemaRegistryProvider(new MySchemaRegistryProvider());
        
    private static final class MySchemaRegistryProvider extends HttpClientUtil.SchemaRegistryProvider
{
        private MySchemaRegistryProvider() {
        }

        @Override
        public Registry<ConnectionSocketFactory> getSchemaRegistry() {
            RegistryBuilder<ConnectionSocketFactory> builder = RegistryBuilder.create();

            builder.register("http", PlainConnectionSocketFactory.getSocketFactory());

            SSLContext sslContext = getSslContext();

            if (sslContext != null) {
                builder.register("https", new SSLConnectionSocketFactory(sslContext));
            } else {
                builder.register("https", SSLConnectionSocketFactory.getSystemSocketFactory());
            }

            return builder.build();
        }

        // if application is configured with truststore details, create SslContext
        // else return null
        private SSLContext getSslContext() {
            ...
        }
    }


- Madhan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71473/#review217704
-----------------------------------------------------------


On Sept. 12, 2019, 11:33 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71473/
> -----------------------------------------------------------
> 
> (Updated Sept. 12, 2019, 11:33 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay Kulkarni,
Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikhil P, Nitin Galave, Ramesh Mani, Sailaja
Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2567
>     https://issues.apache.org/jira/browse/RANGER-2567
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> ** Problem Statement: ** Ranger fails to connect wired SSL through configured ranger
truststore file. Currently it works when solr certificate is added in jdk ca certs. Though
in the file PropertiesUtil.java, truststore related System properties has been provided its
not being considered probably Ranger's embeded tomcat server starts prior to load of Ranger's
truststore configs via PropertiesUtil.java.
> 
> ** Proposed Solution: ** Proposed patch contain changes in EmbeddedServer.java file so
that truststore related configs can be initialized prior to Ranger's embeded tomcat server
start.
> 
> 
> Diffs
> -----
> 
>   embeddedwebserver/pom.xml 8574c5721 
>   embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
b39212a79 
>   src/main/assembly/admin-web.xml 449a11243 
> 
> 
> Diff: https://reviews.apache.org/r/71473/diff/2/
> 
> 
> Testing
> -------
> 
> Without patch solr collection was failing and after the patch ranger is able to create
solr collection and ranger UI is able to fetch access audit records from solr.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message