Re: REST api for policies

2014-12-31 Thread Gautam Borad 
*Hi Hanish,The public API*s* ( starting with /service/public/* ) is the
ideal way to communicate with Ranger from outside world. Please use *those*
API. I have documented the parameters for creating a policy and given an
example of HD*FS

*also. I will work on* other API documentation and will make it available
on Ranger wiki soon.

















*Create PolicyAPI NameCreate PolicyRequest TypePOSTRequest
URLservice/public/api/policyRequest Paramsapplication/jsonHDFS Example{ -
"policyName":"HomePolicy", - "resourceName":"/home,/apps",-
"description":"Home",- "repositoryName":"hadoopdev",-
"repositoryType":"hdfs"- "isEnabled":true,- "isRecursive":false,-
"isAuditEnabled":true, "permMapList": [ {   "userList":
[ "john", "andrew"   ],
  "permList": [ "SELECT", "UPDATE"
  ] }, {   "userList": [ "hr"
  ],   "groupList": [ "admin"   ],
  "permList": [ "DROP", "ALTER",
"ADMIN"   ] }   ],}Response200 -
application/json*

On Wed, Dec 31, 2014 at 3:52 PM, Hanish Bansal <
hanish.bansal.agar...@gmail.com> wrote:

> Hi All,
>
> There are two different rest apis to perform operation for policies.
>
> For example:
>
> To create a policy:
> POST http://192.168.145.54:6080/service/assets/resources
> POST http://192.168.145.54:6080/service/public/api/policy
>
>
> I would like to know if someone want to create policy using rest apis then
> which one is recommended to use and why ?
>
> --
> *Thanks & Regards*
> *Hanish Bansal*
>



-- 
Regards,
Gautam.

Re: Ranger Security Admin Web Application build error

2015-01-05 Thread Gautam Borad 
Hi Mahesh,
I was able to do a successful build with my repo pointing at following
hash : 97d8d803

( the latest as of writing this mail )
Also i was able to find the jar in question in my M2 repo dir :
/Users/gautam/.m2/repository/cn/guoyukun/jdbc/oracle-ojdbc6/11.2.0.3.0/

This might be a network issue, can you please try again. Or maybe you can
try the -U option. Eg: mvn clean compile package install assembly:assembly
-U



On Mon, Jan 5, 2015 at 10:24 AM, Mahesh Sankaran 
wrote:

> Hi all ,
>
> I have stuck with apache ranger Security Admin Web Application
> build error.Following is the error which i got.Kindly help me to build and
> install.
>
> [INFO]
>
> [INFO]
> 
> [INFO] Skipping ranger
> [INFO] This project has been banned from the build due to previous
> failures.
> [INFO]
> 
> [INFO]
> 
> [INFO] Reactor Summary:
> [INFO]
> [INFO] ranger  SUCCESS [02:06
> min]
> [INFO] Credential Support  SUCCESS [07:21
> min]
> [INFO] Audit Component ... SUCCESS [
> 29.167 s]
> [INFO] Common library for Plugins  SUCCESS [
> 13.657 s]
> [INFO] Hdfs Security Plugin .. SUCCESS [01:10
> min]
> [INFO] Hive Security Agent ... SUCCESS [05:31
> min]
> [INFO] HBaseSecurityAgents ... SUCCESS [03:23
> min]
> [INFO] Knox Security Plugin .. SUCCESS [01:56
> min]
> [INFO] Credential Builder  SUCCESS [
> 21.000 s]
> [INFO] Storm Security Plugin . SUCCESS [03:10
> min]
> [INFO] Agent Implementation Libary ... SUCCESS [01:08
> min]
> [INFO] Installer Support Component ... SUCCESS [
> 49.435 s]
> [INFO] Embeded Web Server Invoker  SUCCESS [
> 37.422 s]
> [INFO] Resource Lookup API Implementation  SUCCESS [
>  2.788 s]
> [INFO] Unix Authentication Client  SUCCESS [
>  0.546 s]
> [INFO] Security Admin Web Application  FAILURE [05:22
> min]
> [INFO] Unix User Group Synchronizer .. SKIPPED
> [INFO] Unix Authentication Service ... SKIPPED
> [INFO] Unix Native Authenticator . SKIPPED
> [INFO]
> 
> [INFO] BUILD FAILURE
> [INFO]
> 
> [INFO] Total time: 34:31 min
> [INFO] Finished at: 2015-01-05T10:09:14+05:30
> [INFO] Final Memory: 72M/362M
> [INFO]
> 
> [ERROR] Failed to execute goal on project security-admin-web: Could not
> resolve dependencies for project
> org.apache.ranger:security-admin-web:war:0.4.0: Could not find artifact
> cn.guoyukun.jdbc:oracle-ojdbc6:jar:11.2.0.3.0 in apache.snapshots.https (
> https://repository.apache.org/content/repositories/snapshots) -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the
> -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
> [ERROR]
> [ERROR] After correcting the problems, you can resume the build with the
> command
> [ERROR]   mvn  -rf :security-admin-web
>
>
> The package which i used is download from github recently.
> But before two weeks ago i have followed the same steps was able to build
> successfully.
>
>
> Thanks,
> Mahesh.S
>
>


-- 
Regards,
Gautam.

Re: Ranger Security Admin Web Application build error

2015-01-05 Thread Gautam Borad 
> apache.snapshots.https (
> https://repository.apache.org/content/repositories/snapshots)
> at
> org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:39)
> at
> org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:355)
> at
> org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run(RunnableErrorForwarder.java:67)
> at
> org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:581)
> at
> org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:249)
> at
> org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:520)
> at
> org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:421)
> ... 26 more
> [ERROR]
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
> [ERROR]
> [ERROR] After correcting the problems, you can resume the build with the
> command
> [ERROR]   mvn  -rf :security-admin-web
>
> Thanks
>
> Mahesh.S
>
> On Mon, Jan 5, 2015 at 2:59 PM, Gautam Borad  wrote:
>
>> Hi Mahesh,
>> I was able to do a successful build with my repo pointing at
>> following hash : 97d8d803
>> <https://github.com/apache/incubator-ranger/commit/97d8d80361c0b6db22ceca6832e826f22dc3edb3>
>> ( the latest as of writing this mail )
>> Also i was able to find the jar in question in my M2 repo dir :
>> /Users/gautam/.m2/repository/cn/guoyukun/jdbc/oracle-ojdbc6/11.2.0.3.0/
>>
>> This might be a network issue, can you please try again. Or maybe you can
>> try the -U option. Eg: mvn clean compile package install assembly:assembly
>> -U
>>
>>
>>
>> On Mon, Jan 5, 2015 at 10:24 AM, Mahesh Sankaran <
>> sankarmahes...@gmail.com> wrote:
>>
>>> Hi all ,
>>>
>>> I have stuck with apache ranger Security Admin Web Application
>>> build error.Following is the error which i got.Kindly help me to build and
>>> install.
>>>
>>> [INFO]
>>>
>>> [INFO]
>>> 
>>> [INFO] Skipping ranger
>>> [INFO] This project has been banned from the build due to previous
>>> failures.
>>> [INFO]
>>> 
>>> [INFO]
>>> 
>>> [INFO] Reactor Summary:
>>> [INFO]
>>> [INFO] ranger  SUCCESS
>>> [02:06 min]
>>> [INFO] Credential Support  SUCCESS
>>> [07:21 min]
>>> [INFO] Audit Component ... SUCCESS [
>>> 29.167 s]
>>> [INFO] Common library for Plugins  SUCCESS [
>>> 13.657 s]
>>> [INFO] Hdfs Security Plugin .. SUCCESS
>>> [01:10 min]
>>> [INFO] Hive Security Agent ... SUCCESS
>>> [05:31 min]
>>> [INFO] HBaseSecurityAgents ... SUCCESS
>>> [03:23 min]
>>> [INFO] Knox Security Plugin .. SUCCESS
>>> [01:56 min]
>>> [INFO] Credential Builder  SUCCESS [
>>> 21.000 s]
>>> [INFO] Storm Security Plugin . SUCCESS
>>> [03:10 min]
>>> [INFO] Agent Implementation Libary ... SUCCESS
>>> [01:08 min]
>>> [INFO] Installer Support Component ... SUCCESS [
>>> 49.435 s]
>>> [INFO] Embeded Web Server Invoker  SUCCESS [
>>> 37.422 s]
>>> [INFO] Resource Lookup API Implementation  SUCCESS [
>>>  2.788 s]
>>> [INFO] Unix Authentication Client  SUCCESS [
>>>  0.546 s]
>>> [INFO] Security Admin Web Application  FAILURE
>>> [05:22 min]
>>> [INFO] Unix User Group Synchronizer .. SKIPPED
>>> [INFO] Unix Authentication Service ... SKIPPED
>>> [INFO] Unix Native Authenticator . SKIPPED
>>> [INFO]
>>> -

Re: Hdfs agent not created

2015-01-13 Thread Gautam Borad 
Hi Mahesh,
We will need the namenode logs to debug this further. Can you restart
namenode and paste the logs of that somewhere for us to analyze? Thanks.

On Wed, Jan 14, 2015 at 10:31 AM, Mahesh Sankaran 
wrote:

> Hi Ramesh,
>
>   I didnt see any exception in the hdfs logs.my problem is
> agent for hdfs is not created.
>
> Regards,
> Mahesh.S
>
> On Tue, Jan 13, 2015 at 8:50 PM, Ramesh Mani 
> wrote:
>
>> Hi Mahesh,
>>
>> The error you are seeing in is just a notice that  parent folder of the
>> resource you are creating doesn’t have read permission for the user whom
>> you are creating the policy.
>>
>> when you start the hdfs namenode and secondarynode do you see any
>> exception in the hdfs logs?
>>
>> Regards,
>> Ramesh
>>
>> On Jan 13, 2015, at 4:13 AM, Mahesh Sankaran 
>> wrote:
>>
>> Hi all,
>>
>> I successfully configured ranger admin,user sync.now am trying to
>> configure hdfs plugin.My steps are following,
>>
>> 1.Created repository testhdfs.
>> 2.cd /usr/local
>> 3.sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-hdfs-plugin.tar.gz
>> 4.sudo ln -s ranger-0.4.0-hdfs-plugin ranger-hdfs-plugin
>> 5.cd ranger-hdfs-plugin
>> 6.vi install.properties
>>   POLICY_MGR_URL=http://IP:6080 
>>   REPOSITORY_NAME=testhdfs
>>   XAAUDIT.DB.HOSTNAME=localhost
>>   XAAUDIT.DB.DATABASE_NAME=ranger
>>   XAAUDIT.DB.USER_NAME=rangerlogger
>>   XAAUDIT.DB.PASSWORD=rangerlogger
>> 7.cd /usr/local/hadoop
>> 8.ln -s /usr/local/hadoop/etc/hadoop conf
>> 9.export HADOOP_HOME=/usr/local/hadoop
>> 10.cd /usr/local/ranger-hdfs-plugin
>> 11../enable-hdfs-plugin.sh
>> 12.cp /usr/local/hadoop/lib/* /usr/local/hadoop/share/hadoop/hdfs/lib/
>> 13.vi xasecure-audit.xml
>>   xasecure.audit.jpa.javax.persistence.jdbc.url
>>jdbc:mysql://localhost/ranger
>>
>>
>>
>>  xasecure.audit.jpa.javax.persistence.jdbc.user
>>rangerlogger
>>
>>
>> xasecure.audit.jpa.javax.persistence.jdbc.password
>>rangerlogger
>>
>> 14.Restarted hadoop
>> when i see Ranger Admin Web interface -> Audit -> Agents
>> agent is not created.Am i missed any steps.
>>
>> *NOTE:I am not using HDP.*
>>
>> *here is my xa_portal.log*
>>
>> 2015-01-13 15:16:45,901 [localhost-startStop-1] INFO
>>  org.springframework.core.io.support.PropertiesLoaderSupport
>> (PropertiesLoaderSupport.java:177) - Loading properties file from class
>> path resource [xa_default.properties]
>> 2015-01-13 15:16:45,932 [localhost-startStop-1] INFO
>>  org.springframework.core.io.support.PropertiesLoaderSupport
>> (PropertiesLoaderSupport.java:177) - Loading properties file from class
>> path resource [xa_system.properties]
>> 2015-01-13 15:16:45,965 [localhost-startStop-1] INFO
>>  org.springframework.core.io.support.PropertiesLoaderSupport
>> (PropertiesLoaderSupport.java:177) - Loading properties file from class
>> path resource [xa_custom.properties]
>> 2015-01-13 15:16:45,978 [localhost-startStop-1] INFO
>>  org.springframework.core.io.support.PropertiesLoaderSupport
>> (PropertiesLoaderSupport.java:177) - Loading properties file from class
>> path resource [xa_ldap.properties]
>> 2015-01-13 15:16:46,490 [localhost-startStop-1] WARN
>>  org.apache.hadoop.util.NativeCodeLoader (NativeCodeLoader.java:62) -
>> Unable to load native-hadoop library for your platform... using
>> builtin-java classes where applicable
>> 2015-01-13 15:16:47,417 [localhost-startStop-1] INFO
>>  org.springframework.core.io.support.PropertiesLoaderSupport
>> (PropertiesLoaderSupport.java:177) - Loading properties file from class
>> path resource [db_message_bundle.properties]
>> 2015-01-13 15:17:13,721 [http-bio-6080-exec-8] INFO
>>  org.apache.ranger.security.listener.SpringEventListener
>> (SpringEventListener.java:69) - Login Successful:admin | Ip
>> Address:10.10.10.53 | sessionId=830B2C1BC6F34346950710576AD40A12
>> 2015-01-13 15:17:14,362 [http-bio-6080-exec-8] INFO
>>  org.apache.ranger.biz.SessionMgr (SessionMgr.java:334) - admin is a valid
>> user
>> 2015-01-13 15:17:14,491 [http-bio-6080-exec-10] INFO
>>  org.apache.ranger.biz.SessionMgr (SessionMgr.java:140) - Login Success:
>> loginId=admin, sessionId=10, sessionId=830B2C1BC6F34346950710576AD40A12,
>> requestId=10.10.10.53
>> 2015-01-13 15:17:16,517 [http-bio-6080-exec-2] INFO
>>  org.apache.ranger.service.filter.RangerRESTAPIFilter
>> (RangerRESTAPIFilter.java:246) - Done rearranging. loopCount=0
>> 2015-01-13 15:17:16,518 [http-bio-6080-exec-2] INFO
>>  org.apache.ranger.service.filter.RangerRESTAPIFilter
>> (RangerRESTAPIFilter.java:254) - Loaded 0 API methods.
>> 2015-01-13 15:27:58,797 [http-bio-6080-exec-10] INFO
>>  org.apache.ranger.rest.UserREST (UserREST.java:186) -
>> create:nfsnobody@bigdata
>> 2015-01-13 15:30:32,173 [localhost-startStop-1] INFO
>>  org.springframework.core.io.support.PropertiesLoaderSupport
>> (Pr

Re: Autocomplete behavior of hive tables/columns

2015-01-16 Thread Gautam Borad 
Hi Hanish,
Yes, that is the expected behavior in current implementation. If there
are multiple values in database/tables, the autocomplete for dependent
field will not work.
We can raise a Jira to discuss how to handle such scenarios and provide
better functionality to users. Thanks.

