[jira] [Reopened] (RANGER-2041) Handle validations for passwords of admin accounts during ranger install.
[ https://issues.apache.org/jira/browse/RANGER-2041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Fatima Amjad Khan reopened RANGER-2041: --- > Handle validations for passwords of admin accounts during ranger install. > - > > Key: RANGER-2041 > URL: https://issues.apache.org/jira/browse/RANGER-2041 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.1 >Reporter: Fatima Amjad Khan >Assignee: Fatima Amjad Khan >Priority: Major > Fix For: 1.0.1 > > Attachments: RANGER-2041.patch > > > Currently, when Ranger is installed admin,keyadmin, rangerusersync, > rangertagsync users are seeded users and they are configurable during the > install process. This task is to provide a facility to add validations to the > admin users password during ranger install. Python doesn’t support ‘ ` “ \ so > these characters will not be supported during update of default password of > seeded users in manual install. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (RANGER-2043) Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs
[ https://issues.apache.org/jira/browse/RANGER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel reassigned RANGER-2043: Assignee: bhavik patel (was: Pradeep Agrawal) > Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs > -- > > Key: RANGER-2043 > URL: https://issues.apache.org/jira/browse/RANGER-2043 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: bhavik patel >Priority: Major > Fix For: 1.1.0 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66506: RANGER-2057: ranger-ugsync-default file not found and Log message
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66506/#review200789 --- Ship it! Ship It! - Mehul Parikh On April 9, 2018, 12:06 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66506/ > --- > > (Updated April 9, 2018, 12:06 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-2057 > https://issues.apache.org/jira/browse/RANGER-2057 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Below Error log message was seen as Ranger user-sync > code is trying to read config from ranger-ugsync-default-site.xml file which > doesn't exist. Usersync should read the config from ranger-ugsync-default.xml > file. > > **Proposed Solution:** Change the file name ranger-ugsync-default-site.xml to > ranger-ugsync-default.xml > > > Diffs > - > > > ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java > 3efcb86 > > > Diff: https://reviews.apache.org/r/66506/diff/1/ > > > Testing > --- > > **Ranger Admin installation :** > Steps Performed (with patch) : > 1. After mvn Build; untar the Ranger admin module and updated > install.properties for MySQL DB flavor. > 2. Called setup.sh to install Ranger admin. > 3. untar the Ranger usersync module and updated install.properties. > 4. Called setup.sh to install Ranger usersync. > 5. Started ranger admin and ranger usersync. > > **Expected Behavior : ** > Ranger admin and usersync should start successfully, Ranger usersync log > should not have missing file related error messages. > > **Actual Behavior : ** > Ranger admin and usersync started successfully, Ranger usersync log did not > have any error messages. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 66513: RANGER-2063:Audit log shows multiple table names when only one table is accessed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66513/#review200759 --- Ship it! Ship It! - Madhan Neethiraj On April 9, 2018, 5:21 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66513/ > --- > > (Updated April 9, 2018, 5:21 p.m.) > > > Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-2063 > https://issues.apache.org/jira/browse/RANGER-2063 > > > Repository: ranger > > > Description > --- > > There are multiple table names in the audit record generated when an Hbase > resource containing a table is accessed. > > > Diffs > - > > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java > 1dc06eb17 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java > e705d9797 > > > Diff: https://reviews.apache.org/r/66513/diff/1/ > > > Testing > --- > > Tested with a 'scan' command on a local VM > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 66495: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66495/#review200755 --- Ship it! Ship It! - Madhan Neethiraj On April 8, 2018, 7:52 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66495/ > --- > > (Updated April 8, 2018, 7:52 p.m.) > > > Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy. > > > Bugs: RANGER-2061 > https://issues.apache.org/jira/browse/RANGER-2061 > > > Repository: ranger > > > Description > --- > > It is useful to be able to retrieve user and group based Access Control Lists > from Ranger policies for a given resource. When, given the set of Ranger > policies, permission cannot be determined statically, permission will be > flagged as CONDITIONAL. