ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject ambari git commit: AMBARI-13316. Stack Advisor for hive.security.authorization.manager with Ranger enabled is not specific enough (gautam)
Date Thu, 08 Oct 2015 06:21:01 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 7d6b2d74d -> e9389246d


AMBARI-13316. Stack Advisor for hive.security.authorization.manager with
Ranger enabled is not specific enough (gautam)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e9389246
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e9389246
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e9389246

Branch: refs/heads/trunk
Commit: e9389246dc3dbe98eccf32e8ad89eca808e6438f
Parents: 7d6b2d7
Author: Gautam Borad <gborad@gmail.com>
Authored: Mon Oct 5 18:54:12 2015 +0530
Committer: Gautam Borad <gborad@hortonworks.com>
Committed: Thu Oct 8 11:50:43 2015 +0530

----------------------------------------------------------------------
 .../stacks/HDP/2.2/services/stack_advisor.py    | 49 ++++----------------
 .../RANGER/configuration/ranger-ugsync-site.xml |  7 ++-
 .../stacks/HDP/2.3/services/stack_advisor.py    | 11 ++++-
 .../stacks/2.2/common/test_stack_advisor.py     |  2 +-
 4 files changed, 24 insertions(+), 45 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/e9389246/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index 6ccd7eb..71fa5ab 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -1006,14 +1006,21 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
           validationItems.append({"config-name": prop_name,
                                   "item": self.getWarnItem(
                                   "If Ranger Hive Plugin is enabled."\
-                                  " {0} needs to be set to {1}".format(prop_name,prop_val))})
+                                  " {0} under hiveserver2-site needs to be set to {1}".format(prop_name,prop_val))})
         prop_name = 'hive.security.authenticator.manager'
         prop_val = "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator"
         if prop_name not in hive_server2 or hive_server2[prop_name] != prop_val:
           validationItems.append({"config-name": prop_name,
                                   "item": self.getWarnItem(
                                   "If Ranger Hive Plugin is enabled."\
-                                  " {0} needs to be set to {1}".format(prop_name,prop_val))})
+                                  " {0} under hiveserver2-site needs to be set to {1}".format(prop_name,prop_val))})
+        prop_name = 'hive.security.authorization.enabled'
+        prop_val = 'true'
+        if prop_name in hive_server2 and hive_server2[prop_name] != prop_val:
+          validationItems.append({"config-name": prop_name,
+                                  "item": self.getWarnItem(
+                                  "If Ranger Hive Plugin is enabled."\
+                                  " {0} under hiveserver2-site needs to be set to {1}".format(prop_name,
prop_val))})
       ##Add stack validations for  Ranger plugin disabled.
       elif not ranger_plugin_enabled:
         prop_name = 'hive.security.authorization.manager'
@@ -1049,44 +1056,6 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
     parentValidationProblems = super(HDP22StackAdvisor, self).validateHiveConfigurations(properties,
recommendedDefaults, configurations, services, hosts)
     hive_site = properties
     validationItems = []
-    #Adding Ranger Plugin logic here
-    ranger_plugin_properties = getSiteProperties(configurations, "ranger-hive-plugin-properties")
-    hive_env_properties = getSiteProperties(configurations, "hive-env")
-    ranger_plugin_enabled = hive_env_properties \
-                            and 'hive_security_authorization' in hive_env_properties \
-                            and hive_env_properties['hive_security_authorization'].lower()
== 'ranger'
-    servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-    ##Add stack validations only if Ranger is enabled.
-    if ("RANGER" in servicesList):
-      ##Add stack validations for  Ranger plugin enabled.
-      if ranger_plugin_enabled:
-        prop_name = 'hive.security.authorization.enabled'
-        prop_val = 'true'
-        if hive_site and \
-            prop_name in hive_site and \
-          hive_site[prop_name] != prop_val:
-          validationItems.append({"config-name": prop_name,
-                                  "item": self.getWarnItem(
-                                    "If Ranger Hive Plugin is enabled." \
-                                    " {0} needs to be set to {1}".format(prop_name,prop_val))})
-
-        prop_name = 'hive.conf.restricted.list'
-        prop_vals = 'hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager'.split(',')
-        current_vals = []
-        if hive_site and prop_name in hive_site:
-          current_vals = hive_site[prop_name].split(',')
-
-        missing_vals = []
-
-        for val in prop_vals:
-          if not val in current_vals:
-            missing_vals.append(val)
-
-        if missing_vals:
-          validationItems.append({"config-name": prop_name,
-                                  "item": self.getWarnItem(
-                                  "If Ranger Hive Plugin is enabled." \
-                                  " {0} needs to contain {1}".format(prop_name, ','.join(missing_vals)))})
     stripe_size_values = [8388608, 16777216, 33554432, 67108864, 134217728, 268435456]
     stripe_size_property = "hive.exec.orc.default.stripe.size"
     if stripe_size_property in properties and \

http://git-wip-us.apache.org/repos/asf/ambari/blob/e9389246/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
index 39dfe43..4c12322 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -130,7 +130,7 @@
 
