> On Nov. 9, 2015, 3:19 p.m., Jonathan Hurley wrote: > > ambari-server/src/main/java/org/apache/ambari/server/checks/RangerPasswordCheck.java, > > lines 84-92 > > <https://reviews.apache.org/r/40099/diff/1/?file=1120697#file1120697line84> > > > > Is this code obsolete since checks are now specified in the upgrade > > pack?
The annotation makes this one always run, and the Ranger endpoints (supposedly) work only for 2.3+. > On Nov. 9, 2015, 3:19 p.m., Jonathan Hurley wrote: > > ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java, > > line 214 > > <https://reviews.apache.org/r/40099/diff/1/?file=1120696#file1120696line214> > > > > Response code is a string? Will that work? %s will do object.toString() > On Nov. 9, 2015, 3:19 p.m., Jonathan Hurley wrote: > > ambari-server/src/main/java/org/apache/ambari/server/checks/RangerPasswordCheck.java, > > lines 58-63 > > <https://reviews.apache.org/r/40099/diff/1/?file=1120697#file1120697line58> > > > > Can these be package protected? No need to be public. Will change. > On Nov. 9, 2015, 3:19 p.m., Jonathan Hurley wrote: > > ambari-server/src/main/java/org/apache/ambari/server/checks/RangerPasswordCheck.java, > > line 73 > > <https://reviews.apache.org/r/40099/diff/1/?file=1120697#file1120697line73> > > > > Should this use the values from Configuration for timeouts? Seeing how it's a check against an internal network resource, 2s seemed reasonable. Especially since there are min 2, max 3 calls means at most 4-6s for both connect and read timeout which wouldn't be good anyway. I can externalize them, but seems a lot of pain for just this (and who's going to go out and change ambari.properties, then restart ambari just to pass a prereq check). A failure due to timeout will result in a WARNING, not FAIL. - Nate ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/40099/#review105735 ----------------------------------------------------------- On Nov. 9, 2015, 3:04 p.m., Nate Cole wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/40099/ > ----------------------------------------------------------- > > (Updated Nov. 9, 2015, 3:04 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan > Hurley, and Velmurugan Periasamy. > > > Bugs: AMBARI-13797 > https://issues.apache.org/jira/browse/AMBARI-13797 > > > Repository: ambari > > > Description > ------- > > Need a prereq check to confirm that Ambari's password for Ranger will work > against the Ranger server. It's possible to change the password using the > Ranger UI, so this check attempts to verify that. > > The Ranger access points are still under investigation, but shouldn't impact > the logic of the code. The general rules are: > > - Try to access Ranger using admin credentials. 401=FAIL, 200=PASS, other or > IOException: WARN. > - If PASS, check to load the users JSON and look for Ranger Admin User. Do > not fail if user doesn't exist (not sync'ed). > - If Ranger Admin User is found, access Ranger with credentials. 401=FAIL, > 200=PASS, other or IOException=WARN. > > We only want to FAIL when it's truly known that the credentials are bad. > Only PASS when it's truly known the credentials are good. WARNING every > other case. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java > 603b279 > > ambari-server/src/main/java/org/apache/ambari/server/checks/RangerPasswordCheck.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/checks/RangerPasswordCheckTest.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/40099/diff/ > > > Testing > ------- > > Manual. Automated pending. > > > Thanks, > > Nate Cole > >