subject:"Re\: Review Request 50791\: AMBARI\-18019 Referring component level identity is not working for ranger\-atlas\-plugin"

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Gautam Borad


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144865
---


Ship it!




Ship It!

- Gautam Borad


On Aug. 4, 2016, 6:48 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Jayush Luniya


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144834
---


Ship it!




Ship It!

- Jayush Luniya


On Aug. 4, 2016, 6:48 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Alejandro Fernandez


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144821
---


Ship it!




Ship It!

- Alejandro Fernandez


On Aug. 4, 2016, 6:48 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Mugdha Varadkar



> On Aug. 4, 2016, 4:39 p.m., Jayush Luniya wrote:
> > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json,
> >  line 13
> > 
> >
> > folder should be common-services/ATLAS/0.7.0. The "2.5" is HDP specific 
> > versioning and shouldnt be in common-services

Removed changes done common-service version in updated patch


- Mugdha


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144780
---


On Aug. 4, 2016, 6:48 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Mugdha Varadkar



> On Aug. 4, 2016, 4:48 p.m., Jayush Luniya wrote:
> > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml,
> >  line 25
> > 
> >
> > We should not setting any properties with value that has "hdp" 
> > hardcoded in it in common-services. This should be set to whatever is the 
> > Apache default and then overridden in the HDP stack. 
> > 
> > Refer:
> > 
> > https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml#L22-L27
> > 
> > and
> > 
> > 
> > https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml#L22-L27

Removed changes done common-service version in updated patch


> On Aug. 4, 2016, 4:48 p.m., Jayush Luniya wrote:
> > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml,
> >  line 43
> > 
> >
> > No hdp hardcoding in common-services

Removed changes done common-service version in updated patch


- Mugdha


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144781
---


On Aug. 4, 2016, 6:48 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Mugdha Varadkar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/
---

(Updated Aug. 4, 2016, 6:48 p.m.)


Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
Robert Levas, and Velmurugan Periasamy.


Changes
---

Updated review with fix for the issue itself and dropped changes done 
common-service version.


Bugs: AMBARI-18019
https://issues.apache.org/jira/browse/AMBARI-18019


Repository: ambari


Description
---

In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
{
  "name": "/ATLAS/ATLAS_SERVER/atlas",
  "principal": {
"configuration": 
"ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
  },
  "keytab": {
"configuration": 
"ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
  }
}
However these configs are not being available at ranger-atlas-audit.xml

This occurs because the Kerberos Descriptors does not allow using the same 
identity name more than once.
After AMBARI-17993 fix this is made possible by using reference tag.


Changes include:
1) updating kerberos.json
2) moving ranger related configs file from 
/stacks/HDP/2.5/services/ATLAS/configuration to 
/common-services/ATLAS/0.7.0.2.5/configuration as common service version 
0.7.0.2.5 is maintained.


Diffs (updated)
-

  
ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json 
2be4b7d 
  
ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
 43c767d 

Diff: https://reviews.apache.org/r/50791/diff/


Testing
---

Tested Atlas installation in secure mode with and without Ranger


Thanks,

Mugdha Varadkar

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Alejandro Fernandez



> On Aug. 4, 2016, 4:51 p.m., Jayush Luniya wrote:
> > I would recommend that break this patch into 2 parts 
> > 1. Fix for the issue itself that can go into trunk and 2.4
> > 2. Refactoring into common-services that can go in trunk and 2.5
> > 
> > That way you are not blocked on 2.4 commit.

Agree, fix the hdp hardcoding in another patch


- Alejandro


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144782
---


On Aug. 4, 2016, 12:39 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 12:39 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-audit.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-plugin-properties.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-security.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/metainfo.xml 
> 630d403 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  36677a1 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
>  fd623cb 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
>  dcffb63 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
>  ea0a026 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/metainfo.xml 
> 4ba59d5 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Jayush Luniya


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144782
---



I would recommend that break this patch into 2 parts 
1. Fix for the issue itself that can go into trunk and 2.4
2. Refactoring into common-services that can go in trunk and 2.5

That way you are not blocked on 2.4 commit.

- Jayush Luniya


On Aug. 4, 2016, 12:39 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 12:39 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-audit.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-plugin-properties.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-security.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/metainfo.xml 
> 630d403 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  36677a1 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
>  fd623cb 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
>  dcffb63 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
>  ea0a026 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/metainfo.xml 
> 4ba59d5 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Jayush Luniya


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144781
---




ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml
 (line 25)


We should not setting any properties with value that has "hdp" hardcoded in 
it in common-services. This should be set to whatever is the Apache default and 
then overridden in the HDP stack. 

Refer:

https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml#L22-L27

and


https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml#L22-L27



ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml
 (line 43)


No hdp hardcoding in common-services



ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-security.xml
 (line 45)


No hdp hardcoding in common-services


- Jayush Luniya


On Aug. 4, 2016, 12:39 p.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 12:39 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-audit.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-plugin-properties.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-security.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/metainfo.xml 
> 630d403 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  36677a1 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
>  fd623cb 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
>  dcffb63 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
>  ea0a026 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/metainfo.xml 
> 4ba59d5 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

2016-08-04 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50791/#review144757
---


Ship it!




Ship It!

- Robert Levas


On Aug. 4, 2016, 8:39 a.m., Mugdha Varadkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50791/
> ---
> 
> (Updated Aug. 4, 2016, 8:39 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jayush Luniya, 
> Robert Levas, and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-18019
> https://issues.apache.org/jira/browse/AMBARI-18019
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> In-order to support AMBARI-17902 changes for ranger-atlas plugin, trying to 
> accommodate below code in common-services/ATLAS/0.7.0.2.5/kerberos.json.
> {
>   "name": "/ATLAS/ATLAS_SERVER/atlas",
>   "principal": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
>   },
>   "keytab": {
> "configuration": 
> "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
>   }
> }
> However these configs are not being available at ranger-atlas-audit.xml
> 
> This occurs because the Kerberos Descriptors does not allow using the same 
> identity name more than once.
> After AMBARI-17993 fix this is made possible by using reference tag.
> 
> 
> Changes include:
> 1) updating kerberos.json
> 2) moving ranger related configs file from 
> /stacks/HDP/2.5/services/ATLAS/configuration to 
> /common-services/ATLAS/0.7.0.2.5/configuration as common service version 
> 0.7.0.2.5 is maintained.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-audit.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-plugin-properties.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-policymgr-ssl.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/ranger-atlas-security.xml
>  PRE-CREATION 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
>  2be4b7d 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/metainfo.xml 
> 630d403 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
>  43c767d 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
>  36677a1 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
>  fd623cb 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
>  dcffb63 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
>  ea0a026 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/metainfo.xml 
> 4ba59d5 
> 
> Diff: https://reviews.apache.org/r/50791/diff/
> 
> 
> Testing
> ---
> 
> Tested Atlas installation in secure mode with and without Ranger
> 
> 
> Thanks,
> 
> Mugdha Varadkar
> 
>

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

Re: Review Request 50791: AMBARI-18019 Referring component level identity is not working for ranger-atlas-plugin

10 matches

Site Navigation

Mail list logo

Footer information