Re: Planning for Apache Ranger 2.2.0 release
+1 for Ranger 2.2 release. Thanks Ramesh On Tue, Sep 21, 2021 at 7:47 PM Velmurugan Periasamy wrote: > +1 for Ranger 2.2 release. Thank you Ramesh for coordinating the release. > > > > On Tue, Sep 21, 2021 at 9:42 AM Sailaja Polavarapu < > spolavar...@cloudera.com> wrote: > +1 Thanks Ramesh for putting this together. > - Sailaja. > > On Mon, Sep 20, 2021 at 12:46 PM Abhay Kulkarni ab...@apache.org>> wrote: > +1. > > Thanks, Ramesh. > > On Mon, Sep 20, 2021 at 8:48 AM Ramesh Mani rm...@apache.org>> wrote: > > > > Dear Ranger Community members, > > > > This is the reminder to give your opinion on Apache Ranger Release 2.2.0. > > > > Thanks, > > Ramesh > > > > On Tue, Sep 14, 2021 at 2:48 PM Ramesh Mani rm...@apache.org>> wrote: > >> > >> Dear Ranger Community members, > >> > >> > >> > >> There are many features and fixes done in Apache Ranger Project since > the release of Apache Ranger 2.1.0. These features enhance the quality and > improve the user experience of Apache Ranger overall. > >> > >> > >> > >> Some of the key enhancements/features in this release are > >> > >> > >> > >> Schema changes to improve performance of chained plugin features. > RANGER-3067 > >> > >> Support delegation-admin for specific permissions.RANGER-3122 > >> > >> Kafka Client improvement to use Kafka AdminClient API instead of > Zookeeper. RANGER-3001 > >> > >> GET API service/xusers/users response time improvement. RANGER-3027/ > RANGER-3024 > >> > >> Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 > >> > >> Ranger UI Search by object name in page /reports/audit/admin. > RANGER-3052 > >> > >> Enhancement to trace additional information on resources. RANGER-3065 > >> > >> Improve audit log for Role operations in Ranger Hive authorizer. > RANGER-3170 > >> > >> Audit-filter feature implementation to help reduce volume of audit logs > generated. RANGER-3000 > >> > >> Need feature to make the access log file name configurable for user. > RANGER-3242/RANGER-3241 > >> > >> Upgrade the solr version in Ranger to Solr 8.6.3 for better > performance. RANGER-3091 > >> > >> Enhance Ranger admin REST Client to use cookies for policy, tag and > role download. RANGER-3283 > >> > >> Audit Filter default policies for reducing verbosity in auditing. > RANGER-3260/RANGER-3283 > >> > >> Auditing for HDFS chmod and chown operations. RANGER-3148 > >> > >> Ranger HiveAuthorizer improvements to handle uncharted hive commands. > RANGER-3368 > >> > >> Ranger Access audit page improvement. RANGER-3109 > >> > >> Dockerfile to support building from local repository. RANGER-3012 > >> > >> Performance improvement for Ranger usersync. RANGER-2986 > >> > >> > >> > >> Bug Fixes: > >> > >> In this Apache Ranger release there are around 119 bug fixes done. > >> > >> > >> > >> There are 324 commits with 219 resolved JIRAs in the release branch > ranger-2.2.0 and with these improvements it is time to do the next Apache > Ranger release. > >> > >> > >> Planned timeline to release Apache Ranger 2.2.0 is end of September > 2021. > >> > >> > >> > >> Please review and give your comments. > >> > >> > >> > >> Thanks, > >> > >> Ramesh > >> > >> -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
Re: Using a KeyStore file instead of db_root_password