On Fri, Jan 16, 2015 at 12:55 PM, Hanish Bansal <
hanish.bansal.agar...@gmail.com> wrote:

> Hi All,
>
> When defining the policy for hive resource, autocomplete for hive tables
> and columns is not working properly.
>
> If multiple databases are specified in database name then autocomplete for
> table is showing tables only for first database.
> Similar is in case of columns, if multiple tables are specified in table
> name then autocomplete for column is showing columns only for first table.
>
> Please let me know the expected behavior.
>
>
> --
> *Thanks & Regards*
> *Hanish Bansal*
>



-- 
Regards,
Gautam.

Re: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder" and WARNING: Unable to load native-hadoop library for your platform.- setup.sh error.

2015-02-10 Thread Gautam Borad 
Sreeni, these are just warning, please ignore them and proceed with the
Ranger Installation.



On Mon, Feb 9, 2015 at 10:03 AM, Sreeni  wrote:

> I am trying to install Ranger for HDP 2.2.
>
> setup.sh getting following error, any thoughts to fix the folder.
>
> Starting configuration for XA DB credentials:
> SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
> SLF4J: Defaulting to no-operation (NOP) logger implementation
> SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further
> details.
> Feb 08, 2015 7:28:47 PM org.apache.hadoop.util.NativeCodeLoader 
> WARNING: Unable to load native-hadoop library for your platform... using
> builtin-java classes where applicable
> Alias already exist!! will try to delete first.
> Deleting credential: policyDB.jdbc.password from CredentialProvider:
> jceks://file/usr/hdp/2.2.0.0-2041/ranger-admin/ews/webapp/WEB-INF/classes/conf/.jceks/rangeradmin.jceks
>
> Sreeni
>
>


-- 
Regards,
Gautam.

Re: Redirection to login page loads all resources (js and css) before redirection.

2015-02-25 Thread Gautam Borad 
Hi Shrey, I just confirmed that only the pre-login files are getting loaded
when you hit 'index.html' without a valid login session.
Please let me know you use-case and i can try to reproduce it.


P.S: Attached Screenshot shows only the required files being loaded.

On Tue, Feb 24, 2015 at 11:43 PM, Don Bosco Durai 
wrote:

>  Shrey
>
>  Ideally it shouldn’t load, because index.html should have automatically
> redirected to login.jsp based on security-applicationContext.xml and that
> should have minimal dependencies.
>
>  Gautam should be able to give more information.
>
>  Let me know if you want to fix it? You can create a JIRA and assign it
> to your self.
>
>  Thanks
>
>  Bosco
>
>
>   From: Shrey Mehrotra 
> Reply-To: "'user@ranger.incubator.apache.org'" <
> user@ranger.incubator.apache.org>
> Date: Tuesday, February 24, 2015 at 2:42 AM
> To: "'user@ranger.incubator.apache.org'" ,
> "'d...@ranger.incubator.apache.org'" 
>
> Subject: Redirection to login page loads all resources (js and css)
> before redirection.
>
>+user group
>
>
>
> *From:* Shrey Mehrotra
> *Sent:* Tuesday, February 24, 2015 3:24 PM
> *To:* 'd...@ranger.incubator.apache.org'
> *Subject:* Redirection to login page loads all resources (js and css)
> before redirection.
>
>
>
> Hi,
>
>
>
> When we directly hit index.html without going through login page, it loads
> all the js and css before redirecting to login page. It takes time and also
> since the user is not logged in, this should be checked before loading any
> resource of the site. Is this the architectures’ design requirement or we
> could fix it by applying filters in security-applicationContext.xml?
>
>
>
> Thanks & Regards,
> Shrey Mehrotra
> Senior Software Engineer, iLabs
> Impetus Infotech Pvt. Ltd.
>
>
>
> --
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential,
> proprietary, privileged or otherwise protected by law. The message is
> intended solely for the named addressee. If received in error, please
> destroy and notify the sender. Any use of this email is prohibited when
> received in error. Impetus does not represent, warrant and/or guarantee,
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference.
>
>


-- 
Regards,
Gautam.

Re: Redirection to login page loads all resources (js and css) before redirection.

2015-02-27 Thread Gautam Borad 
Shrey, This seems to be reproducible only on Firefox. I tried the mentioned
steps on Chrome and at step 3] it redirected to login.jsp page without
loading the html/js files.

We should raise a Jira for this. Thanks.


On Thu, Feb 26, 2015 at 1:56 AM, Shrey Mehrotra <
shrey.mehro...@impetus.co.in> wrote:

>  Hi Gautam,
>
>
>
> I just hit index.html directly and found that all resources load up before
> the page gets redirected to login. One catch could be I have logged in to
> the application on same browser before. Please try with following steps to
> reproduce at your end:
>
>
>
> 1. Login to application with admin credentials.
>
> 2. Logout from application
>
> 3. Try to access index.html directly.
>
>
>
> Also, Please find attached the snapshot of network calls at my end.
>
>
>
> Let me know if you are able to replicate the same.
>
>
>
> Thanks & Regards,
>
> Shrey Mehrotra
>
> Senior Software Engineer, iLabs
>
> Impetus Infotech Pvt. Ltd.
>
>
>
> *From:* Gautam Borad [mailto:gbo...@gmail.com]
> *Sent:* Wednesday, February 25, 2015 4:31 PM
> *To:* user@ranger.incubator.apache.org
> *Cc:* d...@ranger.incubator.apache.org
> *Subject:* Re: Redirection to login page loads all resources (js and css)
> before redirection.
>
>
>
> Hi Shrey, I just confirmed that only the pre-login files are getting
> loaded when you hit 'index.html' without a valid login session.
>
> Please let me know you use-case and i can try to reproduce it.
>
>  P.S: Attached Screenshot shows only the required files being loaded.
>
>
>
> On Tue, Feb 24, 2015 at 11:43 PM, Don Bosco Durai 
> wrote:
>
> Shrey
>
>
>
> Ideally it shouldn’t load, because index.html should have automatically
> redirected to login.jsp based on security-applicationContext.xml and that
> should have minimal dependencies.
>
>
>
> Gautam should be able to give more information.
>
>
>
> Let me know if you want to fix it? You can create a JIRA and assign it to
> your self.
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *Shrey Mehrotra 
> *Reply-To: *"'user@ranger.incubator.apache.org'" <
> user@ranger.incubator.apache.org>
> *Date: *Tuesday, February 24, 2015 at 2:42 AM
> *To: *"'user@ranger.incubator.apache.org'" <
> user@ranger.incubator.apache.org>, "'d...@ranger.incubator.apache.org'" <
> d...@ranger.incubator.apache.org>
>
>
> *Subject: *Redirection to login page loads all resources (js and css)
> before redirection.
>
>
>
>   +user group
>
>
>
> *From:* Shrey Mehrotra
> *Sent:* Tuesday, February 24, 2015 3:24 PM
> *To:* 'd...@ranger.incubator.apache.org'
> *Subject:* Redirection to login page loads all resources (js and css)
> before redirection.
>
>
>
> Hi,
>
>
>
> When we directly hit index.html without going through login page, it loads
> all the js and css before redirecting to login page. It takes time and also
> since the user is not logged in, this should be checked before loading any
> resource of the site. Is this the architectures’ design requirement or we
> could fix it by applying filters in security-applicationContext.xml?
>
>
>
> Thanks & Regards,
> Shrey Mehrotra
> Senior Software Engineer, iLabs
> Impetus Infotech Pvt. Ltd.
>
>
>
>
>  --
>
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential,
> proprietary, privileged or otherwise protected by law. The message is
> intended solely for the named addressee. If received in error, please
> destroy and notify the sender. Any use of this email is prohibited when
> received in error. Impetus does not represent, warrant and/or guarantee,
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference.
>
>
>
>
> --
>
> Regards,
>
> Gautam.
>
> --
>
>
>
>
>
>
> NOTE: This message may contain information that is confidential,
> proprietary, privileged or otherwise protected by law. The message is
> intended solely for the named addressee. If received in error, please
> destroy and notify the sender. Any use of this email is prohibited when
> received in error. Impetus does not represent, warrant and/or guarantee,
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference.
>



-- 
Regards,
Gautam.

Re: Group permissions in Hive policies

2015-03-08 Thread Gautam Borad 
Hi Philippe,
In order for the enforcement of policies to happen, the group should be
present in Hadoop.
Ranger groups are more of a UI help currently in that they provide
autocomplete to users while creating policies. This way user need not
lookup Hadoop Groups every time and can rely on autocomplete to create
policies.

Ranger Usersync is generally used to sync users/groups to Ranger Admin to
avoid the tedious process of creating them on the Ranger Admin.


On Mon, Mar 2, 2015 at 10:20 PM, Verhaeghe Philippe <
philippe.verhae...@worldline.com> wrote:

>  Thanks for your answer.
>
> The users tableau2 and tableau3 and the group tableau are internal in
> ranger.
>
> There is no “tableau” group in Hadoop, I created the group only in ranger.
>
> $ hdfs groups tableau3
>
> tableau3 :
>
> $ hdfs groups tableau2
>
> tableau2 :
>
>
>
> I don’t fully understand why the group associated with the login should be
> created in Hadoop when ranger is managing the permissions. And what is the
> role of the Ranger group vs Hadoop group ?
>
>
>
> Regards,
>
> Philippe
>
>
>
> *De :* Selvamohan Neethiraj [mailto:sneethi...@hortonworks.com] *De la
> part de* Selvamohan Neethiraj
> *Envoyé :* Monday, March 02, 2015 5:32 PM
> *À :* user@ranger.incubator.apache.org
> *Objet :* Re: Group permissions in Hive policies
>
>
>
> Philippe:
>
>
>
> Yes, we have validated permission defined at group level.
>
> When the Hive query is executed by HiveServer2, the groups associated with
> the login user is derived based on the Hadoop Group Mapping defined in the
> coe-site.xml (hadoop.security.group.mapping).
>
> You can use the following commands to find out the group membership for a
> given user:
>
>
>
>   $ hdfs groups 
>
>
>
> Please let us know if your group membership for the user ‘tableau3’ user
> shows the group ‘tableau’.
>
>
>
> Thanks,
>
> Selva-
>
>
>
> *From: *Verhaeghe Philippe 
> *Reply-To: *"user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> *Date: *Monday, March 2, 2015 at 11:05 AM
> *To: *"user@ranger.incubator.apache.org"  >
> *Subject: *Group permissions in Hive policies
>
>
>
>  Hi,
>
>
>
> I try to use group level permissions for Hive but it seems not working.
>
> I have set permissions at user level for my user “tableau2” : it works as
> expected, I can query Hive.
>
> I have created another user “tableau3”, placed it in a new group
> “tableau”, and I gave this group the same permissions than the user
> “tableau2” : I cannot query Hive with user “tableau3”.
>
>
>
> Does anyone has successfully used group level permissions with Hive ?
>
>
>
> Regards,
>
> Philippe
>
>
>
>
>  --
>
>
> Ce message et les pièces jointes sont confidentiels et réservés à l'usage
> exclusif de ses destinataires. Il peut également être protégé par le secret
> professionnel. Si vous recevez ce message par erreur, merci d'en avertir
> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne
> pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra
> être recherchée quant au contenu de ce message. Bien que les meilleurs
> efforts soient faits pour maintenir cette transmission exempte de tout
> virus, l'expéditeur ne donne aucune garantie à cet égard et sa
> responsabilité ne saurait être recherchée pour tout dommage résultant d'un
> virus transmis.
>
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive this
> e-mail in error, please notify the sender immediately and destroy it. As
> its integrity cannot be secured on the Internet, the Worldline liability
> cannot be triggered for the message content. Although the sender endeavours
> to maintain a computer virus-free network, the sender does not warrant that
> this transmission is virus-free and will not be liable for any damages
> resulting from any virus transmitted.
>
> --
>
> Ce message et les pièces jointes sont confidentiels et réservés à l'usage
> exclusif de ses destinataires. Il peut également être protégé par le secret
> professionnel. Si vous recevez ce message par erreur, merci d'en avertir
> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne
> pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra
> être recherchée quant au contenu de ce message. Bien que les meilleurs
> efforts soient faits pour maintenir cette transmission exempte de tout
> virus, l'expéditeur ne donne aucune garantie à cet égard et sa
> responsabilité ne saurait être recherchée pour tout dommage résultant d'un
> virus transmis.
>
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive this
> e-mail in error, please notify the sender immediately and destroy it. As
> its integrity cannot be secured on the Internet, the Worldline liability
> cannot be triggered for the message content.