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java > 5febf956d > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java > f6e462ccc > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java > 9d0b9852b > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java > d5d14a22d > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 3b06f423f > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java > 313a8a96f > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > 5510f6ea3 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineOptions.java > 2bbdcede5 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java > 4e6ca2f62 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java > cd7c3c1c4 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > c539cc0dc > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java > 613a0017d > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java > bd61cfd0a > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContextListener.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 725ed74d0 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java > PRE-CREATION > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > 325626a58 > agents-common/src/test/resources/log4j.xml 926f47ced > agents-common/src/test/resources/policyengine/ACLResourceTags.json > PRE-CREATION > agents-common/src/test/resources/policyengine/test_aclprovider_default.json > PRE-CREATION > > agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json > 11f31e317 > > > Diff: https://reviews.apache.org/r/66495/diff/2/ > > > Testing > --- > > Developed and ran unit tests. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 66513: RANGER-2063:Audit log shows multiple table names when only one table is accessed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66513/#review200745 --- Ship it! Ship It! - Velmurugan Periasamy On April 9, 2018, 5:21 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66513/ > --- > > (Updated April 9, 2018, 5:21 p.m.) > > > Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-2063 > https://issues.apache.org/jira/browse/RANGER-2063 > > > Repository: ranger > > > Description > --- > > There are multiple table names in the audit record generated when an Hbase > resource containing a table is accessed. > > > Diffs > - > > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java > 1dc06eb17 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java > e705d9797 > > > Diff: https://reviews.apache.org/r/66513/diff/1/ > > > Testing > --- > > Tested with a 'scan' command on a local VM > > > Thanks, > > Abhay Kulkarni > >
Review Request 66513: RANGER-2063:Audit log shows multiple table names when only one table is accessed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66513/ --- Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-2063 https://issues.apache.org/jira/browse/RANGER-2063 Repository: ranger Description --- There are multiple table names in the audit record generated when an Hbase resource containing a table is accessed. Diffs - hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java 1dc06eb17 hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java e705d9797 Diff: https://reviews.apache.org/r/66513/diff/1/ Testing --- Tested with a 'scan' command on a local VM Thanks, Abhay Kulkarni
[jira] [Assigned] (RANGER-2063) Audit log shows multiple table names when only one table is accessed
[ https://issues.apache.org/jira/browse/RANGER-2063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni reassigned RANGER-2063: -- Assignee: Abhay Kulkarni > Audit log shows multiple table names when only one table is accessed > > > Key: RANGER-2063 > URL: https://issues.apache.org/jira/browse/RANGER-2063 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: master, 1.1.0 > > > There are multiple table names in the audit record generated when an Hbase > resource containing a table is accessed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2063) Audit log shows multiple table names when only one table is accessed
