> On July 14, 2016, 6:30 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py, > > line 630 > > <https://reviews.apache.org/r/50030/diff/1/?file=1443856#file1443856line630> > > > > Whynot use `hive_server2_keytab` from line 336? > > > > ``` > > hive_server2_keytab = > > config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab'] > > ```
hive_server2_keytab variable seems to be used in python code under appropriate if "security_enabled" conditions. However in our case the variable is to be consumed in xml, which does not have support for if. And it will break with configuration not available error in case of simple mode. That is the reason i used a new variable. Do you have a better approach? Maybe i can add an "if security_enabled:" condition for the declaration of hive_server2_keytab variable, but not sure if it will break something. > On July 14, 2016, 6:30 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py, > > line 191 > > <https://reviews.apache.org/r/50030/diff/1/?file=1443855#file1443855line191> > > > > `master_keytab_path` is not be set/created if `securiry_enabled` is > > `false`. This may cause an issue down the road if some other variable > > needs it... For Example: > > > > ``` > > ranger_hbase_keytab = master_keytab_path > > ``` > > > > Note: the above example will only exeucte if `security_enabled` is > > `true`; but this is still a possible issue. Please see my comment for hive_server2_keytab. Same applies here also. > On July 14, 2016, 6:30 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py, > > line 240 > > <https://reviews.apache.org/r/50030/diff/1/?file=1443862#file1443862line240> > > > > please verify the indent on this line, it appears to be a character off. Updated in latest patch > On July 14, 2016, 6:30 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py, > > line 1504 > > <https://reviews.apache.org/r/50030/diff/1/?file=1443864#file1443864line1504> > > > > The existance of KERBEROS in the services list does not indicate > > whether Kerberos is enabled or not. Use `cluster-env/security_enabled`, > > which used by the `isSecurityEnabled` - see > > `stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled` Updated in latest patch > On July 14, 2016, 6:30 p.m., Robert Levas wrote: > > ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py, > > lines 1629-1632 > > <https://reviews.apache.org/r/50030/diff/1/?file=1443874#file1443874line1629> > > > > The existance or non-existance of the KERBEROS service should not be > > used to determine if Kerberos is enabled. Use > > `stacks.stack_advisor.DefaultStackAdvisor#isSecurityEnabled` instead. Updated in latest patch - Mugdha ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50030/#review142261 ----------------------------------------------------------- On July 15, 2016, 8:43 a.m., Mugdha Varadkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50030/ > ----------------------------------------------------------- > > (Updated July 15, 2016, 8:43 a.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan > Hurley, Jayush Luniya, Robert Levas, Srimanth Gunturi, and Velmurugan > Periasamy. > > > Bugs: AMBARI-17688 > https://issues.apache.org/jira/browse/AMBARI-17688 > > > Repository: ambari > > > Description > ------- > > Below properties should be introduced to Ranger admin and plugins to support > secure Solr. Also recommend for plugin in any of the below property chnages > on Ranger Admin: > > xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginModule > xasecure.audit.jaas.Client.loginModuleControlFlag=required > xasecure.audit.jaas.Client.option.useKeyTab=true > xasecure.audit.jaas.Client.option.storeKey=false > xasecure.audit.jaas.Client.option.serviceName=solr > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py > 145c216 > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py > 6bb2cbc > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py > fad4b9b > > ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py > 529ac8c > > ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml > 1b2b5e0 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml > 341cff7 > > ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json > 3f50774 > > ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py > dfcad32 > > ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml > d3f9143 > ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py > e570a5b7 > ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py > 2a2a3a3 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml > efeea5f > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml > 019602a > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml > d3f9143 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml > 02b7565 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml > d3f9143 > ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py > 5fccb2a > ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py > 86bf14d > ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py > a6baeea > ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json > 67b00a1 > ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json > 9911e10 > ambari-web/app/data/HDP2/site_properties.js 23fbf5e > ambari-web/app/models/stack_service.js c63df3d > > Diff: https://reviews.apache.org/r/50030/diff/ > > > Testing > ------- > > Tested Ranger and Ranger Plugins Installation with Logsearch solr on secure > cluster. > > > Thanks, > > Mugdha Varadkar > >