Re: How to enable HDFS plugin on HA NameNode Cluster

2015-03-08 Thread Gautam Borad 
>
> 2015-03-08 05:28:12,179 INFO  config.ConfigWatcher
> (ConfigWatcher.java:fetchPolicyfromCahce(507)) - Policy Manager not
> available, using the last stored Policy Filenull


Seems the plugin is not able to communicate to Policy Manager. Can you
please try to 'curl' to that url:port from the host where NN is running and
see its able to connect?

Also can you provide the xasecure-hdfs-security.xml file? Another suspect
can be the *xasecure.hdfs.policymgr.url.laststoredfile*
property.

Thanks.

On Sun, Mar 8, 2015 at 11:23 AM, Hadoop Solutions 
wrote:

> I have manually added xasecure.hdfs.policymgr.url manually in 
> xasecure-hdfs-security.xml
> in /etc/hadoop/conf, but still i am facing following error:
>
> 2015-03-08 05:28:07,914 INFO  provider.AuditProviderFactory
> (AuditProviderFactory.java:(60)) - AuditProviderFactory: creating..
> 2015-03-08 05:28:07,915 INFO  provider.AuditProviderFactory
> (AuditProviderFactory.java:init(90)) - AuditProviderFactory: initializing..
> 2015-03-08 05:28:08,005 INFO  namenode.FSNamesystem
> (FSNamesystem.java:listCorruptFileBlocks(7220)) - there are no corrupt file
> blocks.
> 2015-03-08 05:28:08,111 INFO  provider.DbAuditProvider
> (DbAuditProvider.java:(68)) - DbAuditProvider: creating..
> 2015-03-08 05:28:08,115 INFO  provider.MultiDestAuditProvider
> (MultiDestAuditProvider.java:(43)) - MultiDestAuditProvider:
> creating..
> 2015-03-08 05:28:08,116 INFO  provider.AsyncAuditProvider
> (AsyncAuditProvider.java:(58)) - AsyncAuditProvider(DbAuditProvider):
> creating..
> 2015-03-08 05:28:08,117 INFO  provider.MultiDestAuditProvider
> (MultiDestAuditProvider.java:addAuditProvider(67)) -
> MultiDestAuditProvider.addAuditProvider(providerType=com.xasecure.audit.provider.DbAuditProvider)
> 2015-03-08 05:28:08,118 INFO  provider.AsyncAuditProvider
> (AsyncAuditProvider.java:init(81)) -
> AsyncAuditProvider(DbAuditProvider).init()
> 2015-03-08 05:28:08,118 INFO  provider.MultiDestAuditProvider
> (MultiDestAuditProvider.java:init(52)) - MultiDestAuditProvider.init()
> 2015-03-08 05:28:08,118 INFO  provider.BaseAuditProvider
> (BaseAuditProvider.java:init(47)) - BaseAuditProvider.init()
> 2015-03-08 05:28:08,119 INFO  provider.DbAuditProvider
> (DbAuditProvider.java:init(73)) - DbAuditProvider.init()
> 2015-03-08 05:28:08,119 INFO  provider.BaseAuditProvider
> (BaseAuditProvider.java:init(47)) - BaseAuditProvider.init()
> 2015-03-08 05:28:08,367 INFO  provider.DbAuditProvider
> (DbAuditProvider.java:start(121)) - DbAuditProvider.start()
> 2015-03-08 05:28:08,368 INFO  provider.DbAuditProvider
> (DbAuditProvider.java:init(170)) - DbAuditProvider: init()
> 2015-03-08 05:28:08,367 INFO  provider.AsyncAuditProvider
> (AsyncAuditProvider.java:run(134)) - ==> AsyncAuditProvider.run()
> 2015-03-08 05:28:10,919 INFO  config.PolicyRefresher
> (PolicyRefresher.java:(60)) - Creating PolicyRefreshser with url:
> http://sv2lxdpdsedi01.corp.equinix.com:6080, refreshInterval: 6,
> sslConfigFileName: null, lastStoredFileName: null
> 2015-03-08 05:28:10,936 INFO  config.ConfigWatcher
> (ConfigWatcher.java:(127)) - Creating PolicyRefreshser with url:
> http://sv2lxdpdsedi01.corp.equinix.com:6080,
> refreshInterval(milliSeconds): 6, sslConfigFileName: null,
> lastStoredFileName: null
> 2015-03-08 05:28:12,178 INFO  config.ConfigWatcher
> (ConfigWatcher.java:fetchPolicyfromCahce(507)) - Policy Manager not
> available, using the last stored Policy Filenull
> 2015-03-08 05:28:12,179 INFO  config.ConfigWatcher
> (ConfigWatcher.java:fetchPolicyfromCahce(507)) - Policy Manager not
> available, using the last stored Policy Filenull
> 2015-03-08 05:28:12,180 ERROR config.PolicyRefresher
> (PolicyRefresher.java:checkFileWatchDogThread(138)) - Unable to start the
> FileWatchDog for path [http://sv2lxdpdsedi01.corp.equinix.com:6080]
> java.lang.NullPointerException
> at java.io.FileInputStream.(FileInputStream.java:138)
> at java.io.FileInputStream.(FileInputStream.java:101)
> at java.io.FileReader.(FileReader.java:58)
> at
> com.xasecure.pdp.config.ConfigWatcher.fetchPolicyfromCahce(ConfigWatcher.java:510)
> at
> com.xasecure.pdp.config.ConfigWatcher.isFileChanged(ConfigWatcher.java:330)
> at
> com.xasecure.pdp.config.ConfigWatcher.validateAndRun(ConfigWatcher.java:222)
> at
> com.xasecure.pdp.config.ConfigWatcher.(ConfigWatcher.java:133)
> at
> com.xasecure.pdp.config.PolicyRefresher$1.(PolicyRefresher.java:124)
> at
> com.xasecure.pdp.config.PolicyRefresher.checkFileWatchDogThread(PolicyRefresher.java:124)
> at
> com.xasecure.pdp.config.PolicyRefresher.(PolicyRefresher.java:69)
> at
> com.xasecure.pdp.hdfs.URLBasedAuthDB.(URLBasedAuthDB.java:84)
> at
> com.xasecure.pdp.hdfs.URLBasedAuthDB.getInstance(URLBasedAuthDB.java:67)
> at
> com.xasecure.pdp.hdfs.XASecureAuthorizer.(XASecureAuthorizer.java:28)
>
>
> On 7 March 2015 at 15:41, Ramesh Mani  wrote:
>
>>
>> From the error what I see is your

Re: Knox group policies not enforced

2015-06-19 Thread Gautam Borad 
Hi Loïc
Can you please check if the connector jar(*mysql-connector-java.jar*)
is present in the knox/ext/ dir?  The jar  should be present in the
classpath. Please check and let us know.



On Fri, Jun 19, 2015 at 1:29 PM, Loïc Chanel 
wrote:

> Alok,
>
> I already turned logging on, but it seems I can't see any plugin logs. I
> tried to add the following properties :
> log4j.logger.org.apache.ranger=DEBUG
> log4j.logger.org.apache.ranger.services.knox=DEBUG
>
> But all I can see in the logs are Knox gateway logs, and there is nothing
> wrong with them (the only think I see that is wrong come from gateway.out,
> and is the error I mentioned in my first e-Mail). How can I turn Ranger
> plugin logs on ? And where can I find these logs afterwards ?
>
> In addition, I turned on the property "Audit to HDFS", but as I can't find
> audit records in the cluster, I think the auditing problem is kind of a
> general one.
>
> As far as the policy manager is concerned, I can see audit records for
> HDFS repository, so I don't think the problem comes from there.
>
> Do you see a possible origin of the problem ?
> Thanks,
>
>
> Loïc
>
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
>
> 2015-06-18 19:48 GMT+02:00 Alok Lal :
>
>>  I spoke too soon.  I don’t think the following is true.  We never let
>> the inability to audit
>> 
>> prevent auth.  My bad!
>>
>>  Can you turn logging on (/etc/knox/conf/gateway-log4j.properties) and
>> paste relevant parts from it?
>>
>>
>>
>>   From: Alok Lal 
>> Date: Thursday, June 18, 2015 at 10:42 AM
>> To: "user@ranger.incubator.apache.org" 
>> Subject: Re: Knox group policies not enforced
>>
>>   I assume you are using ranger-0.4.
>>
>>- Do you see access audit records on the audit page of policy
>>manager?
>>   - Writing audits to HDFS is not through JDBC driver.  Only writing
>>   to DB needs it.
>>   - Further, only audits written to the DB are shown on the audit
>>   page — which is why I asked the above question.
>>- It is possible that you have audit turned on to both DB and HDFS?
>>- The way code is today
>>
>> 
>>inability to write audit, say, due to a misconfigured JDBC adaptor, would
>>cause authorization to fail, too (because the auth call would throw an
>>unhandled exception).
>>   - However, I don’t know why that should be related only membership
>>   to a group.
>>   - If inability to write to audit is in fact the issue then you
>>   should not be able to connect as long as the policy granting you 
>> access is
>>   audited.  Perhaps you can confirm that to be the case to help narrow 
>> the
>>   cause.
>>
>> Alok
>>
>>   From: Loïc Chanel 
>> Reply-To: "user@ranger.incubator.apache.org" <
>> user@ranger.incubator.apache.org>
>> Date: Thursday, June 18, 2015 at 3:05 AM
>> To: "user@ranger.incubator.apache.org" 
>> Subject: Knox group policies not enforced
>>
>>  Hi fellow Ranger users,
>>
>>  As I am using Ranger plugin for Knox, I noticed that group policies are
>> not applied. For example, if I grant to the group "users" the right to
>> connect from anywhere, and I try to use WebHDFS with a user of this group,
>> I keep getting 403 responses from Knox.
>>
>>  In addition, I can't find any audit logs from Knox in Ranger interface,
>> but I thinks this is linked to the error I get in gateway.out :
>> [EL Severe]: ejb: 2015-06-18
>> 11:33:44.253--ServerSession(45349)--Exception [EclipseLink-4003]
>> (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd):
>> org.eclipse.persistence.exceptions.DatabaseException
>> Exception Description: Configuration error.  Class
>> [com.mysql.jdbc.Driver] not found.
>>
>>  This error is actually weird too because the JDBC driver is properly
>> installed, as I can see audit logs from HDFS repository.
>>
>>  Has anyone an idea of where these errors might come from ?
>>  Thanks in advance for your help,
>>
>>
>>  Loïc
>>
>> Loïc CHANEL
>> Engineering student at TELECOM Nancy
>> Trainee at Worldline - Villeurbanne
>>
>
>


-- 
Regards,
Gautam.

Re: Knox group policies not enforced

2015-06-19 Thread Gautam Borad 
Loïc, yes if you are using Ambari, the Ambari agent should copy the mysql
connector to the ext/ directory.

>>Knox does not search for the connector in other directories

It will look for connector only in the directories in the classpath. I know
that the ext is in the classpath, am not aware of other directories :-)



On Fri, Jun 19, 2015 at 2:37 PM, Loïc Chanel 
wrote:

> Hi Gautam,
>
> I did not have the connector jar in this directory, and the problem
> actually came from here : thanks a lot ! :-)
>
> Still, I'm a little surprised : Knox does not search for the connector in
> other directories ? Because as during the configuration we specify to the
> Ambari-server the location of mysql-java-connector, Knox should be able to
> pull this information, shouldn't it ?
>
> Thanks again,
>
>
> Loïc
>
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
>
> 2015-06-19 10:51 GMT+02:00 Gautam Borad :
>
>> Hi Loïc
>> Can you please check if the connector jar(*mysql-connector-java.jar*)
>> is present in the knox/ext/ dir?  The jar  should be present in the
>> classpath. Please check and let us know.
>>
>>
>>
>> On Fri, Jun 19, 2015 at 1:29 PM, Loïc Chanel <
>> loic.cha...@telecomnancy.net> wrote:
>>
>>> Alok,
>>>
>>> I already turned logging on, but it seems I can't see any plugin logs. I
>>> tried to add the following properties :
>>> log4j.logger.org.apache.ranger=DEBUG
>>> log4j.logger.org.apache.ranger.services.knox=DEBUG
>>>
>>> But all I can see in the logs are Knox gateway logs, and there is
>>> nothing wrong with them (the only think I see that is wrong come from
>>> gateway.out, and is the error I mentioned in my first e-Mail). How can I
>>> turn Ranger plugin logs on ? And where can I find these logs afterwards ?
>>>
>>> In addition, I turned on the property "Audit to HDFS", but as I can't
>>> find audit records in the cluster, I think the auditing problem is kind of
>>> a general one.
>>>
>>> As far as the policy manager is concerned, I can see audit records for
>>> HDFS repository, so I don't think the problem comes from there.
>>>
>>> Do you see a possible origin of the problem ?
>>> Thanks,
>>>
>>>
>>> Loïc
>>>
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>>
>>> 2015-06-18 19:48 GMT+02:00 Alok Lal :
>>>
>>>>  I spoke too soon.  I don’t think the following is true.  We never let
>>>> the inability to audit
>>>> <https://github.com/apache/incubator-ranger/blob/ranger-0.4/agents-impl/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java#L202-L211>
>>>> prevent auth.  My bad!
>>>>
>>>>  Can you turn logging on (/etc/knox/conf/gateway-log4j.properties) and
>>>> paste relevant parts from it?
>>>>
>>>>
>>>>
>>>>   From: Alok Lal 
>>>> Date: Thursday, June 18, 2015 at 10:42 AM
>>>> To: "user@ranger.incubator.apache.org" <
>>>> user@ranger.incubator.apache.org>
>>>> Subject: Re: Knox group policies not enforced
>>>>
>>>>   I assume you are using ranger-0.4.
>>>>
>>>>- Do you see access audit records on the audit page of policy
>>>>manager?
>>>>   - Writing audits to HDFS is not through JDBC driver.  Only
>>>>   writing to DB needs it.
>>>>   - Further, only audits written to the DB are shown on the audit
>>>>   page — which is why I asked the above question.
>>>>- It is possible that you have audit turned on to both DB and HDFS?
>>>>- The way code is today
>>>>
>>>> <https://github.com/apache/incubator-ranger/blob/ranger-0.4/agents-impl/src/main/java/com/xasecure/pdp/knox/filter/XASecurePDPKnoxFilter.java#L124-L139>
>>>>inability to write audit, say, due to a misconfigured JDBC adaptor, 
>>>> would
>>>>cause authorization to fail, too (because the auth call would throw an
>>>>unhandled exception).
>>>>   - However, I don’t know why that should be related only
>>>>   membership to a group.
>>>>   - If inability to write to audit is in fact the issue then you
>>>>   should not be able to connect as long as the policy granting you 
>>>

Re: Upgrading Ranger to 0.5

2015-07-19 Thread Gautam Borad 
Hi Dale, To upgrade to 0.5.0 you have to first upgrade Ambari from 2.0 to
2.1.0, since Ranger 0.5.0 is supported only in Ambari 2.1.0

You can find more info on upgrade from Ambari wiki :
https://cwiki.apache.org/confluence/display/AMBARI OR ask on the Ambari
mailing list about the instructions for upgrade.