Abhay Kulkarni created RANGER-2063: -- Summary: Audit log shows multiple table names when only one table is accessed Key: RANGER-2063 URL: https://issues.apache.org/jira/browse/RANGER-2063 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: master Reporter: Abhay Kulkarni Fix For: master, 1.1.0 There are multiple table names in the audit record generated when an Hbase resource containing a table is accessed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66504/ --- (Updated April 9, 2018, 2:55 p.m.) Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Updated Description and Testing done section Bugs: RANGER-2058 https://issues.apache.org/jira/browse/RANGER-2058 Repository: ranger Description (updated) --- **Problem Statement:** Ranger can not communicate to ssl enabled Postgres server **Proposed Solution:** To connect to a SSL Enabled Postgres Server JDBC connection string could be : =>For validating CA: "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true&sslmode=verify-ca". =>For Non validating CA: "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true&org.postgresql.ssl.NonValidatingFactory". The 'ssl=true' property is added to the JDBC URL to attempt to communicate via SSL. The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to bypass certificate validation. The 'sslmode=verify-ca' property is set to connect only if the Postgres server trust certificate is available. If user wants to connect using truststore then he can configure truststore files(certificate information for the postgres server and client both). --- Following properties of install.properties file can be used to provide the SSL config options, keystore and truststore path to connect to SSL enabled Postgres server: db_ssl_enabled= db_ssl_required= db_ssl_verifyServerCertificate= db_ssl_auth_type= javax_net_ssl_keyStore= javax_net_ssl_keyStorePassword= javax_net_ssl_trustStore= javax_net_ssl_trustStorePassword= --- **Rules:** 1. if [db_ssl_enabled=true] then ranger admin/kms JDBC URL will attempt to communicate to postgres via SSL. 2. if [db_ssl_enabled=true and [db_ssl_required=false and db_ssl_verifyServerCertificate=false]] then JDBC url will have parameter 'sslfactory=org.postgresql.ssl.NonValidatingFactory' in it and CA validation will be skipped. 3. if [db_ssl_enabled=true and [db_ssl_required=true or db_ssl_verifyServerCertificate=true]] then JDBC url will have parameter 'sslmode=verify-ca' in it and CA validation will be mandatory. 3.1) if [db_ssl_auth_type=1-way] then User have to provide the certificate and password through truststore properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword) 3.2) if [db_ssl_auth_type=2-way] then User have to provide the keystore and password through keystore properties(javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword) and CA certificate and password through truststore properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword). **Note:** Ranger application and jisql utility should know from where to pick the certificates which can be set in the System properties like this : -Djavax.net.ssl.keyStore=path_to_keystore_file -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=path_to_truststore_file -Djavax.net.ssl.trustStorePassword=password Diffs - kms/scripts/db_setup.py a431b60 kms/scripts/dba_script.py bcd4aa2 kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca security-admin/scripts/db_setup.py b8664d2 security-admin/scripts/dba_script.py 69fff41 security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java edd9d36 Diff: https://reviews.apache.org/r/66504/diff/1/ Testing (updated) --- **Steps Performed(with patch):** Installed Postgres and enabled SSL with the help of doc : https://www.postgresql.org/docs/9.5/static/ssl-tcp.html Untar ranger-admin from Build having changes of proposed patch. Provided ranger db root and admin db details in install.properties. Provided values for below properties of install.properties file. db_ssl_enabled=true db_ssl_required=true db_ssl_verifyServerCertificate=true db_ssl_auth_type=1-way javax_net_ssl_keyStore=/root/keystore javax_net_ssl_keyStorePassword=secret javax_net_ssl_trustStore=/root/truststore javax_net_ssl_trustStorePassword=secret Executed setup.sh script. Tried to start ranger admin service. **Expected behaviour :** Ranger admin should start normally and User should able to see Dashboard page after login. **Actual behaviour :** Ranger admin was started and was able to login and see Ranger UI. **Note :** Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and two-way ssl configurations. Tried below combination of SSL properties also with different ranger db combination to install ranger admin and ranger kms. db_ssl_enabled|db_ssl_required|db_ssl_verifyServerCertificate|db_ssl_auth_type|javax_net_ssl_keyStore javax_net_ssl_trustStore TRUETRUETRUE2-way providedprovided TRUETRUETRUE2-way providednot provided TRUETR
Review Request 66509: RANGER-2060 : Knox proxy with knox-sso is not working for ranger
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66509/ --- Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2060 https://issues.apache.org/jira/browse/RANGER-2060 Repository: ranger Description --- Knox proxy with Knox-SSO is not working in a case when HA is enabled for both Ranger and Knox. If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and knox2.abc.com. If Ranger load-balancer URL is used in the knox topology for knox-proxy ui.xml, redirected url gets corrupted as: knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for Ranger to login. Diffs - security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ec6d78d security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 22ba524 Diff: https://reviews.apache.org/r/66509/diff/1/ Testing --- Verified Knox-SSO and Knox-Proxy authentication to be working for Ranger-Admin in simple and kerberos enabled environments. Thanks, Vishal Suvagia
