This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 06539de3b27 HDDS-14813. Bump Ranger to 2.8.0 (#9909)
06539de3b27 is described below
commit 06539de3b2797c5a5da023cccfc0e326139914e7
Author: fmorg-git <[email protected]>
AuthorDate: Thu Mar 12 02:38:59 2026 -0700
HDDS-14813. Bump Ranger to 2.8.0 (#9909)
---
.../dist/src/main/compose/common/ranger.yaml | 26 +++++++++++++++++++---
.../src/main/compose/ozonesecure-ha/ranger.yaml | 4 ++--
.../src/main/compose/ozonesecure-ha/test-ranger.sh | 6 ++++-
hadoop-ozone/dist/src/main/compose/testlib.sh | 2 +-
hadoop-ozone/dist/src/main/k8s/examples/testlib.sh | 2 +-
hadoop-ozone/dist/src/main/license/bin/LICENSE.txt | 5 ++++-
hadoop-ozone/dist/src/main/license/jar-report.txt | 5 ++++-
hadoop-ozone/multitenancy-ranger/pom.xml | 20 +++++++++++++++++
pom.xml | 2 +-
9 files changed, 61 insertions(+), 11 deletions(-)
diff --git a/hadoop-ozone/dist/src/main/compose/common/ranger.yaml
b/hadoop-ozone/dist/src/main/compose/common/ranger.yaml
index ab3676f3ba7..8ecc69afcff 100644
--- a/hadoop-ozone/dist/src/main/compose/common/ranger.yaml
+++ b/hadoop-ozone/dist/src/main/compose/common/ranger.yaml
@@ -26,7 +26,8 @@ services:
environment:
POSTGRES_PASSWORD: "rangerR0cks!"
volumes:
- -
${RANGER_SOURCE_DIR}/dev-support/ranger-docker/config/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh
+ # The location of the init_postgres.sh file changed in Ranger 2.8
+ -
${RANGER_SOURCE_DIR}/dev-support/ranger-docker/scripts/rdbms/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh
healthcheck:
test: 'su -c "pg_isready -q" postgres'
interval: 10s
@@ -35,7 +36,7 @@ services:
ranger:
image: ${RANGER_IMAGE}:${RANGER_IMAGE_VERSION}
- hostname: ranger
+ hostname: ranger-admin.rangernw
dns_search: .
ports:
- 6080:6080
@@ -43,8 +44,27 @@ services:
ranger-db:
condition: service_healthy
environment:
+ POSTGRES_PASSWORD: "rangerR0cks!"
+ RANGER_DB_USER: "rangeradmin"
+ RANGER_DB_PASSWORD: "rangerR0cks!"
RANGER_DB_TYPE: postgres
- RANGER_VERSION:
+ RANGER_DB_FLAVOR: POSTGRES
+ RANGER_DB_ROOT_USER: "postgres"
+ RANGER_ADMIN_DB_ROOT_PASSWORD: "rangerR0cks!"
+ RANGER_AUDIT_DB_ROOT_PASSWORD: "rangerR0cks!"
+ RANGER_ADMIN_DB_HOST: "ranger-db"
+ RANGER_ADMIN_DB_PORT: "5432"
+ RANGER_ADMIN_DB_DBNAME: "ranger"
+ RANGER_ADMIN_DB_USERNAME: "rangeradmin"
+ RANGER_ADMIN_DB_PASSWORD: "rangerR0cks!"
+ RANGER_AUDIT_DB_HOST: "ranger-db"
+ RANGER_AUDIT_DB_PORT: "5432"
+ RANGER_AUDIT_DB_DBNAME: "ranger"
+ RANGER_AUDIT_DB_USERNAME: "rangeradmin"
+ RANGER_AUDIT_DB_PASSWORD: "rangerR0cks!"
+ RANGER_VERSION: ${RANGER_VERSION}
+ volumes:
+ -
${RANGER_SOURCE_DIR}/dev-support/ranger-docker/scripts/admin/ranger-admin-install-postgres.properties:/opt/ranger/admin/install.properties
healthcheck:
test: 'grep "Successfully retrieved .*dev_ozone"
/var/log/ranger/ranger-admin*log'
interval: 2s
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/ranger.yaml
b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/ranger.yaml
index 0449721e174..5cc29a13424 100644
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/ranger.yaml
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/ranger.yaml
@@ -27,8 +27,8 @@ x-om-ranger-config:
OZONE-SITE.XML_ozone.om.tenant.dev.skip.ranger: "false"
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.forceNonKerberos: "true"
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.policy.rest.url:
"http://ranger:6080";
-
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.policy.rest.client.username:
"hdfs"
-
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.policy.rest.client.password:
"hdfs"
+
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.policy.rest.client.username:
"admin"
+
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.policy.rest.client.password:
"rangerR0cks!"