Do let me know if you are stuck upgrading Ranger. Thanks.



On Fri, Jul 17, 2015 at 11:52 AM, Don Bosco Durai  wrote:

> Ambari 2.1 has support for Ranger 0.5. Vel and Gautam have worked on it on
> the Ambari side. Either one of them should be able to answer your question.
>
> Vel/Gautam, would you be able to answer Dale’s question?
>
> Thanks
>
> Bosco
>
>
> From: , Dale 
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date: Thursday, July 16, 2015 at 8:49 PM
> To: "user@ranger.incubator.apache.org" 
>
> Subject: Re: Upgrading Ranger to 0.5
>
> I am currently using Ambari 2.0.
>
> Dale
>
>
>  Original message 
> From: Don Bosco Durai 
> Date: 16/07/2015 17:55 (GMT+00:00)
> To: user@ranger.incubator.apache.org
> Subject: Re: Upgrading Ranger to 0.5
>
> Dale, which version of Ambari are you currently using?
>
> Bosco
>
>
> On 7/16/15, 8:53 PM, "Bradman, Dale"  wrote:
>
> >Hi,
> >
> >What is the easiest way to upgrade Ranger to 0.5 if I have an Ambari
> >managed cluster?
> >
> >Cheers,
> >Dale
> >
> >
> >
> >Capgemini is a trading name used by the Capgemini Group of companies
> >which includes Capgemini UK plc, a company registered in England and
> >Wales (number 943935) whose registered office is at No. 1, Forge End,
> >Woking, Surrey, GU21 6DB.
> >This message contains information that may be privileged or confidential
> >and is the property of the Capgemini Group. It is intended only for the
> >person to whom it is addressed. If you are not the intended recipient,
> >you are not authorized to read, print, retain, copy, disseminate,
> >distribute, or use this message or any part thereof. If you receive this
> >message in error, please notify the sender immediately and delete all
> >copies of this message.
> >
>
>
>
> --
>
> Capgemini is a trading name used by the Capgemini Group of companies which
> includes Capgemini UK plc, a company registered in England and Wales
> (number 943935) whose registered office is at No. 1, Forge End, Woking,
> Surrey, GU21 6DB.
> This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient, you
> are not authorized to read, print, retain, copy, disseminate, distribute,
> or use this message or any part thereof. If you receive this message in
> error, please notify the sender immediately and delete all copies of this
> message.
>
>


-- 
Regards,
Gautam.

Re: Unable to start HBase

2015-07-27 Thread Gautam Borad 
Hi Dale,
Can you try adding 'ranger-hbase-plugin-enabled' property to :
"HBASE" -> "Advanced" -> "Custom ranger-hbase-plugin-properties" section
and set the value to yes/no, depending on whether HBase plugin was enabled
on Ambari 2.0 or not.

Please restart HBase service after doing the changes.



On Mon, Jul 27, 2015 at 3:46 PM, Bradman, Dale 
wrote:

>  Hi, I have recently upgraded from Ambari 2.0 to 2.1 but I am now unable
> to start up HBase.
>
>  I am seeing the following error in Ambari:
>
>  -
> Traceback (most recent call last):
>   File
> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py",
> line 148, in 
> HbaseMaster().execute()
>   File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 218, in execute
> method(env)
>   File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
> line 450, in restart
> self.stop(env)
>   File
> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py",
> line 87, in stop
> import params
>   File
> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/params.py",
> line 26, in 
> from params_linux import *
>   File
> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py",
> line 230, in 
> enable_ranger_hbase =
> (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower()
> == 'yes')
>   File
> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/config_dictionary.py",
> line 81, in __getattr__
> raise Fail("Configuration parameter '" + self.name + "' was not found
> in configurations dictionary!")
> resource_management.core.exceptions.Fail: Configuration parameter
> 'ranger-hbase-plugin-enabled' was not found in configurations dictionary!
>
>  --
>
>  There's a ton of errors in the HBase logs which I can forward if
> necessary.
>
>  Thanks,
> Dale
>
>  Sent from my Samsung device
>
> --
>
> Capgemini is a trading name used by the Capgemini Group of companies which
> includes Capgemini UK plc, a company registered in England and Wales
> (number 943935) whose registered office is at No. 1, Forge End, Woking,
> Surrey, GU21 6DB.
>  This message contains information that may be privileged or confidential
> and is the property of the Capgemini Group. It is intended only for the
> person to whom it is addressed. If you are not the intended recipient, you
> are not authorized to read, print, retain, copy, disseminate, distribute,
> or use this message or any part thereof. If you receive this message in
> error, please notify the sender immediately and delete all copies of this
> message.
>



-- 
Regards,
Gautam.

Re: Unable to start HBase

2015-07-29 Thread Gautam Borad 
Bosco/Dale, the checkbox not showing up might be an upgrade issue ( need to
verify, not sure ) Other than that there is no reason for the checkbox to
not be present.

However, once the property is added to custom property i think the checkbox
should be visible again.

Dale, can you please confirm the checkbox is present after adding to the
custom properties. Thanks.

On Wed, Jul 29, 2015 at 12:46 PM, Don Bosco Durai  wrote:

> Dale, can you answer Balaji’s question? This will help us to understand
> the root cause.
>
> Vel/Gautam, any tips on why "Enable Ranger for HBASE" tick box does not
> appear in the configs?
>
> Thanks
>
> Bosco
>
>
> From: Balaji Ganesan 
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date: Monday, July 27, 2015 at 11:54 AM
>
> To: "user@ranger.incubator.apache.org" 
> Subject: Re: Unable to start HBase
>
> Was the upgrade performed through Ambari?  If yes, then it might be an
> issue with Ambari. Ambari should preserve the configuration value (in this
> case Ranger enabled for Hbase) while doing the upgrade.
>
> On Mon, Jul 27, 2015 at 11:41 AM, Bradman, Dale <
> dale.brad...@capgemini.com> wrote:
>
>> It was installed using Ambari 2.0 and worked fine. I then upgraded Ambari
>> to 2.1 which is when HBase failed to run as the "Enable Ranger for HBASE"
>> checkbox was not ticked.
>>
>> Cheers,
>> Dale
>>
>>
>>
>> Sent from my Samsung device
>>
>>
>>  Original message 
>> From: Don Bosco Durai 
>> Date: 27/07/2015 17:59 (GMT+00:00)
>> To: user@ranger.incubator.apache.org
>> Subject: Re: Unable to start HBase
>>
>> Dale
>>
>> Does RangerAdmin show up in Ambari? Was it installed manually or through
>> Ambari?
>>
>> Thanks
>>
>> Bosco
>>
>>
>> From: , Dale 
>> Reply-To: "user@ranger.incubator.apache.org" <
>> user@ranger.incubator.apache.org>
>> Date: Monday, July 27, 2015 at 6:39 AM
>> To: "user@ranger.incubator.apache.org" 
>> Subject: Re: Unable to start HBase
>>
>> Thanks, that has worked. How come the "Enable Ranger for HBASE" tick box
>> does not appear in the configs in the first place?
>>
>> Thank you,
>> Dale Bradman
>>
>> Sent from my Samsung device
>>
>>
>>  Original message 
>> From: Gautam Borad 
>> Date: 27/07/2015 13:25 (GMT+00:00)
>> To: user@ranger.incubator.apache.org
>> Subject: Re: Unable to start HBase
>>
>> Hi Dale,
>> Can you try adding 'ranger-hbase-plugin-enabled' property to :
>> "HBASE" -> "Advanced" -> "Custom ranger-hbase-plugin-properties" section
>> and set the value to yes/no, depending on whether HBase plugin was enabled
>> on Ambari 2.0 or not.
>>
>> Please restart HBase service after doing the changes.
>>
>>
>>
>> On Mon, Jul 27, 2015 at 3:46 PM, Bradman, Dale <
>> dale.brad...@capgemini.com> wrote:
>>
>>> Hi, I have recently upgraded from Ambari 2.0 to 2.1 but I am now unable
>>> to start up HBase.
>>>
>>> I am seeing the following error in Ambari:
>>>
>>> -
>>> Traceback (most recent call last):
>>>   File
>>> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py",
>>> line 148, in 
>>> HbaseMaster().execute()
>>>   File
>>> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
>>> line 218, in execute
>>> method(env)
>>>   File
>>> "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py",
>>> line 450, in restart
>>> self.stop(env)
>>>   File
>>> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py",
>>> line 87, in stop
>>> import params
>>>   File
>>> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/params.py",
>>> line 26, in 
>>> from params_linux import *
>>>   File
>>> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py",
>>> line 230, in 
>>> enable_ranger_hbase =
>>> (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower()
>>

Re: Unable to start HBase

2015-07-31 Thread Gautam Borad 
@Bosco, the property is "ranger-hbase-plugin-enabled" under the HBASE
service.

@Dale, Thanks for confirming. Also i am not sure if you have to restart
Ranger. Since the property belongs to HBASE component, just restarting
HBASE should have worked. Thanks.


On Fri, Jul 31, 2015 at 12:25 AM, Bradman, Dale 
wrote:

> Yes I can confirm that the checkbox is present after adding the custom
> properties:
>
>
>
> ranger-hbase-plugin-enabled=yes
>
>
>
> You’ll need to restart Ranger for it to take affect and show the checkbox.
>
>
> Dale
>
>
>
> *From:* Don Bosco Durai [mailto:bdu...@hortonworks.com] *On Behalf Of *Don
> Bosco Durai
> *Sent:* 30 July 2015 18:12
>
> *To:* user@ranger.incubator.apache.org
> *Subject:* Re: Unable to start HBase
>
>
>
> Gautam, which custom properties are needed?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *Gautam Borad 
> *Reply-To: *"user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> *Date: *Wednesday, July 29, 2015 at 10:35 PM
> *To: *"user@ranger.incubator.apache.org"  >
> *Subject: *Re: Unable to start HBase
>
>
>
> Bosco/Dale, the checkbox not showing up might be an upgrade issue ( need
> to verify, not sure ) Other than that there is no reason for the checkbox
> to not be present.
>
> However, once the property is added to custom property i think the
> checkbox should be visible again.
>
> Dale, can you please confirm the checkbox is present after adding to the
> custom properties. Thanks.
>
>
>
> On Wed, Jul 29, 2015 at 12:46 PM, Don Bosco Durai 
> wrote:
>
> Dale, can you answer Balaji’s question? This will help us to understand
> the root cause.
>
>
>
> Vel/Gautam, any tips on why "Enable Ranger for HBASE" tick box does not
> appear in the configs?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *Balaji Ganesan 
> *Reply-To: *"user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> *Date: *Monday, July 27, 2015 at 11:54 AM
>
>
> *To: *"user@ranger.incubator.apache.org"  >
> *Subject: *Re: Unable to start HBase
>
>
>
> Was the upgrade performed through Ambari?  If yes, then it might be an
> issue with Ambari. Ambari should preserve the configuration value (in this
> case Ranger enabled for Hbase) while doing the upgrade.
>
>
>
> On Mon, Jul 27, 2015 at 11:41 AM, Bradman, Dale <
> dale.brad...@capgemini.com> wrote:
>
> It was installed using Ambari 2.0 and worked fine. I then upgraded Ambari
> to 2.1 which is when HBase failed to run as the "Enable Ranger for HBASE"
> checkbox was not ticked.
>
>
>
> Cheers,
>
> Dale
>
>
>
>
>
>
>
> Sent from my Samsung device
>
>
>
>  Original message 
> From: Don Bosco Durai 
> Date: 27/07/2015 17:59 (GMT+00:00)
> To: user@ranger.incubator.apache.org
> Subject: Re: Unable to start HBase
>
> Dale
>
>
>
> Does RangerAdmin show up in Ambari? Was it installed manually or through
> Ambari?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *, Dale 
> *Reply-To: *"user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> *Date: *Monday, July 27, 2015 at 6:39 AM
> *To: *"user@ranger.incubator.apache.org"  >
> *Subject: *Re: Unable to start HBase
>
>
>
> Thanks, that has worked. How come the "Enable Ranger for HBASE" tick box
> does not appear in the configs in the first place?
>
>
>
> Thank you,
>
> Dale Bradman
>
>
>
> Sent from my Samsung device
>
>
>
>  Original message 
> From: Gautam Borad 
> Date: 27/07/2015 13:25 (GMT+00:00)
> To: user@ranger.incubator.apache.org
> Subject: Re: Unable to start HBase
>
> Hi Dale,
>
> Can you try adding 'ranger-hbase-plugin-enabled' property to :
> "HBASE" -> "Advanced" -> "Custom ranger-hbase-plugin-properties" section
> and set the value to yes/no, depending on whether HBase plugin was enabled
> on Ambari 2.0 or not.
>
> Please restart HBase service after doing the changes.
>
>
>
> On Mon, Jul 27, 2015 at 3:46 PM, Bradman, Dale 
> wrote:
>
> Hi, I have recently upgraded from Ambari 2.0 to 2.1 but I am now unable to
> start up HBase.
>
>
>
> I am seeing the following error in Ambari:
>
>
>
> -
>
> Traceback (most recent call last):
>   File
> "/var/lib/ambari-agent/cache/common-services/HBASE/0.96.0.2.0/packag

Re: Configuring Knox-Plugin

2015-07-31 Thread Gautam Borad 
Hi Aneela,
Did you perform the "Trusting Self Signed Knox Certificate" step
documented here

?

