[
https://issues.apache.org/jira/browse/AMBARI-25929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17784762#comment-17784762
]
Bhavik Patel commented on AMBARI-25929:
---------------------------------------
Let's include Ranger-KMS support as well.
> Add ranger 2.4 support in ambari bigtop stack
> ----------------------------------------------
>
> Key: AMBARI-25929
> URL: https://issues.apache.org/jira/browse/AMBARI-25929
> Project: Ambari
> Issue Type: Sub-task
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: caijialiang
> Assignee: caijialiang
> Priority: Major
> Fix For: 2.9.0
>
> Attachments: image-2023-05-09-11-08-47-864.png,
> image-2023-05-09-11-08-57-472.png, image-2023-05-09-11-09-14-373.png,
> image-2023-05-09-11-09-22-441.png
>
> Time Spent: 4h
> Remaining Estimate: 0h
>
> Add ranger 2.4 support in ambari bigtop stacks
> h3. Currently, the work of adapting Ranger to Bigtop and Ambari has been
> completed. Due to the large number of issues involved in the adaptation, they
> are summarized as follows:
> h2. apache ambari related issues
> The main issues related to adapting Ranger in Ambari 2.8 are related to the
> advisor functionality. Enabling Ranger would trigger the advisor to recommend
> updates to the component's Ranger-related configurations, thus adapting
> Ranger requires fixing this part first. Otherwise, after enabling Ranger
> plugin in Ambari, manual updates to the Ranger-related configurations would
> still be required.
>
> 1.AMBARI-25894: Missing file service_advisor.py in some serivces (merged)
> [https://github.com/apache/ambari/pull/3677
> |https://github.com/apache/ambari/pull/3677]
>
> 2.AMBARI-25932: Wrong config file name in spark service advisor
> ({*}merged{*})
> https://issues.apache.org/jira/browse/AMBARI-25932
>
> h2. ambari ranger support related issues:
> Here, we additionally adapted Ambari Infra because the Ambari Ranger service
> relies on the Infra client to perform Solr-related automation settings for
> Ranger.
>
> h4. 1.ambari infra PR
> 1.Add support for Ambari Infra in Ambari 2.8 wait for review ({*}merged{*})
> https://issues.apache.org/jira/browse/AMBARI-25933
> h4. 2.ambari ranger service support (wait for merge in next version)
> https://issues.apache.org/jira/browse/AMBARI-25929
> h4. 3.ambari infra service support wait for review (merged)
> [https://github.com/apache/ambari/pull/3696]
> h2. apache bigtop related issues
> To adapt Ranger to Ambari, we need to first build RPM packages related to
> Ranger using Bigtop. The following are the pull requests required for Bigtop
> to support Ranger.
>
> 1.BIGTOP-3925 ranger support {*}({*}{*}merged{*}{*}){*}
> [https://github.com/apache/bigtop/pull/1100]
> 2.BIGTOP-3923: Add missing jars for Ranger {*}({*}{*}merged{*}{*}){*}
> [https://github.com/apache/bigtop/pull/1099]
> 3.BIGTOP-3910: Bigtop-select support Ranger ({*}merged{*})
> [https://github.com/apache/bigtop/pull/1089]
> 4.BIGTOP-3950: fix ranger etc conf dir (in review)
> [https://github.com/apache/bigtop/pull/1120]
>
> Bigtop support for Ranger requires three PRs:
> # BIGTOP-3925: This PR mainly addresses issues with Ranger RPM packaging and
> includes a patch that resolves problems with starting HBase after integrating
> with Ranger.
> # BIGTOP-3923: This PR addresses package dependency issues when running
> "java -cp '/usr/bigtop/current/ranger-usersync/lib/*'
> org.apache.ranger.credentialapi.buildks create
> ranger.usersync.policymgr.password -value [PROTECTED] -provider
> jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks" command.
> # BIGTOP-3910: This PR adds support for Ranger in Bigtop-select.
> h3. ranger related issues:
>
> These are the PRs encountered during the process of adapting Ranger in Bigtop
> Ambari. All 3 PRs have been made into patches and submitted to the
> aforementioned Bigtop Ranger support-related PRs. The review of the related
> issues on the Ranger side is also currently underway.
>
>
> 1.fix Kafka2.8 can't restart after enable ranger plugin
> https://issues.apache.org/jira/browse/RANGER-4228 wait for review
> 2.addresses the issue of HBase not starting after integrating with Ranger due
> to class loading order
> https://issues.apache.org/jira/browse/RANGER-4201 wait for review
> 3.mainly addresses the missing dependency issue when running the Ranger
> command "java -cp '/usr/bigtop/current/ranger-usersync/lib/*'
> org.apache.ranger.credentialapi.buildks create
> ranger.usersync.policymgr.password -value [PROTECTED] -provider
> jceks://file/usr/bigtop/current/ranger-usersync/conf/ugsync.jceks".
> https://issues.apache.org/jira/browse/RANGER-3992 wait for review
> manual test:
> before enable kerberos all compoent works smoonthly
> !image-2023-05-09-11-08-47-864.png!
> !image-2023-05-09-11-08-57-472.png!
> after enable kerberos all compoent works smoonthly
> !image-2023-05-09-11-09-14-373.png!
> !image-2023-05-09-11-09-22-441.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