   <property>
     <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
-    <value>5</value>
+    <value>60</value>
     <description>Sleeptime interval in milliseconds, if &lt; 1000 then default
to 30 sec</description>
   </property>
 
@@ -250,11 +250,14 @@
   <property>
     <name>ranger.usersync.ldap.user.searchfilter</name>
     <display-name>​User Search Filter</display-name>
-    <value>empty</value>
+    <value></value>
     <description>"optional additional filter constraining the users selected for syncing
 # a sample value would be (dept=eng)
 # please customize the value to suit your deployment
 # default value is empty"</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
   </property>
 
   <property>

http://git-wip-us.apache.org/repos/asf/ambari/blob/e9389246/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index cfae4d4..a2bae0f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -377,14 +377,21 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
           validationItems.append({"config-name": prop_name,
                                   "item": self.getWarnItem(
                                   "If Ranger Hive Plugin is enabled."\
-                                  " {0} needs to be set to {1}".format(prop_name,prop_val))})
+                                  " {0} under hiveserver2-site needs to be set to {1}".format(prop_name,prop_val))})
         prop_name = 'hive.security.authenticator.manager'
         prop_val = "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator"
         if prop_name in hive_server2 and hive_server2[prop_name] != prop_val:
           validationItems.append({"config-name": prop_name,
                                   "item": self.getWarnItem(
                                   "If Ranger Hive Plugin is enabled."\
-                                  " {0} needs to be set to {1}".format(prop_name,prop_val))})
+                                  " {0} under hiveserver2-site needs to be set to {1}".format(prop_name,prop_val))})
+        prop_name = 'hive.security.authorization.enabled'
+        prop_val = 'true'
+        if prop_name in hive_server2 and hive_server2[prop_name] != prop_val:
+          validationItems.append({"config-name": prop_name,
+                                  "item": self.getWarnItem(
+                                  "If Ranger Hive Plugin is enabled."\
+                                  " {0} under hiveserver2-site needs to be set to {1}".format(prop_name,
prop_val))})
       ##Add stack validations for  Ranger plugin disabled.
       elif not ranger_plugin_enabled:
         prop_name = 'hive.security.authorization.manager'

http://git-wip-us.apache.org/repos/asf/ambari/blob/e9389246/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index 6424bb5..3362c94 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -2974,7 +2974,7 @@ class TestHDP22StackAdvisor(TestCase):
     }
 
     # Test with ranger plugin enabled, validation fails
-    res_expected = [{'config-type': 'hiveserver2-site', 'message': 'If Ranger Hive Plugin
is enabled. hive.security.authorization.manager needs to be set to com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory',
'type': 'configuration', 'config-name': 'hive.security.authorization.manager', 'level': 'WARN'},
{'config-type': 'hiveserver2-site', 'message': 'If Ranger Hive Plugin is enabled. hive.security.authenticator.manager
needs to be set to org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator', 'type':
'configuration', 'config-name': 'hive.security.authenticator.manager', 'level': 'WARN'}]
+    res_expected = [{'config-type': 'hiveserver2-site', 'message': 'If Ranger Hive Plugin
is enabled. hive.security.authorization.manager under hiveserver2-site needs to be set to
com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory', 'type': 'configuration',
'config-name': 'hive.security.authorization.manager', 'level': 'WARN'}, {'config-type': 'hiveserver2-site',
'message': 'If Ranger Hive Plugin is enabled. hive.security.authenticator.manager under hiveserver2-site
needs to be set to org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator', 'type':
'configuration', 'config-name': 'hive.security.authenticator.manager', 'level': 'WARN'}]
     res = self.stackAdvisor.validateHiveServer2Configurations(properties, recommendedDefaults,
configurations, services, {})
     self.assertEquals(res, res_expected)
 


Mime
View raw message