Also did you get this error on the UI or is it from the logs? If from the
log, can you share more surrounding content from the logs? Thanks.



On Fri, Jul 31, 2015 at 2:38 AM, Aneela Saleem 
wrote:

> Hi all,
>
> I'm configuring Knox plugin in Apacher ranger. When i create the service
> at Ranger UI with knox.url = https://localhost:8443 , i find the
> following exception:
>
> Unable to connect repository with given config for knoxdev
>
> Can anyone please guide me?
>



-- 
Regards,
Gautam.

Re: master branch compilation issue

2015-08-04 Thread Gautam Borad 
Hafiz,  Can you try passing the -X option to mvn and send the output?

 Please note -X will generate lot of output, you can redirect it to a file
and send the file across. Thanks.



On Wed, Aug 5, 2015 at 10:15 AM, Hafiz Mujadid 
wrote:

> I am running simply this command
> mvn clean compile package assembly:assembly
>
> and this happens at the end of compilation
>
> and these are last few lines
>
>
> [WARNING] Entry:
> ranger-0.5.0-src/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/client/ServiceKafkaConnectionMgr.java
> longer than 100 characters.
> [WARNING] Entry:
> ranger-0.5.0-src/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/client/ServiceKafkaClient.java
> longer than 100 characters.
> [WARNING] Entry:
> ranger-0.5.0-src/plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java
> longer than 100 characters.
> [WARNING] Entry:
> ranger-0.5.0-src/plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
> longer than 100 characters.
> [INFO]
> 
> [INFO] Reactor Summary:
> [INFO]
> [INFO] ranger  FAILURE [02:09
> min]
> [INFO] Jdbc SQL Connector  SUCCESS [
>  4.969 s]
> [INFO] Credential Support  SUCCESS [
> 12.146 s]
> [INFO] ranger_solrj .. SUCCESS [
>  8.150 s]
> [INFO] Audit Component ... SUCCESS [
>  5.228 s]
> [INFO] Common library for Plugins  SUCCESS [
> 17.187 s]
> [INFO] Installer Support Component ... SUCCESS [
>  3.728 s]
> [INFO] Credential Builder  SUCCESS [
>  5.682 s]
> [INFO] Embedded Web Server Invoker ... SUCCESS [
>  1.506 s]
> [INFO] Key Management Service  SUCCESS [08:21
> min]
> [INFO] HBase Security Plugin . SUCCESS [
> 10.581 s]
> [INFO] Hdfs Security Plugin .. SUCCESS [
>  8.737 s]
> [INFO] Hive Security Plugin .. SUCCESS [
>  6.787 s]
> [INFO] Knox Security Plugin .. SUCCESS [
>  5.038 s]
> [INFO] Storm Security Plugin . SUCCESS [
>  2.877 s]
> [INFO] YARN Security Plugin .. SUCCESS [
>  2.921 s]
> [INFO] Ranger Util ... SUCCESS [
>  2.724 s]
> [INFO] Unix Authentication Client  SUCCESS [
>  1.762 s]
> [INFO] Security Admin Web Application  SUCCESS [01:05
> min]
> [INFO] SOLR Security Plugin .. SUCCESS [
>  7.164 s]
> [INFO] Unix User Group Synchronizer .. SUCCESS [
>  3.874 s]
> [INFO] Unix Authentication Service ... SUCCESS [
>  1.944 s]
> [INFO] KMS Security Plugin ... SUCCESS [
>  2.862 s]
> [INFO] Unix Native Authenticator . SUCCESS [
>  1.460 s]
> [INFO]
> 
> [INFO] BUILD FAILURE
> [INFO]
> 
> [INFO] Total time: 13:41 min
> [INFO] Finished at: 2015-08-04T23:40:20+05:00
> [INFO] Final Memory: 177M/559M
> [INFO]
> 
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly
> (default-cli) on project ranger: Failed to create assembly: Error creating
> assembly archive src: Problem creating TAR: request to write '8192' bytes
> exceeds size in header of '566424' bytes -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the
> -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
>
>
> On Wed, Aug 5, 2015 at 9:20 AM, Abhay Kulkarni 
> wrote:
>
>> If the build command is run as
>>
>> % mvn package assembly:assembly > ./assembly.out 2>&1
>> , then this error may be seen. (Note the directory where output file
>> goes).
>>
>> If the command is run as
>> % mvn package assembly:assembly > /tmp/assembly.out 2>&1
>> , then the problem goes away.
>>
>> Maybe this will help.
>> -Abhay
>>
>> From: Don Bosco Durai  on behalf of Don Bosco
>> Durai 
>> Reply-To: "user@ranger.incubator.apache.org" <
>> user@ranger.incubator.apache.org>
>> Date: Tuesday, August 4, 2015 at 9:09 PM
>>
>> To: "user@ranger.incubator.apache.org" 
>> Subject: Re: master branch compilation issue
>>
>> I have not seen any errors like this. At what stage of the

Re: ranger startup exception

2015-08-05 Thread Gautam Borad 
Hafiz, this can be a java issue. Can you let us know which java version are
you using?

Ranger currently uses the 'java' that will be present in the PATH. Relevant
code that start Ranger Admin :

start() {
*java* -Dproc_rangeradmin ${JAVA_OPTS}
-Dlogdir=${XAPOLICYMGR_EWS_DIR}/logs/
-Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp
"${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:$CLASSPATH"
org.apache.ranger.server.tomcat.EmbeddedServer > logs/catalina.out 2>&1 &
echo "Apache Ranger Admin has started."
}

Please make sure the right 'java' is in PATH.


On Thu, Aug 6, 2015 at 2:21 AM, Hafiz Mujadid 
wrote:

> hi
>
> I have installed ranger and and started it but it is failing. no ui page
> is displayed and only catalina.out log file is being generated. In this
> file following exception is logged.
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> javax/servlet/ServletException
> at java.lang.Class.getDeclaredMethods0(Native Method)
> at java.lang.Class.privateGetDeclaredMethods(Class.java:2615)
> at java.lang.Class.getMethod0(Class.java:2856)
> at java.lang.Class.getMethod(Class.java:1668)
> at
> sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
> at
> sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
> Caused by: java.lang.ClassNotFoundException: javax.servlet.ServletException
> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>
>
>
>
> Any suggestion?
>
>
> thanks
>



-- 
Regards,
Gautam.

Re: ranger startup exception

2015-08-05 Thread Gautam Borad 
java 1.7.0_79 should work. Just to confirm whether the right java is in
your PATH can you send the output of the following command:

$ java -version



On Thu, Aug 6, 2015 at 11:28 AM, Hafiz Mujadid 
wrote:

> I am using java version 1.7.0_79
>
> Which version should I use?
>
> On Thu, Aug 6, 2015 at 10:40 AM, Gautam Borad  wrote:
>
>> Hafiz, this can be a java issue. Can you let us know which java version
>> are you using?
>>
>> Ranger currently uses the 'java' that will be present in the PATH.
>> Relevant code that start Ranger Admin :
>>
>> start() {
>> *java* -Dproc_rangeradmin ${JAVA_OPTS}
>> -Dlogdir=${XAPOLICYMGR_EWS_DIR}/logs/
>> -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp
>> "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:$CLASSPATH"
>> org.apache.ranger.server.tomcat.EmbeddedServer > logs/catalina.out 2>&1 &
>> echo "Apache Ranger Admin has started."
>> }
>>
>> Please make sure the right 'java' is in PATH.
>>
>>
>> On Thu, Aug 6, 2015 at 2:21 AM, Hafiz Mujadid 
>> wrote:
>>
>>> hi
>>>
>>> I have installed ranger and and started it but it is failing. no ui page
>>> is displayed and only catalina.out log file is being generated. In this
>>> file following exception is logged.
>>>
>>> Exception in thread "main" java.lang.NoClassDefFoundError:
>>> javax/servlet/ServletException
>>> at java.lang.Class.getDeclaredMethods0(Native Method)
>>> at java.lang.Class.privateGetDeclaredMethods(Class.java:2615)
>>> at java.lang.Class.getMethod0(Class.java:2856)
>>> at java.lang.Class.getMethod(Class.java:1668)
>>> at
>>> sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
>>> at
>>> sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
>>> Caused by: java.lang.ClassNotFoundException:
>>> javax.servlet.ServletException
>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>>>
>>>
>>>
>>>
>>> Any suggestion?
>>>
>>>
>>> thanks
>>>
>>
>>
>>
>> --
>> Regards,
>> Gautam.
>>
>
>
>
> --
> Regards: HAFIZ MUJADID
>



-- 
Regards,
Gautam.

Re: ranger startup exception

2015-08-06 Thread Gautam Borad 
Thanks Hafiz for verifying. Can you send across the following info:

   1. The OS flavor/version that you are using.
   2. The Ranger version that you are using and whether it is manually
   installed OR Ambari based.
   3. The command you are using to start Ranger Admin and whether its run
   as root or non-root user.
   4. Whether JAVA_HOME variable is exported or not.
   5. The full content of the catalina.out file

These will help us pinpoint the issue better. Thanks.

On Thu, Aug 6, 2015 at 12:27 PM, Hafiz Mujadid 
wrote:

> Here is output of java -version command
>
> *ava version "1.7.0_79"*
> *OpenJDK Runtime Environment (IcedTea 2.5.5) (7u79-2.5.5-0ubuntu0.14.04.2)*
> *OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)*
>
>
> On Thu, Aug 6, 2015 at 11:50 AM, Gautam Borad  wrote:
>
>> java 1.7.0_79 should work. Just to confirm whether the right java is in
>> your PATH can you send the output of the following command:
>>
>> $ java -version
>>
>>
>>
>> On Thu, Aug 6, 2015 at 11:28 AM, Hafiz Mujadid 
>> wrote:
>>
>>> I am using java version 1.7.0_79
>>>
>>> Which version should I use?
>>>
>>> On Thu, Aug 6, 2015 at 10:40 AM, Gautam Borad  wrote:
>>>
>>>> Hafiz, this can be a java issue. Can you let us know which java version
>>>> are you using?
>>>>
>>>> Ranger currently uses the 'java' that will be present in the PATH.
>>>> Relevant code that start Ranger Admin :
>>>>
>>>> start() {
>>>> *java* -Dproc_rangeradmin ${JAVA_OPTS}
>>>> -Dlogdir=${XAPOLICYMGR_EWS_DIR}/logs/
>>>> -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp
>>>> "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:$CLASSPATH"
>>>> org.apache.ranger.server.tomcat.EmbeddedServer > logs/catalina.out 2>&1 &
>>>> echo "Apache Ranger Admin has started."
>>>> }
>>>>
>>>> Please make sure the right 'java' is in PATH.
>>>>
>>>>
>>>> On Thu, Aug 6, 2015 at 2:21 AM, Hafiz Mujadid >>> > wrote:
>>>>
>>>>> hi
>>>>>
>>>>> I have installed ranger and and started it but it is failing. no ui
>>>>> page is displayed and only catalina.out log file is being generated. In
>>>>> this file following exception is logged.
>>>>>
>>>>> Exception in thread "main" java.lang.NoClassDefFoundError:
>>>>> javax/servlet/ServletException
>>>>> at java.lang.Class.getDeclaredMethods0(Native Method)
>>>>> at java.lang.Class.privateGetDeclaredMethods(Class.java:2615)
>>>>> at java.lang.Class.getMethod0(Class.java:2856)
>>>>> at java.lang.Class.getMethod(Class.java:1668)
>>>>> at
>>>>> sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
>>>>> at
>>>>> sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
>>>>> Caused by: java.lang.ClassNotFoundException:
>>>>> javax.servlet.ServletException
>>>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>>>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>>>>> at
>>>>> sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Any suggestion?
>>>>>
>>>>>
>>>>> thanks
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Gautam.
>>>>
>>>
>>>
>>>
>>> --
>>> Regards: HAFIZ MUJADID
>>>
>>
>>
>>
>> --
>> Regards,
>> Gautam.
>>
>
>
>
> --
> Regards: HAFIZ MUJADID
>



-- 
Regards,
Gautam.

Re: MySQL 5.7.8 issues

2015-08-06 Thread Gautam Borad 
Ranger 0.5.0 version has the functionality of logging output of Java
patches also.