Hi Sungwoo, Sorry for delayed reply, was caught up on few other tasks. Thanks for the suggestion. Looks like lot of work has been done in this direction. It will be helpful if you can share your solution on review board. On Thu, Aug 1, 2019 at 6:36 PM Sungwoo Park wrote: > Hi Mehul, > > Thanks for clarifying this. As you pointed out, deleting > install.properties after starting Ranger looks like a reasonable solution. > However, there are situations in which deleting install.properties is not a > complete solution. > > 1. Some organizations have an internal policy prohibiting the deployment > of any software system that requires passwords written in text form > somewhere (not because of the security issue but because of rogue users). > > 2. In our case, we are running Ranger as a Kubernetes Pod. We mount > install.properties inside a Pod, which is not deleted automatically. We > decided to mount it as a Kubernetes Secret (instead of a ConfigMap) to > alleviate the security issue. You can find our solution at: > https://mr3.postech.ac.kr/hivek8s/guide/run-ranger/ > > A complete solution to this problem would be to require the user to submit > a KeyStore file that contains all the passwords. (This is what we really > need, because we would like to launch a Ranger service for each user, and > thus we cannot really ask for the password in text form.) With the current > release of Ranger 2.0.0-SNAPSHOT, it seems that this is easy to implement, > except that it does not work for db_root_password, unfortunately. (I think > the current code reads db_root_password in text form to communicate with > the database.) If you think this is feasible with a simple fix, please let > me know, so that we could give it a try. > > Cheers, > > --- Sungwoo > > On Thu, Aug 1, 2019 at 4:43 PM Mehul Parikh wrote: > >> Hi Sungwoo, >> >> Are you installing Ranger Manually ? >> >>- Ranger saves these passwords in Keystore file only, and replaces >>all password values with _ value in ranger-admin-site.xml. >>- You can backup install.properties and then delete that file after >>installing and starting Ranger service. >> >> >> >> On Mon, Jul 22, 2019 at 5:48 PM Sungwoo Park wrote: >> >>> Hello, >>> >>> I have a question on installing Ranger. Currently we specify the >>> password for Ranger database (which is MySQL) with db_root_password in >>> ranger-admin-install.properties, e.g.: >>> >>> db_root_user=root >>> db_root_password=passwd >>> >>> I wonder if there is an alternative way of specifying the password with >>> a KeyStore file (jceks). Or, it the file ranger-admin-install.properties >>> just supposed to be removed after installing Ranger? >>> >>> Thanks, >>> >>> --- Sungwoo Park >>> >> >> >> -- >> >> Thanks and regards, >> Mehul Parikh >> >> M: +91 98191 54446 >> E: xsme...@gmail.com >> > -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
Re: TagSync Conf for SSL Ranger and SSL Atlas
Hi Taher,
Values for these two properties will be path for ranger-policymgr-ssl.xml
and atlas-tagsync-ssl.xml :
- TAG_DEST_RANGER_SSL_CONFIG_FILENAME =
{ranger-tagsync-home}/conf/ranger-policymgr-ssl.xml
- TAG_SOURCE_ATLASREST_SSL_CONFIG_FILENAME =
{ranger-tagsync-home}/conf/atlas-tagsync-ssl.xml
Regards,
Mehul Parikh
On Fri, Jan 5, 2018 at 2:56 PM, Taher Koitawala <taher.koitaw...@gslab.com>
wrote:
> Hi All, I have ranger and Atlas both up on SSL and now I am trying to
> configure ranger-tagsync. Can you guys please tell me what to fill in at
>
> #SSL config file name for HTTPS messages to tag destination - Ranger
> TAG_DEST_RANGER_SSL_CONFIG_FILENAME =
>
> And
>
> # SSL config file name for HTTPS messages to tag source - Atlas-REST
> TAG_SOURCE_ATLASREST_SSL_CONFIG_FILENAME =
>
> Should i give the path to the absolute path to the SSL cert files? Or
> should i have to give the path to the JKS where the cert is added?
>
> Regards,
> Taher Koitawala
>
>
>
--
Thanks and regards,
Mehul Parikh
M: +91 98191 54446
E: xsme...@gmail.com