RANGER-OZONE-SECURITY.XML_ranger.plugin.ozone.service.name: "dev_ozone"
volumes:
- ../..:/opt/hadoop
diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/test-ranger.sh
b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/test-ranger.sh
index c87df56ff03..e0eed6bbfeb 100755
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/test-ranger.sh
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure-ha/test-ranger.sh
@@ -43,8 +43,12 @@ download_and_verify_apache_release
"ranger/${RANGER_VERSION}/apache-ranger-${RAN
tar -C "${DOWNLOAD_DIR}" -x -z -f
"${DOWNLOAD_DIR}/apache-ranger-${RANGER_VERSION}.tar.gz"
export RANGER_SOURCE_DIR="${DOWNLOAD_DIR}/apache-ranger-${RANGER_VERSION}"
chmod -R a+rX "${RANGER_SOURCE_DIR}"
-chmod a+x "${RANGER_SOURCE_DIR}"/dev-support/ranger-docker/config/*.sh
+# Ranger docker support scripts moved between releases (eg: from config/*.sh
to scripts/**).
+# Ensure we don't fail if a glob doesn't match, but still make init scripts
executable when present.
+if [[ -d "${RANGER_SOURCE_DIR}/dev-support/ranger-docker" ]]; then
+ find "${RANGER_SOURCE_DIR}/dev-support/ranger-docker" -type f -name '*.sh'
-exec chmod a+x {} +
+fi
download_and_verify_apache_release
"ranger/${RANGER_VERSION}/plugins/ozone/ranger-${RANGER_VERSION}-ozone-plugin.tar.gz"
tar -C "${DOWNLOAD_DIR}" -x -z -f
"${DOWNLOAD_DIR}/ranger-${RANGER_VERSION}-ozone-plugin.tar.gz"
export
RANGER_OZONE_PLUGIN_DIR="${DOWNLOAD_DIR}/ranger-${RANGER_VERSION}-ozone-plugin"
diff --git a/hadoop-ozone/dist/src/main/compose/testlib.sh
b/hadoop-ozone/dist/src/main/compose/testlib.sh
index 040d9c1db1c..0dc67bff490 100755
--- a/hadoop-ozone/dist/src/main/compose/testlib.sh
+++ b/hadoop-ozone/dist/src/main/compose/testlib.sh
@@ -251,7 +251,7 @@ execute_robot_test(){
-v OM_SERVICE_ID:"${OM_SERVICE_ID:-om}" \
-v OZONE_DIR:"${OZONE_DIR}" \
-v SCM:"${SCM}" \
- ${ARGUMENTS[@]} --log NONE --report NONE --output "$OUTPUT_PATH" \
+ ${ARGUMENTS[@]-} --log NONE --report NONE --output "$OUTPUT_PATH" \
"$SMOKETEST_DIR_INSIDE/$TEST"
local -i rc=$?
diff --git a/hadoop-ozone/dist/src/main/k8s/examples/testlib.sh
b/hadoop-ozone/dist/src/main/k8s/examples/testlib.sh
index 5d03235a2f0..81fc26f70f5 100644
--- a/hadoop-ozone/dist/src/main/k8s/examples/testlib.sh
+++ b/hadoop-ozone/dist/src/main/k8s/examples/testlib.sh
@@ -180,7 +180,7 @@ execute_robot_test() {
kubectl exec -it "${CONTAINER}" -- bash -c 'rm -rf /tmp/report'
kubectl exec -it "${CONTAINER}" -- bash -c 'mkdir -p /tmp/report'
- kubectl exec -it "${CONTAINER}" -- robot --nostatusrc -d /tmp/report
${ARGUMENTS[@]} || true
+ kubectl exec -it "${CONTAINER}" -- robot --nostatusrc -d /tmp/report
${ARGUMENTS[@]-} || true
kubectl cp "${CONTAINER}":/tmp/report/output.xml
"result/$CONTAINER-$RANDOM.xml" || true
}
diff --git a/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt
b/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt
index fda1e61820a..b0e0598621e 100644
--- a/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt
+++ b/hadoop-ozone/dist/src/main/license/bin/LICENSE.txt
@@ -246,6 +246,8 @@ EPL 2.0
CDDL 1.1 + GPLv2 with classpath exception
=====================
+ com.sun.xml.bind:jaxb-core
+ com.sun.xml.bind:jaxb-impl
com.sun.istack:istack-commons-runtime
com.sun.jersey:jersey-client
com.sun.jersey:jersey-core
@@ -307,7 +309,6 @@ Apache License 2.0
commons-digester:commons-digester
commons-httpclient:commons-httpclient
commons-io:commons-io
- commons-lang:commons-lang
commons-net:commons-net
commons-validator:commons-validator
commons-fileupload:commons-fileupload