Please send us the log files from this location :
$RANGER_DIR/ews/logs/ranger_migration.log


On Fri, Aug 7, 2015 at 1:36 AM, Don Bosco Durai  wrote:

> Not sure how to get more log message. If is a fresh env, can you try
> dropping the database and running ./setup.sh again?
>
> Ideally, this shouldn’t happen.
>
> Thanks
>
> Bosco
>
>
> From: "marco.serava...@accenture.com" 
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date: Thursday, August 6, 2015 at 9:47 AM
> To: "user@ranger.incubator.apache.org" 
> Subject: MySQL 5.7.8 issues
>
> Hi,
>
>
>
> I had to upgrade from MySQL 5.7.7 to 5.7.8 and whenever I run
>
> $ ./setup.sh
>
> From the main folder I get the following error
>
> [E] Unable to apply patch:PatchPasswordEncryption_J10001.class. [EL
> Severe]: 2015-08-06 15:50:30.021--ServerSession(811263777)--Exception
> [EclipseLink-4002] (Eclipse Persistence Services -
> 2.5.2.v20131113-a7346c6):
> org.eclipse.persistence.exceptions.DatabaseException
>
>
>
> I think it is quite obvious that the error is in MySQL because before it
> worked like a charm.
>
>
>
> I have already fired a bug report to the MySQL tracker
>
> http://bugs.mysql.com/bug.php?id=77966&thanks=4
>
>
>
> anyhow, has anybody experienced something similar?
>
>
>
> Thanks and best
>
>
>
> Marco
>
>
>
>
> --
>
> Marco Seravalli
> Accenture Technology Solutions GmbH
>
> Anni-Albers-Straße 11
> D-80807 München
>
> Digital & Content / Enterprise Content Management
> Mobile Nr.: +49 151 17156149
>
> marco.serava...@accenture.com
> Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5968.
> Geschäftsführer: Marcus Huth, Frank Mang, Andreas Schuler
>
>
>
>
>
> --
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the email by you is prohibited.
>
>


-- 
Regards,
Gautam.

Re: Ranger - Rest API

2015-08-06 Thread Gautam Borad 
Thanks Aneela, for taking the initiative of contributing to Ranger. Can you
please elaborate more on what you mean by "grant access to users/groups
Programatically" ?

If you mean to create Hadoop component policies using REST APIs, that is
already supported.

On Fri, Aug 7, 2015 at 4:46 AM, Aneela Saleem 
wrote:

> Hi all,
>
> I want to start development. I want to grant access to users/groups
> Programmatically. Is there any coding examples? I have followed these
> links:
>
>
> https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management
>
>
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207
>
> But i did not get much idea.
>
> Can anyone please guide me?
>
> Thanks
>



-- 
Regards,
Gautam.

Re: ranger startup exception

2015-08-06 Thread Gautam Borad 
:MaxPermSize=256m -Xmx1024m -Xms1024m
>>> -Dlogdir=/usr/local/ranger-0.5.0-admin/ews/logs/
>>> -Dcatalina.base=/usr/local/ranger-0.5.0-admin/ews -cp
>>> '/usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf:/usr/local/ranger-0.5.0-admin/ews/lib/*:/usr/local/ranger-0.5.0-admin/ews/ranger_jaas/*:/usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf/ranger_jaas:/usr/lib/jvm/java-7-openjdk-amd64//lib/*:
>>> /home/jsp-api-6.0.20.jar' org.apache.ranger.server.tomcat.EmbeddedServer
>>>
>>>
>>>
>>>
>>> On Thu, Aug 6, 2015 at 11:20 PM, Madhan Neethiraj 
>>> wrote:
>>>
>>>> Hazif,
>>>>
>>>> Can you do the following to help diagnose this issue further?
>>>>
>>>>- Add “set -x” at the beginning of '
>>>>/usr/local/ranger-admin/ews/ranger-admin-services.sh’ (at line #2)
>>>>- Start Ranger Admin with command 
>>>> ‘/usr/local/ranger-admin/ews/ranger-admin-services.sh
>>>>start 2> /tmp/ranger-admin-services-start.out’
>>>>- Email the contents of /tmp/ranger-admin-services-start.out.
>>>>Please note attachments would not work in this email thread; so you 
>>>> might
>>>>need to create a JIRA and attach the file. If the file is small enough, 
>>>> you
>>>>can copy/paste the contents in the email.
>>>>
>>>> Thanks,
>>>> Madhan
>>>>
>>>> From: Hafiz Mujadid 
>>>> Reply-To: "user@ranger.incubator.apache.org" <
>>>> user@ranger.incubator.apache.org>
>>>> Date: Thursday, August 6, 2015 at 10:58 AM
>>>> To: "user@ranger.incubator.apache.org" <
>>>> user@ranger.incubator.apache.org>
>>>> Subject: Re: ranger startup exception
>>>>
>>>> Hi
>>>>
>>>>
>>>> Waiting for help!!!
>>>>
>>>> On Thu, Aug 6, 2015 at 12:37 PM, Hafiz Mujadid <
>>>> hafizmujadi...@gmail.com> wrote:
>>>>
>>>>> Hi Gautam!
>>>>>
>>>>> OS Details
>>>>> DISTRIB_ID=Ubuntu
>>>>> DISTRIB_RELEASE=14.04
>>>>> DISTRIB_CODENAME=trusty
>>>>> DISTRIB_DESCRIPTION="Ubuntu 14.04.2 LTS"
>>>>>
>>>>> Ranger version
>>>>>
>>>>> master branch version 0.5 compiled manually
>>>>>
>>>>> to start ranger I am using following command as root user
>>>>>
>>>>> /usr/local/ranger-admin/ews/ranger-admin-services.sh start
>>>>>
>>>>> JAVA_HOME variable is exported
>>>>>
>>>>> The contents of catalina.out file are as follow
>>>>>
>>>>>
>>>>>
>>>>> Exception in thread "main" java.lang.NoClassDefFoundError:
>>>>> javax/servlet/ServletException
>>>>> at java.lang.Class.getDeclaredMethods0(Native Method)
>>>>> at java.lang.Class.privateGetDeclaredMethods(Class.java:2615)
>>>>> at java.lang.Class.getMethod0(Class.java:2856)
>>>>> at java.lang.Class.getMethod(Class.java:1668)
>>>>> at
>>>>> sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:494)
>>>>> at
>>>>> sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:486)
>>>>> Caused by: java.lang.ClassNotFoundException:
>>>>> javax.servlet.ServletException
>>>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>>>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>>>>> at
>>>>> sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>>>>> ... 6 more
>>>>>
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> On Thu, Aug 6, 2015 at 12:30 PM, Gautam Borad 
>>>>> wrote:
>>>>>
>>>>>> Thanks Hafiz for verifying. Can you send across the following info:
>>>>>

Re: ranger startup exception

2015-08-07 Thread Gautam Borad 
Hafiz, i was able to reproduce this in the latest code.

Please revert the changes done in pom.xml in this commit
<https://github.com/apache/incubator-ranger/commit/edf2af7aa11ab64c8f4a63936001baa3e9da46e9>
and try to build again.

If it works, we need to reopen RANGER-600.

On Fri, Aug 7, 2015 at 11:23 AM, Hafiz Mujadid 
wrote:

> Hi
>
> this is the output of the above command
>
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/solr/ranger-solr-plugin-0.5.0-standalone.jar
> matches
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/hive/hive-jdbc-1.2.0-standalone.jar
> matches
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/kms/ranger-kms-plugin-0.5.0-standalone.jar
> matches
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/hdfs/ranger-hdfs-plugin-0.5.0-standalone.jar
> matches
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/lib/javax.servlet-api-3.1.0.jar
> matches
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/lib/spring-web-3.1.3.RELEASE.jar
> matches
> Binary file
> /usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/lib/servlet-api-2.5.jar
> matches
>
>
>
> On Fri, Aug 7, 2015 at 10:31 AM, Gautam Borad  wrote:
>
>> Hafiz, Seems a slash is missing before 'semicolon'. Please try the below :
>>
>> *find /usr/local/ranger-0.5.0-admin -name "*.jar" -exec fgrep -H
>> ServletException {} \;*
>>
>> On Fri, Aug 7, 2015 at 10:14 AM, Hafiz Mujadid 
>> wrote:
>>
>>> Hi Madhan!
>>>
>>> this command is not working  *find /usr/local/ranger-0.5.0-admin -name
>>> "*.jar" -exec fgrep -H ServletException {} ;*
>>> find: missing argument to `-exec'
>>>
>>> On Fri, Aug 7, 2015 at 1:25 AM, Madhan Neethiraj 
>>> wrote:
>>>
>>>> Hafiz,
>>>>
>>>> Nothing seems to be wrong in the output. One thing I notice is the
>>>> addition of /home/jsp-api-6.0.20.jar in the command-line as a
>>>> classpath.
>>>>
>>>> + java -Dproc_rangeradmin -XX:MaxPermSize=256m -Xmx1024m -Xms1024m
>>>> -Dlogdir=/usr/local/ranger-0.5.0-admin/ews/logs/
>>>> -Dcatalina.base=/usr/local/ranger-0.5.0-admin/ews -cp
>>>> '/usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf:/usr/local/ranger-0.5.0-admin/ews/lib/*:/usr/local/ranger-0.5.0-admin/ews/ranger_jaas/*:/usr/local/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf/ranger_jaas:/usr/lib/jvm/java-7-openjdk-amd64//lib/*:
>>>> /home/jsp-api-6.0.20.jar'
>>>> org.apache.ranger.server.tomcat.EmbeddedServer
>>>>
>>>>
>>>> I guess this could be because you have CLASSPATH environment variable
>>>> set to /home/jsp-api-6.0.20.jar. I don’t think this should result in the
>>>> error you face; but perhaps you can try to start after clearing CLASSPATH
>>>> environment variable?
>>>>
>>>> Also, ServletException class (which seems to be not found - per the
>>>> error) should be in file
>>>> /usr/local/ranger-0.5.0-admin/ews/lib/tomcat-embed-core–7.0.55.jar. Can you
>>>> run the following commands and send its output:
>>>>
>>>> find /usr/local/ranger-0.5.0-admin -name "*.jar" -exec fgrep -H
>>>> ServletException {} \;
>>>>
>>>> Madhan
>>>>
>>>> From: Hafiz Mujadid 
>>>> Reply-To: "user@ranger.incubator.apache.org" <
>>>> user@ranger.incubator.apache.org>
>>>> Date: Thursday, August 6, 2015 at 12:28 PM
>>>>
>>>> To: "user@ranger.incubator.apache.org" <
>>>> user@ranger.incubator.apache.org>
>>>> Subject: Re: ranger startup exception
>>>>
>>>> Hi
>>>>
>>>> I am stuck at above error. I could not resolve it. Anybody knows how to
>>>> figure it out ?
>>>>
>>>> Please help
>>>>
>>>> Thanks
>>>>
>>>> On Thu, Aug 6, 2015 at 11:48 PM, Hafiz Mujadid <
>>>> hafizmujadi...@gmail.com> wrote:
>>>>
>>>>> Hi here are the contents of '/tmp/ranger-admin-services-start.out'
>>>>> after executing command suggested by you
>>>>>
>>>>> + [[ -z start ]]
>>>>> + action=start
>>>>> ++ echo start
>>>>> ++ tr '[:lower:]' '[:up

Re: RangerHivePlugin: FileNotFoundException - xasecure-audit.xml

2015-12-15 Thread Gautam Borad 
Hi Lukas,
If you provide answers to the below question, it would help in
debugging more about the core issue.

   1. What version of Ambari are you using?
   2. Seems like the HDP is 2.3. Is this a fresh installation OR is it an
   upgrade of HDP from 2.2 -> 2.3
   3. Can you paste the output of :
   - ls -al /etc/hadoop/
  - ls -al /etc/hive
  - ls -al /etc
   4. Check if the HDP is pointing to older HDP ( this is only if you did
   update from 2.2 to 2.3 )
  - ls -l /usr/hdp/current
  - hdp-select status ranger-admin



On Tue, Dec 15, 2015 at 3:57 PM, lukas nalezenec 
wrote:

> Hi,
>
> When i install Hive Ranger plugin I am getting FileNotFound exception
> whenever the plugin is activated.
>
> I am already using HDFS ranger plugin and it works well although it may
> use the same code (The plugin also extends RangerBasePlugin).
>
>
> Is it possible that the bug is similar to
> https://issues.apache.org/jira/browse/AMBARI-13564 ?
>
>
> > 15/12/14 13:30:36 [main]: ERROR ql.Driver: FAILED: RuntimeException
> java.io.FileNotFoundException: /etc/hive/2.3.0.0-2557/0/xasecure-audit.xml
> (No such file or directory)
>
> > java.lang.RuntimeException: java.io.FileNotFoundException:
> /etc/hive/2.3.0.0-2557/0/xasecure-audit.xml (No such file or directory)
>
> > at
> org.apache.hadoop.conf.Configuration.loadResource(Configuration.java:2639)
>
> > at
> org.apache.hadoop.conf.Configuration.loadResources(Configuration.java:2502)
>
> > at
> org.apache.hadoop.conf.Configuration.getProps(Configuration.java:2405)
>
> > at
> org.apache.ranger.authorization.hadoop.config.RangerConfiguration.initAudit(RangerConfiguration.java:120)
>
> > at
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:89)
>
> > at
> org.apache.ranger.authorization.hive.authorizer.RangerHivePlugin.init(RangerHiveAuthorizer.java:960)
>
> > at
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.(RangerHiveAuthorizer.java:100)
>
> > at
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory.createHiveAuthorizer(RangerHiveAuthorizerFactory.java:37)
>
> > at
> org.apache.hadoop.hive.ql.session.SessionState.setupAuth(SessionState.java:734)
>
> > at
> org.apache.hadoop.hive.ql.session.SessionState.getAuthorizationMode(SessionState.java:1504)
>
> > at
> org.apache.hadoop.hive.ql.session.SessionState.isAuthorizationModeV2(SessionState.java:1515)
>
> > at
> org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:566)
>
> > at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:468)
>
> > at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:308)
>
> > at
> org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1122)
>
> > at
> org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1170)
>
> > at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1059)
>
> > at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1049)
>
> > at
> org.apache.hadoop.hive.cli.CliDriver.processLocalCmd(CliDriver.java:213)
>
> > at
> org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:165)
>
> > at
> org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:376)
>
> > at
> org.apache.hadoop.hive.cli.CliDriver.executeDriver(CliDriver.java:736)
>
> > at
> org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:681)
>
> > at
> org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:621)
>
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> > at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> > at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> > at java.lang.reflect.Method.invoke(Method.java:497)
>
> > at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
>
> > at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
>
> > Caused by: java.io.FileNotFoundException:
> /etc/hive/2.3.0.0-2557/0/xasecure-audit.xml (No such file or directory)
>
> > at java.io.FileInputStream.open0(Native Method)
>
> > at java.io.FileInputStream.open(FileInputStream.java:195)
>
> > at java.io.FileInputStream.(FileInputStream.java:138)
>
> > at java.io.FileInputStream.(FileInputStream.java:93)
>
> > at
> sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
>
> > at
> sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
>
> > at java.net.URL.openStream(URL.java:1038)
>
> > at
> org.apache.hadoop.conf.Configuration.parse(Configuration.java:2468)
>
> > at
> org.apache.hadoop.conf.

