ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yusaku Sako (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-9626) Enabling ranger plugin config should modify dependent configs
Date Fri, 13 Feb 2015 23:36:11 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-9626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Yusaku Sako updated AMBARI-9626:
--------------------------------
    Description: 
h4. Changes required for enabling Ranger plugin
*+HDFS+*
||Property||Value||File||
|dfs.permissions.enabled|*true*|hdfs-site.xml|

*+HIVE+*
||Property||Value||File||
|hive.security.authorization.enabled|*true*|hive-site.xml|
|hive.security.authorization.manager|*com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory*|hiveserver2-site.xml|
|hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|
|hive.conf.restricted.list|*Must contain all elements of hive.security.authorization.enabled,
hive.security.authorization.manager,hive.security.authenticator.manager*|hive-site.xml|

*+HBASE+*
||Property||Value||File||
|hbase.security.authorization|*true*|hbase-site.xml|
|hbase.coprocessor.master.classes|Replace org.apache.hadoop.hbase.security.access.AccessController
with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor* and add if not present|hbase-site.xml|
|hbase.coprocessor.region.classes|Replace org.apache.hadoop.hbase.security.access.AccessController
with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml|
|hbase.rpc.protection|*privacy*|hbase-site.xml|

*+KNOX+*
Replace instances of {{AclsAuthz}} with {{XASecurePDPKnox}} in topology.xml

*+STORM+*
||Property||Value||File||
|nimbus.authorizer|*com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer*|storm.yaml|
Note that nimbus.authorizer should be added only when the cluster is already Kerberized; having
this property in a non-Kerberized cluster causes Storm to fail.
h4. Changes required for disabling Ranger plugin

*+HDFS+*
||Property||Value||File||


*+HIVE+*
||Property||Value||File||
|hive.security.authorization.manager|*org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory*|hiveserver2-site.xml|
|hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|


*+HBASE+*
||Property||Value||File||
|hbase.coprocessor.master.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
|hbase.coprocessor.region.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
|hbase.rpc.protection|*authentication*|hbase-site.xml|

*+KNOX+*
Replace instance of {{XASecurePDPKnox}} with {{AclsAuthz}} in all xml files under the topologies
directory

*+STORM+*
||Property||Value||File||
|nimbus.authorizer|*backtype.storm.security.auth.authorizer.SimpleACLAuthorizer* -com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer-|storm.yaml|
Note that nimbus.authorizer should be added only when the cluster is already Kerberized; having
this property in a non-Kerberized cluster causes Storm to fail.


  was:
h4. Changes required for enabling Ranger plugin
*+HDFS+*
||Property||Value||File||
|dfs.permissions.enabled|*true*|hdfs-site.xml|

*+HIVE+*
||Property||Value||File||
|hive.security.authorization.enabled|*true*|hive-site.xml|
|hive.security.authorization.manager|*com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory*|hiveserver2-site.xml|
|hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|
|hive.conf.restricted.list|*Must contain all elements of hive.security.authorization.enabled,
hive.security.authorization.manager,hive.security.authenticator.manager*|hive-site.xml|

*+HBASE+*
||Property||Value||File||
|hbase.security.authorization|*true*|hbase-site.xml|
|hbase.coprocessor.master.classes|Replace org.apache.hadoop.hbase.security.access.AccessController
with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor* and add if not present|hbase-site.xml|
|hbase.coprocessor.region.classes|Replace org.apache.hadoop.hbase.security.access.AccessController
with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml|
|hbase.rpc.protection|*privacy*|hbase-site.xml|

*+KNOX+*
Replace instances of {{AclsAuthz}} with {{XASecurePDPKnox}} in all xml files under the topologies
directory

*+STORM+*
||Property||Value||File||
|nimbus.authorizer|*com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer*|storm.yaml|
Note that nimbus.authorizer should be added only when the cluster is already Kerberized; having
this property in a non-Kerberized cluster causes Storm to fail.
h4. Changes required for disabling Ranger plugin

*+HDFS+*
||Property||Value||File||


*+HIVE+*
||Property||Value||File||
|hive.security.authorization.manager|*org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory*|hiveserver2-site.xml|
|hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|


*+HBASE+*
||Property||Value||File||
|hbase.coprocessor.master.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
|hbase.coprocessor.region.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
|hbase.rpc.protection|*authentication*|hbase-site.xml|

*+KNOX+*
Replace instance of {{XASecurePDPKnox}} with {{AclsAuthz}} in all xml files under the topologies
directory

*+STORM+*
||Property||Value||File||
|nimbus.authorizer|*backtype.storm.security.auth.authorizer.SimpleACLAuthorizer* -com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer-|storm.yaml|
Note that nimbus.authorizer should be added only when the cluster is already Kerberized; having
this property in a non-Kerberized cluster causes Storm to fail.



> Enabling ranger plugin config should modify dependent configs
> -------------------------------------------------------------
>
>                 Key: AMBARI-9626
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9626
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.0.0
>            Reporter: Srimanth Gunturi
>            Assignee: Srimanth Gunturi
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9626.patch
>
>
> h4. Changes required for enabling Ranger plugin
> *+HDFS+*
> ||Property||Value||File||
> |dfs.permissions.enabled|*true*|hdfs-site.xml|
> *+HIVE+*
> ||Property||Value||File||
> |hive.security.authorization.enabled|*true*|hive-site.xml|
> |hive.security.authorization.manager|*com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory*|hiveserver2-site.xml|
> |hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|
> |hive.conf.restricted.list|*Must contain all elements of hive.security.authorization.enabled,
hive.security.authorization.manager,hive.security.authenticator.manager*|hive-site.xml|
> *+HBASE+*
> ||Property||Value||File||
> |hbase.security.authorization|*true*|hbase-site.xml|
> |hbase.coprocessor.master.classes|Replace org.apache.hadoop.hbase.security.access.AccessController
with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor* and add if not present|hbase-site.xml|
> |hbase.coprocessor.region.classes|Replace org.apache.hadoop.hbase.security.access.AccessController
with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml|
> |hbase.rpc.protection|*privacy*|hbase-site.xml|
> *+KNOX+*
> Replace instances of {{AclsAuthz}} with {{XASecurePDPKnox}} in topology.xml
> *+STORM+*
> ||Property||Value||File||
> |nimbus.authorizer|*com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer*|storm.yaml|
> Note that nimbus.authorizer should be added only when the cluster is already Kerberized;
having this property in a non-Kerberized cluster causes Storm to fail.
> h4. Changes required for disabling Ranger plugin
> *+HDFS+*
> ||Property||Value||File||
> *+HIVE+*
> ||Property||Value||File||
> |hive.security.authorization.manager|*org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory*|hiveserver2-site.xml|
> |hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml|
> *+HBASE+*
> ||Property||Value||File||
> |hbase.coprocessor.master.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
> |hbase.coprocessor.region.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml||
> |hbase.rpc.protection|*authentication*|hbase-site.xml|
> *+KNOX+*
> Replace instance of {{XASecurePDPKnox}} with {{AclsAuthz}} in all xml files under the
topologies directory
> *+STORM+*
> ||Property||Value||File||
> |nimbus.authorizer|*backtype.storm.security.auth.authorizer.SimpleACLAuthorizer* -com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer-|storm.yaml|
> Note that nimbus.authorizer should be added only when the cluster is already Kerberized;
having this property in a non-Kerberized cluster causes Storm to fail.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message