[jira] [Assigned] (RANGER-2060) Knox proxy with knox-sso is not working for ranger
[ https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vishal Suvagia reassigned RANGER-2060: -- Assignee: Vishal Suvagia > Knox proxy with knox-sso is not working for ranger > -- > > Key: RANGER-2060 > URL: https://issues.apache.org/jira/browse/RANGER-2060 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Deepak Sharma >Assignee: Vishal Suvagia >Priority: Major > Fix For: 1.1.0, 1.0.1 > > Attachments: RANGER-2060.patch > > > Knox proxy with Knox-SSO is not working in a case when HA is enabled for both > Ranger and Knox. > If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as > ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on > knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and > knox2.abc.com. > If Ranger load-balancer URL is used in the knox topology for knox-proxy > ui.xml, redirected url gets corrupted as: > knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger > Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for > Ranger to login. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2060) Knox proxy with knox-sso is not working for ranger
[ https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2060: - Reporter: Deepak Sharma (was: Vishal Suvagia) > Knox proxy with knox-sso is not working for ranger > -- > > Key: RANGER-2060 > URL: https://issues.apache.org/jira/browse/RANGER-2060 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Deepak Sharma >Priority: Major > Fix For: 1.1.0, 1.0.1 > > Attachments: RANGER-2060.patch > > > Knox proxy with Knox-SSO is not working in a case when HA is enabled for both > Ranger and Knox. > If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as > ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on > knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and > knox2.abc.com. > If Ranger load-balancer URL is used in the knox topology for knox-proxy > ui.xml, redirected url gets corrupted as: > knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger > Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for > Ranger to login. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Request to add me as a contributor
Hi Vishal I have added you as contributor. Thank you. Welcome to Ranger community. From: vishal suvagia Reply-To: "dev@ranger.apache.org" Date: Monday, April 9, 2018 at 7:35 AM To: Ranger Subject: Request to add me as a contributor Hi, I would like to contribute to Apache Ranger project. Request to kindly add me as a contributor for Apache Ranger. My full-name is Vishal Suvagia and email-id is vishalsuva...@yahoo.com. and Apache-ID is vishalsuvagia. Thanks and Regards, Vishal Suvagia.
Review Request 66506: RANGER-2057: ranger-ugsync-default file not found and Log message
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66506/ --- Review request for ranger. Bugs: RANGER-2057 https://issues.apache.org/jira/browse/RANGER-2057 Repository: ranger Description --- **Problem Statement:** Below Error log message was seen as Ranger user-sync code is trying to read config from ranger-ugsync-default-site.xml file which doesn't exist. Usersync should read the config from ranger-ugsync-default.xml file. **Proposed Solution:** Change the file name ranger-ugsync-default-site.xml to ranger-ugsync-default.xml Diffs - ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java 3efcb86 Diff: https://reviews.apache.org/r/66506/diff/1/ Testing --- **Ranger Admin installation :** Steps Performed (with patch) : 1. After mvn Build; untar the Ranger admin module and updated install.properties for MySQL DB flavor. 2. Called setup.sh to install Ranger admin. 3. untar the Ranger usersync module and updated install.properties. 4. Called setup.sh to install Ranger usersync. 5. Started ranger admin and ranger usersync. **Expected Behavior : ** Ranger admin and usersync should start successfully, Ranger usersync log should not have missing file related error messages. **Actual Behavior : ** Ranger admin and usersync started successfully, Ranger usersync log did not have any error messages. Thanks, Pradeep Agrawal
Request to add me as a contributor
Hi, I would like to contribute to Apache Ranger project. Request to kindly add me as a contributor for Apache Ranger. My full-name is Vishal Suvagia and email-id is vishalsuva...@yahoo.com. and Apache-ID is vishalsuvagia. Thanks and Regards, Vishal Suvagia.