Re: RangerHivePlugin: FileNotFoundException - xasecure-audit.xml

2015-12-15 Thread Gautam Borad 
2.3.0.0-2557/sqoop
> 15:40 sqoop-server->   /usr/hdp/2.3.0.0-2557/sqoop
> 15:40 storm-client   ->   /usr/hdp/2.3.0.0-2557/storm
> 15:40 storm-nimbus   ->   /usr/hdp/2.3.0.0-2557/storm
> 15:40 storm-slider-client  ->
> /usr/hdp/2.3.0.0-2557/storm-slider-client
> 15:40 storm-supervisor->
> /usr/hdp/2.3.0.0-2557/storm
> 15:40 tez-client->   /usr/hdp/2.3.0.0-2557/tez
> 15:40 zookeeper-client->
> /usr/hdp/2.3.0.0-2557/zookeeper
> 15:40 zookeeper-server  ->
> /usr/hdp/2.3.0.0-2557/zookeeper
>
> Hdp-select status ranger-admin
> ranger-admin - 2.3.0.0-2557
>
>
>
> -- Forwarded message --
> From: Gautam Borad 
> Date: 2015-12-15 12:24 GMT+01:00
> Subject: Re: RangerHivePlugin: FileNotFoundException - xasecure-audit.xml
> To: user@ranger.incubator.apache.org
>
>
> Hi Lukas,
> If you provide answers to the below question, it would help in
> debugging more about the core issue.
>
>1. What version of Ambari are you using?
>2. Seems like the HDP is 2.3. Is this a fresh installation OR is it an
>upgrade of HDP from 2.2 -> 2.3
>3. Can you paste the output of :
>- ls -al /etc/hadoop/
>   - ls -al /etc/hive
>   - ls -al /etc
>4. Check if the HDP is pointing to older HDP ( this is only if you did
>update from 2.2 to 2.3 )
>   - ls -l /usr/hdp/current
>   - hdp-select status ranger-admin
>
>
>
> On Tue, Dec 15, 2015 at 3:57 PM, lukas nalezenec <
> lukas.naleze...@gmail.com> wrote:
>
>> Hi,
>>
>> When i install Hive Ranger plugin I am getting FileNotFound exception
>> whenever the plugin is activated.
>>
>> I am already using HDFS ranger plugin and it works well although it may
>> use the same code (The plugin also extends RangerBasePlugin).
>>
>>
>> Is it possible that the bug is similar to
>> https://issues.apache.org/jira/browse/AMBARI-13564 ?
>>
>>
>> > 15/12/14 13:30:36 [main]: ERROR ql.Driver: FAILED: RuntimeException
>> java.io.FileNotFoundException: /etc/hive/2.3.0.0-2557/0/xasecure-audit.xml
>> (No such file or directory)
>>
>> > java.lang.RuntimeException: java.io.FileNotFoundException:
>> /etc/hive/2.3.0.0-2557/0/xasecure-audit.xml (No such file or directory)
>>
>> > at
>> org.apache.hadoop.conf.Configuration.loadResource(Configuration.java:2639)
>>
>> > at
>> org.apache.hadoop.conf.Configuration.loadResources(Configuration.java:2502)
>>
>> > at
>> org.apache.hadoop.conf.Configuration.getProps(Configuration.java:2405)
>>
>> > at
>> org.apache.ranger.authorization.hadoop.config.RangerConfiguration.initAudit(RangerConfiguration.java:120)
>>
>> > at
>> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:89)
>>
>> > at
>> org.apache.ranger.authorization.hive.authorizer.RangerHivePlugin.init(RangerHiveAuthorizer.java:960)
>>
>> > at
>> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.(RangerHiveAuthorizer.java:100)
>>
>> > at
>> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory.createHiveAuthorizer(RangerHiveAuthorizerFactory.java:37)
>>
>> > at
>> org.apache.hadoop.hive.ql.session.SessionState.setupAuth(SessionState.java:734)
>>
>> > at
>> org.apache.hadoop.hive.ql.session.SessionState.getAuthorizationMode(SessionState.java:1504)
>>
>> > at
>> org.apache.hadoop.hive.ql.session.SessionState.isAuthorizationModeV2(SessionState.java:1515)
>>
>> > at
>> org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:566)
>>
>> > at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:468)
>>
>> > at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:308)
>>
>> > at
>> org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1122)
>>
>> > at
>> org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1170)
>>
>> > at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1059)
>>
>> > at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1049)
>>
>> > at
>> org.apache.hadoop.hive.cli.CliDriver.processLocalCmd(CliDriver.java:213)
>>
>> > at
>> org.apache.hadoop.h

Re: Apache Ranger support user Authentication?

2016-01-18 Thread Gautam Borad 
Hi, It is not necessary to use Kerberos for Apache Ranger. Please follow
this guide for a simple node setup :
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation

As can be seen the Kerberos setup (step 7) is optional. Thanks.

On Tue, Jan 19, 2016 at 7:58 AM, zen...@asiainfo.com 
wrote:

> Hi,gautam:
>
>I an new to Apache Ranger.I have one question about Apache ranger.
> We don't want to use Kerberos,because it's too hard to use.
> does Apache Ranger support user Authentication?
>
> Thank you!
>
> --
> 曾勇平
> 18046057107
> zen...@asiainfo.com
> CTC HQ Innovation Business Support Dept.-BJ
> 亚信科技(中国)有限公司
>



-- 
Regards,
Gautam.

Re: Difference between ranger.credential.provider.path and ranger.https.attrib.keystore.file

2016-03-22 Thread Gautam Borad 
Hi Lune,
These are two different properties that we are talking about here.

   - *ranger.https.attrib.keystore.**file* : This property is for providing
   the location of the server keystore certificate to be loaded ( Public CA
   issued keystore ). You can find more info here.
   


   - *ranger.credential.provider.**path* : This property is for providing
   the location of local credential file, which will store DB /Audit DB  /
   LDAP Bind DN etc passwords using the Hadoop CredentialProvider.


For SSL you should look more into the ranger.https.attrib.keystore.file
property.


On Tue, Mar 22, 2016 at 3:18 PM, Lune Silver 
wrote:

> Hello !
>
> I'm currently writing an installation book for my team and myself and I'm
> in the Advanced ranger-admin-site in Ambari UI.
>
> In this part, I can see two parameters :
> - ranger.credential.provider.path : file for credential store
> - ranger.https.attrib.keystore.file : ranger admin keystore
>
> Q1 - What is the difference between these two properties ? What exactly
> does each of this property do ?
>
> Q2 - If I want to enable the secured connection to the Ranger Admin UI,
> which one interests me ?
>
> Best regards.
>
> Lune.
>
>
>


-- 
Regards,
Gautam.

Re: About the property xml_configurations_supported

2016-03-27 Thread Gautam Borad 
Hi Lune,
   The property "xml_configurations_supported" was introduced in Ambari
2.1.0 for the supporting the xml based configurations.

*History*: In ranger 0.5 (which was part of HDP-2.3), the ranger codebase
was changed to read properties from xml file, ranger-admin-site.xml.
Previously these properties were read from .properties file.

Now to support this change the setup process would need to be changed.
Considering the most common two ways Ranger is generally installed, this
required the following changes:

   1. *Manual installation *(non-Ambari): This required changes in setup.sh
   file to read the properties from the install.properties and populate the
   ranger-admin-site.xml
   2. *Ambari based installation*: Since here we need to support both xml
   based and non-xml based Ranger codebase, i had to come up with a flag
   (xml_configurations_supported) to differentiate between them. If the flag
   is set, the UI properties are written to xml file, and if unset its written
   to install.properties.

HTH. Thanks.


On Tue, Mar 22, 2016 at 4:05 PM, Lune Silver 
wrote:

> Hello !
>
> I send you this mail concerning the property
> "xml_configurations_supported".
>
> I cannot find any information about this property in the documentation.
>
> What is the définition of the property "xml_configurations_supported" ?
>
> Best regards.
>
> Lune
>



-- 
Regards,
Gautam.

Re: [ANNOUNCE] New committer: Colm O hEigeartaigh

2016-04-18 Thread Gautam Borad 
Welcome Colm! Great to have you on board.



On Tue, Apr 19, 2016 at 11:00 AM, Madhan Neethiraj 
wrote:

> Ranger community,
>
> Apache Ranger (incubating) Podling Project Management Committee (PPMC) has
> asked Colm O hEigeartaigh to become a committer and we are pleased to
> announce that he has accepted.
>
> Welcome Colm, great to have you on board.
>
> On behalf of the Apache Ranger (incubating) PPMC
>
> Madhan
>
>


-- 
Regards,
Gautam.

Re: session timeout for ranger admin portal

2016-05-24 Thread Gautam Borad 
Hi Arvind, Ramesh is right, you can modify the session-timeout

variable to control the timeout. Thanks.

On Wed, May 25, 2016 at 1:22 AM, Ramesh Mani  wrote:

> Arvind,
>
> Are you mentioning about the Tomcat Session time out here? If so it is in
> web.xml in ranger-admin/ews/webapp/WEB-INF
>
> Thanks,
> Ramesh
>
> From: Arvind S 
> Reply-To: "user@ranger.incubator.apache.org" <
> user@ranger.incubator.apache.org>
> Date: Tuesday, May 24, 2016 at 2:21 AM
> To: "user@ranger.incubator.apache.org" 
> Subject: session timeout for ranger admin portal
>
> is there any location/parameter to set user session timeout for the ranger
> admin portal?
>
> *Cheers !!*
> Arvind
>



-- 
Regards,
Gautam.

Re: Ranger - Kafka Plugin - User ambari-qa

2016-06-20 Thread Gautam Borad 
Ambari has a concept of service check, wherein it tries to perform some
operation on the component, to check if the service is up or not.
For Kafka, it does this by creating a topic named
"ambari_kafka_service_check" (afaik, but please check with Ambari) and the
user "ambari-qa" is used for this operation.

Now, if Ranger Kafka plugin is enabled AND this user is not given enough
permission in Ranger Policy the service check from Ambari will fail.

Apart from this i am not aware of any other use case for this policy.

On Mon, Jun 20, 2016 at 1:40 PM, Lune Silver 
wrote:

> Hello !
>
> I'm using an HDP 2.3.4.7 with ambari 2.2.1.
>
> I send you this mail because I would like to know what are the permissions
> necessary for the user ambari-qa on kafka when Ranger is enabled ?
>
> By default, ambari creates a policy in which this user has all the right
> on everything (resource=* and rights = everything, even delegate admin).
>
> I would like to know if you know why ambari-qa needs all these rights ?
>
> On which topics ambari-qa really needs to have rights ? Do you know which
> rights, everything or only describe or only consume ?
>
> Thank you in advance for your help !
>
> BR.
>
> Lune.
>



-- 
Regards,
Gautam.

Re: Ranger - Kafka Plugin - User ambari-qa

2016-06-20 Thread Gautam Borad 
Lune, yes seems like its written by the Ambari team. Reference :
https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>
<https://github.com/apache/ambari/blame/trunk/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py>

On Mon, Jun 20, 2016 at 4:47 PM, Lune Silver 
wrote:

> Re Gautam.
>
> Thank you for your answer.
> Do you know if ambari mailing list will have more details about this
> service check ? Was it they who wrote the servcie check or the ranger ppl ?
>
> BR.
>
> Lune.
>
>
> On Mon, Jun 20, 2016 at 11:40 AM, Gautam Borad  wrote:
>
>> Ambari has a concept of service check, wherein it tries to perform some
>> operation on the component, to check if the service is up or not.
>> For Kafka, it does this by creating a topic named
>> "ambari_kafka_service_check" (afaik, but please check with Ambari) and the
>> user "ambari-qa" is used for this operation.
>>
>> Now, if Ranger Kafka plugin is enabled AND this user is not given enough
>> permission in Ranger Policy the service check from Ambari will fail.
>>
>> Apart from this i am not aware of any other use case for this policy.
>>
>> On Mon, Jun 20, 2016 at 1:40 PM, Lune Silver 
>> wrote:
>>
>>> Hello !
>>>
>>> I'm using an HDP 2.3.4.7 with ambari 2.2.1.
>>>
>>> I send you this mail because I would like to know what are the
>>> permissions necessary for the user ambari-qa on kafka when Ranger is
>>> enabled ?
>>>
>>> By default, ambari creates a policy in which this user has all the right
>>> on everything (resource=* and rights = everything, even delegate admin).
>>>
>>> I would like to know if you know why ambari-qa needs all these rights ?
>>>
>>> On which topics ambari-qa really needs to have rights ? Do you know
>>> which rights, everything or only describe or only consume ?
>>>
>>> Thank you in advance for your help !
>>>
>>> BR.
>>>
>>> Lune.
>>>
>>
>>
>>
>> --
>> Regards,
>> Gautam.
>>
>
>


-- 
Regards,
Gautam.