@@ -402,10 +403,12 @@ Apache License 2.0
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.ranger:ranger-audit-core
+ org.apache.ranger:ranger-authz-api
org.apache.ranger:ranger-intg
org.apache.ranger:ranger-plugin-classloader
org.apache.ranger:ranger-plugin-common
org.apache.ranger:ranger-plugin-cred
+ org.apache.ranger:ugsync-util
org.apache.ratis:ratis-client
org.apache.ratis:ratis-common
org.apache.ratis:ratis-grpc
diff --git a/hadoop-ozone/dist/src/main/license/jar-report.txt
b/hadoop-ozone/dist/src/main/license/jar-report.txt
index 862e779e23c..17f19234a9a 100644
--- a/hadoop-ozone/dist/src/main/license/jar-report.txt
+++ b/hadoop-ozone/dist/src/main/license/jar-report.txt
@@ -31,7 +31,6 @@ share/ozone/lib/commons-daemon.jar
share/ozone/lib/commons-digester.jar
share/ozone/lib/commons-io.jar
share/ozone/lib/commons-lang3.jar
-share/ozone/lib/commons-lang.jar
share/ozone/lib/commons-net.jar
share/ozone/lib/commons-pool2.jar
share/ozone/lib/commons-text.jar
@@ -111,6 +110,8 @@ share/ozone/lib/javax.el-api.jar
share/ozone/lib/javax.inject.jar
share/ozone/lib/javax.interceptor-api.jar
share/ozone/lib/javax.servlet-api.jar
+share/ozone/lib/jaxb-core.jar
+share/ozone/lib/jaxb-impl.jar
share/ozone/lib/jaxb-runtime.jar
share/ozone/lib/jcip-annotations.jar
share/ozone/lib/jcl-over-slf4j.jar
@@ -241,6 +242,7 @@ share/ozone/lib/protobuf-java.jar
share/ozone/lib/protobuf-java.jar
share/ozone/lib/proto-google-common-protos.jar
share/ozone/lib/ranger-audit-core.jar
+share/ozone/lib/ranger-authz-api.jar
share/ozone/lib/ranger-intg.jar
share/ozone/lib/ranger-plugin-classloader.jar
share/ozone/lib/ranger-plugins-common.jar
@@ -276,6 +278,7 @@ share/ozone/lib/spring-tx.jar
share/ozone/lib/sqlite-jdbc.jar
share/ozone/lib/stax2-api.jar
share/ozone/lib/txw2.jar
+share/ozone/lib/ugsync-util.jar
share/ozone/lib/vault-java-driver.jar
share/ozone/lib/weld-servlet-shaded.Final.jar
share/ozone/lib/woodstox-core.jar
diff --git a/hadoop-ozone/multitenancy-ranger/pom.xml
b/hadoop-ozone/multitenancy-ranger/pom.xml
index 526171a750e..7d09d773e90 100644
--- a/hadoop-ozone/multitenancy-ranger/pom.xml
+++ b/hadoop-ozone/multitenancy-ranger/pom.xml
@@ -56,6 +56,10 @@
<groupId>com.google.cloud.bigdataoss</groupId>
<artifactId>gcs-connector</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.code.findbugs</groupId>
+ <artifactId>jsr305</artifactId>
+ </exclusion>
<exclusion>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
@@ -69,10 +73,26 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>javax.activation</groupId>
+ <artifactId>javax.activation-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ </exclusion>
<exclusion>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-client-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-client-runtime</artifactId>
+ </exclusion>
<exclusion>
<groupId>org.apache.hive</groupId>
<artifactId>hive-storage-api</artifactId>
diff --git a/pom.xml b/pom.xml
index 0d3b6eacc43..696eb499952 100644
--- a/pom.xml
+++ b/pom.xml
@@ -193,7 +193,7 @@
<proto-backwards-compatibility.version>1.0.7</proto-backwards-compatibility.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
<protobuf.version>3.25.8</protobuf.version>
- <ranger.version>2.7.0</ranger.version>
+ <ranger.version>2.8.0</ranger.version>
<!-- versions included in ratis-thirdparty, update in sync -->
<ratis-thirdparty.grpc.version>1.75.0</ratis-thirdparty.grpc.version>
<ratis-thirdparty.netty.version>4.1.127.Final</ratis-thirdparty.netty.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