Request to kindly add me as a contributor in Apache Ranger project
Hi, I would like to contribute to Apache Ranger project. Request to kindly add me vishal suvagia
[jira] [Commented] (RANGER-2060) Knox proxy with knox-sso is not working for ranger
[ https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16430376#comment-16430376 ] Vishal Suvagia commented on RANGER-2060: Request to kindly review the attached patch. > Knox proxy with knox-sso is not working for ranger > -- > > Key: RANGER-2060 > URL: https://issues.apache.org/jira/browse/RANGER-2060 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Vishal Suvagia >Priority: Major > Fix For: 1.1.0, 1.0.1 > > Attachments: RANGER-2060.patch > > > Knox proxy with Knox-SSO is not working in a case when HA is enabled for both > Ranger and Knox. > If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as > ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on > knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and > knox2.abc.com. > If Ranger load-balancer URL is used in the knox topology for knox-proxy > ui.xml, redirected url gets corrupted as: > knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger > Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for > Ranger to login. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2060) Knox proxy with knox-sso is not working for ranger
[ https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vishal Suvagia updated RANGER-2060: --- Attachment: RANGER-2060.patch > Knox proxy with knox-sso is not working for ranger > -- > > Key: RANGER-2060 > URL: https://issues.apache.org/jira/browse/RANGER-2060 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Vishal Suvagia >Priority: Major > Fix For: 1.1.0, 1.0.1 > > Attachments: RANGER-2060.patch > > > Knox proxy with Knox-SSO is not working in a case when HA is enabled for both > Ranger and Knox. > If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as > ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on > knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and > knox2.abc.com. > If Ranger load-balancer URL is used in the knox topology for knox-proxy > ui.xml, redirected url gets corrupted as: > knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger > Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for > Ranger to login. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66504/ --- Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2058 https://issues.apache.org/jira/browse/RANGER-2058 Repository: ranger Description --- **Problem Statement:** Ranger can not communicate to ssl enabled Postgres server **Proposed Solution:** To connect to a SSL Enabled Postgres Server JDBC connection string could be : "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true&sslmode=verify-ca". The 'ssl=true' property is added to the JDBC URL to attempt to communicate via SSL. The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to bypass certificate validation. The 'sslmode=verify-ca' property is set to connect only if the Postgres server trust certificate is available. If user want to connect using truststore then he can configure truststore files(certificate information for the postgres server and client both). Ranger application and jisql utility should know from where to pick the certificates which can be set in the System properties like this : -Djavax.net.ssl.keyStore=path_to_keystore_file -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=path_to_truststore_file -Djavax.net.ssl.trustStorePassword=password Following properties of install.properties file can be use to provide the SSL config options, keystore and truststore path to connect to SSL enabled Postgres server: db_ssl_enabled=false db_ssl_required=false db_ssl_verifyServerCertificate=false javax_net_ssl_keyStore=/etc/postgres/keystore javax_net_ssl_keyStorePassword=secret javax_net_ssl_trustStore=/etc/postgres/truststore javax_net_ssl_trustStorePassword=secret Diffs - kms/scripts/db_setup.py a431b60 kms/scripts/dba_script.py bcd4aa2 kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca security-admin/scripts/db_setup.py b8664d2 security-admin/scripts/dba_script.py 69fff41 security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java edd9d36 Diff: https://reviews.apache.org/r/66504/diff/1/ Testing --- **Steps Performed(with patch):** 1. Installed Postgres and enabled SSL with the help of doc : Untar ranger-admin from Build having changes of proposed patch. Provided ranger db root and admin db details in install.properties. Provided values for below properties of install.properties file. db_ssl_enabled=true db_ssl_required=true db_ssl_verifyServerCertificate=true javax_net_ssl_keyStore=/root/keystore javax_net_ssl_keyStorePassword=secret javax_net_ssl_trustStore=/root/truststore javax_net_ssl_trustStorePassword=secret Executed setup.sh script. Tried to start ranger admin service. **Expected behaviour :** Ranger admin should start normally and User should able to see Dashboard page after login. **Actual behaviour :** Ranger admin was started and was able to login and see Ranger UI. **Note :** Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and two-way ssl configurations. Tried below combination of SSL properties also with different ranger db combination to install ranger admin and ranger kms. db_ssl_enabled | db_ssl_required | db_ssl_verifyServerCertificate true |true |true true |true |false true |false|true true |false|false Thanks, Pradeep Agrawal
[jira] [Updated] (RANGER-2058) Add SSL enabled Postgres support in Ranger Admin
[ https://issues.apache.org/jira/browse/RANGER-2058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2058: Attachment: 0001-RANGER-2058-Add-SSL-enabled-Postgres-support-in-Rang.patch > Add SSL enabled Postgres support in Ranger Admin > > > Key: RANGER-2058 > URL: https://issues.apache.org/jira/browse/RANGER-2058 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 1.1.0, 1.0.1 > > Attachments: > 0001-RANGER-2058-Add-SSL-enabled-Postgres-support-in-Rang.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