Re: Solved two of the three problems met before.

2016-11-21 Thread Gautam Borad 
Hi Wang,
Please note that starting with Ranger 0.6 audit to DB support is
removed. We highly recommend enabling Audit-to-Solr. The Ranger Admin UI
supports reading audits from Solr, so the filtering/browsing of audits will
remain same.

For more info :
https://cwiki.apache.org/confluence/display/RANGER/DB+Audit+Removal

On Mon, Nov 14, 2016 at 12:00 PM, 汪赫扬  wrote:

> Hi all,
>
> I sent an eamil before related to 3 problems I met when using ranger 0.6;
>
> After going through the source code and log, one of my co-worker find the
> x_datamask_type_def table in mysql database is empty which lead to the
> empty datamask filed on web ui. I tried rerun the de_setup.py and
> ./setup.sh withing ranger-0.6.2-admin and the table was still empty.
>
> I tried dropping all the table on the ranger databases and this actually
> solved the empty datamask field and row-level-filteing not taking effect.
>
> Now the datamasking and the row level filtering can work fine, but the
> hdfs audit still appears in mysql instead of in web ui.
>
> So, two of the 3 problems I met actually related to reusing mysql database
> from ranger 0.5.
>
> Hope this can help anyone who may encouter the same problems.
>
> Heyang Wang




-- 
Regards,
Gautam.

Re: ranger solr-plugin

2017-01-03 Thread Gautam Borad 
The following documents should server your purpose :

- Enable Ranger Solr Plugin


- Configure SolrCloud in secure mode


- Ranger installation in Kerberos Environment



Also Bosco, am not sure if any changes were done to the setup script for
Solr plugin support. The script is generic for all components.



On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai  wrote:

> The latest release supports Kerberos. However, the setup is done via
> Apache Ambari. I am not sure whether there is a documentation to set this
> up for manual Ranger install.
>
>
>
> Ankita, since you worked on this, did we update the manual install scripts
> and is there any documentation around it?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *fangheart 
> *Date: *Wednesday, December 28, 2016 at 4:38 PM
> *To: *Don Bosco Durai 
> *Subject: *Re: ranger solr-plugin
>
>
>
> Thank  you  very  much  for  your  reply.if  you can support the
>  kerberoes for  ranger  admin,i  will  thank you very  much.
>
>
>
> Best  wishes  for  you.
>
> On 12/28/2016 08:53, Don Bosco Durai  wrote:
>
> For “Test Connection” to work, you need to have the Ranger Admin also
> Kerberized. Just for your information, connection from Ranger Admin to Solr
> is only required for “collections” lookup. If you know the collections,
> then you can manually type them while creating the policies.
>
>
>
> Let me know if you need help on setting up Kerberos for Ranger Admin.
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" 
> *Date: *Friday, October 28, 2016 at 1:20 AM
> *To: *Don Bosco Durai 
> *Subject: *Re: Re: ranger solr-plugin
>
>
>
> my version is 0.6. And now i install the kerberos. it can work normal .
> But now i have another question.
>
>
>
> *When the authorization and authentication is completed.
>  ranger-solr-service test connection can't show successfully.It show HTTP
> 401 Authentication required.  What should i do let it can test connection?*
>
>
>
> *Thank you for your reply.*
>
>
> --
>
> fanghe...@fangheart.win
>
>
>
> *From:* Don Bosco Durai 
>
> *Date:* 2016-10-28 03:10
>
> *To:* 方久鑫 (fangheart) 
>
> *CC:* user@ranger.incubator.apache.org; ranger
> 
>
> *Subject:* Re: ranger solr-plugin
>
> [Copied user and dev group]
>
> Hello
>
>
>
> I personally have not tested with Solr’s basic auth. All my testing was
> with Kerberos.
>
>
>
> Which Ranger version are you using? Looking at the line numbers, it
> doesn’t seem to be Ranger 0.6
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" 
> *Date: *Tuesday, October 25, 2016 at 2:14 AM
> *To: *bosco 
> *Subject: *ranger solr-plugin
>
>
>
>
>
> my solr can working normal.when i use the security.json like this
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "blockUnknown": true,
>
> "credentials": {
>
> "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= 
> tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
>
> }
>
> },
>
> "authorization": {
>
> "class": "solr.RuleBasedAuthorizationPlugin"
>
> }
>
> }
>
> but when i Securing Solr Collections with Ranger as below:
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "credentials": {
>
> "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= 
> tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
>
> }
>
> },
>
> "authorization": {
>
> "class": 
> "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
>
> }
>
> }
>
> solr-plugin can show in ranger-audit-plugin.
>
>  But solr can't work normal when i open http://localhost:8983/solr/
>
>
>
>
>
> HTTP ERROR 500
>
> Problem accessing /solr/. Reason:
>
> {trace=java.lang.NullPointerException
>
> at 
> org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
>
> at java.lang.String.valueOf(String.java:2849)
>
> at java.lang.StringBuilder.append(StringBuilder.java:128)
>
> at 
> org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
>
> at 
> org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
>
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
>
> at 
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
>
> at 
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
>
> at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>
> at 
> org.eclipse.jetty.serv

Re: ranger solr-plugin

2017-01-03 Thread Gautam Borad 
Bosco, there is a session "Creating Keytab and principals" in the doc
<https://cwiki.apache.org/confluence/display/RANGER/Ranger+installation+in+Kerberized++Environment>,
if that is what you want. After that one will have to enable the plugin
like any other plugin.

However, will still give the doc one shot and try to update if anything is
missing. Thanks.


On Wed, Jan 4, 2017 at 12:47 AM, Don Bosco Durai  wrote:

> Gautam, this is mostly how to setup Apache Ranger to run in Kerberos mode.
> I know, when installed via Ambari, we create the Ranger Admin and Lookup
> user keytabs and appropriate properties are automatically configured.
>
>
>
> So if someone want to do this manually or via our manual setup script,
> then is there any documentation.
>
>
>
> If we don’t, we should create a JIRA and track it for now.
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *Gautam Borad 
> *Reply-To: *
> *Date: *Tuesday, January 3, 2017 at 12:34 AM
> *To: *
> *Cc: *fangheart 
> *Subject: *Re: ranger solr-plugin
>
>
>
> The following documents should server your purpose :
>
>
>
> - Enable Ranger Solr Plugin
> <https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin>
>
>
> - Configure SolrCloud in secure mode
> <https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Cloud+with+Kerberos+for+Ranger+0.5>
>
>
> - Ranger installation in Kerberos Environment
> <https://cwiki.apache.org/confluence/display/RANGER/Ranger+installation+in+Kerberized++Environment>
>
>
>
>
> Also Bosco, am not sure if any changes were done to the setup script for
> Solr plugin support. The script is generic for all components.
>
>
>
>
>
>
>
> On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai  wrote:
>
> The latest release supports Kerberos. However, the setup is done via
> Apache Ambari. I am not sure whether there is a documentation to set this
> up for manual Ranger install.
>
>
>
> Ankita, since you worked on this, did we update the manual install scripts
> and is there any documentation around it?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *fangheart 
> *Date: *Wednesday, December 28, 2016 at 4:38 PM
> *To: *Don Bosco Durai 
> *Subject: *Re: ranger solr-plugin
>
>
>
> Thank  you  very  much  for  your  reply.if  you can support the
>  kerberoes for  ranger  admin,i  will  thank you very  much.
>
>
>
> Best  wishes  for  you.
>
> On 12/28/2016 08:53, Don Bosco Durai  wrote:
>
> For “Test Connection” to work, you need to have the Ranger Admin also
> Kerberized. Just for your information, connection from Ranger Admin to Solr
> is only required for “collections” lookup. If you know the collections,
> then you can manually type them while creating the policies.
>
>
>
> Let me know if you need help on setting up Kerberos for Ranger Admin.
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" 
> *Date: *Friday, October 28, 2016 at 1:20 AM
> *To: *Don Bosco Durai 
> *Subject: *Re: Re: ranger solr-plugin
>
>
>
> my version is 0.6. And now i install the kerberos. it can work normal .
> But now i have another question.
>
>
>
> *When the authorization and authentication is completed.
>  ranger-solr-service test connection can't show successfully.It show HTTP
> 401 Authentication required.  What should i do let it can test connection?*
>
>
>
> *Thank you for your reply.*
>
>
> --
>
> fanghe...@fangheart.win
>
>
>
> *From:* Don Bosco Durai 
>
> *Date:* 2016-10-28 03:10
>
> *To:* 方久鑫 (fangheart) 
>
> *CC:* user@ranger.incubator.apache.org; ranger
> 
>
> *Subject:* Re: ranger solr-plugin
>
> [Copied user and dev group]
>
> Hello
>
>
>
> I personally have not tested with Solr’s basic auth. All my testing was
> with Kerberos.
>
>
>
> Which Ranger version are you using? Looking at the line numbers, it
> doesn’t seem to be Ranger 0.6
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" 
> *Date: *Tuesday, October 25, 2016 at 2:14 AM
> *To: *bosco 
> *Subject: *ranger solr-plugin
>
>
>
>
>
> my solr can working normal.when i use the security.json like this
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "blockUnknown": true,
>
> "credentials": {
>
> "root": "v1kx29vs

Re: [VOTE] Graduate Apache Ranger Project from the Incubator - Resending with additional mail distro

2017-01-08 Thread Gautam Borad 
ed to a data management
>> platform that provides real-time, consistent access to data-intensive
>> applications throughout widely distributed cloud architectures.
>>
>> RESOLVED, that the office of "Vice President, Apache Ranger" be and
>> hereby is created, the person holding such office to serve at the
>> direction of the Board of Directors as the chair of the Apache Ranger
>> Project, and to have primary responsibility for management of the projects
>> within the scope of responsibility of the Apache Ranger Project; and be it
>> Further.
>>
>> RESOLVED,that the persons listed immediately below be and hereby are
>> appointed to serve as the initial members of the Apache Ranger Project:
>>
>> Alok La
>> la...@apache.org<mailto:a...@apache.org><mailto:a...@apache.org>
>> Alan Gates
>> ga...@apache.org<mailto:ga...@apache.org><mailto:ga...@apache.org>
>> Balaji Ganesan
>> bgane...@apache.org<mailto:bgane...@apache.org><mailto:bgane
>> s...@apache.org>
>> Colm O hEigeartaigh
>> cohei...@apache.org<mailto:cohei...@apache.org><mailto:cohei
>> g...@apache.org>
>> Daniel Gruno
>> rum...@cord.dk<mailto:rum...@cord.dk><mailto:rum...@cord.dk>
>> Devaraj Das
>> d...@hortonworks.com<mailto:d...@hortonworks.com><mailto:dda
>> s...@hortonworks.com>
>> Don Bosco Durai
>> bo...@apache.org<mailto:bo...@apache.org><mailto:bo...@apache.org>
>> Dilli Arumugam
>> dillido...@apache.org<mailto:dillido...@apache.org>> illido...@apache.org>
>> Gautam Borad
>> gau...@apache.org<mailto:gau...@apache.org><mailto:gau...@apache.org>
>> Kevin Minder
>> kmin...@apache.org<mailto:kmin...@apache.org><mailto:kmin...@apache.org>
>> Larry Mccay
>> lmc...@apache.org<mailto:lmc...@apache.org><mailto:lmc...@apache.org>
>> Madhanmohan Neethiraj
>> mad...@apache.org<mailto:mad...@apache.org><mailto:mad...@apache.org>
>> Ramesh Mani
>> rm...@hortonworks.com<mailto:rm...@hortonworks.com>> m...@hortonworks.com>
>> Owen O’Malley
>> omal...@apache.org<mailto:omal...@apache.org><mailto:omal...@apache.org>
>> Sanjay Radia
>> san...@hortonworks.com<mailto:san...@hortonworks.com>> san...@hortonworks.com>
>> Selvamohan Neethiraj
>> sneet...@apache.org<mailto:sneet...@apache.org><mailto:sneet
>> h...@apache.org>
>> Velmurugan Periasamy
>> v...@apache.org<mailto:v...@apache.org><mailto:v...@apache.org>
>>
>> NOW, THEREFORE, BE IT FURTHER RESOLVED, that "Selvamohan Neethiraj" be
>> appointed to the
>> office of Vice President, Apache Ranger, to serve in accordance with and
>> subject to the direction of the Board of Directors and the Bylaws of the
>> Foundation until death, resignation, retirement, removal or
>> disqualification, or until a successor is appointed; and be it further
>> RESOLVED, that the initial Apache Ranger PMC be and hereby is tasked with
>> the creation of a set of bylaws intended to encourage open development and
>> increased participation in the Apache Ranger Project; and be it further
>>
>> RESOLVED, that the Apache Ranger Project be and hereby is tasked with the
>> migration of the Apache Incubator Ranger podling; and be it further
>>
>> RESOLVED, that all responsibilities pertaining to the Apache Incubator
>> Ranger polling encumbered upon the Apache Incubator Project are hereafter
>> discharged.
>>
>
>


-- 
Regards,
Gautam.