[
https://issues.apache.org/jira/browse/RANGER-3206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-3206:
--------------------------------------
Description:
During the upgrade Ranger admin may fail applying Java patch to change all
admin password if
hadoop.security.credstore.java-keystore-provider.password-file property is set
in core-site.
This option uses a “side file” that has its location configured in the
hadoop.security.credstore.java-keystore-provider.password-file configuration
property to communicate the password that should be used when interrogating all
of the keystores that are configured in the
hadoop.security.credential.provider.path configuration property.
Solution : Enhanced db_setup.py to read environment value set in
ranger-admin-env*.sh
This fix required below manual steps before upgrade.
1. ssh to ranger admin host
2. cd /etc/ranger/admin/conf/
3. vi ranger-admin-env-credstore.sh
4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the
"ranger-admin-env-credstore.sh" file
5. chown ranger:ranger ranger-admin-env-credstore.sh
6. chmod 755 ranger-admin-env-credstore.sh
was:
During the upgrade Ranger admin may fail applying Java patch to change all
admin password if
hadoop.security.credstore.java-keystore-provider.password-file property is set
in core-site.
This option uses a “side file” that has its location configured in the
hadoop.security.credstore.java-keystore-provider.password-file configuration
property to communicate the password that should be used when interrogating all
of the keystores that are configured in the
hadoop.security.credential.provider.path configuration property.
Solution : Enhance db_setup.py to read environment value set in
ranger-admin-env*.sh
This fix required below manual steps before upgrade.
1. ssh to ranger admin host
2. cd /etc/ranger/admin/conf/
3. vi ranger-admin-env-credstore.sh
4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the
"ranger-admin-env-credstore.sh" file
5. chown ranger:ranger ranger-admin-env-credstore.sh
6. chmod 755 ranger-admin-env-credstore.sh
> Enhance db_setup.py to allow reading env variables set in ranger-admin-env
> scripts
> ----------------------------------------------------------------------------------
>
> Key: RANGER-3206
> URL: https://issues.apache.org/jira/browse/RANGER-3206
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Dineshkumar Yadav
> Assignee: Dineshkumar Yadav
> Priority: Major
>
> During the upgrade Ranger admin may fail applying Java patch to change all
> admin password if
> hadoop.security.credstore.java-keystore-provider.password-file property is
> set in core-site.
> This option uses a “side file” that has its location configured in the
> hadoop.security.credstore.java-keystore-provider.password-file configuration
> property to communicate the password that should be used when interrogating
> all of the keystores that are configured in the
> hadoop.security.credential.provider.path configuration property.
> Solution : Enhanced db_setup.py to read environment value set in
> ranger-admin-env*.sh
> This fix required below manual steps before upgrade.
> 1. ssh to ranger admin host
> 2. cd /etc/ranger/admin/conf/
> 3. vi ranger-admin-env-credstore.sh
> 4. add "export HADOOP_CREDSTORE_PASSWORD=none" in the
> "ranger-admin-env-credstore.sh" file
> 5. chown ranger:ranger ranger-admin-env-credstore.sh
> 6. chmod 755 ranger-admin-env-credstore.sh
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
