Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C798F10869 for ; Fri, 13 Feb 2015 20:49:12 +0000 (UTC) Received: (qmail 82891 invoked by uid 500); 13 Feb 2015 20:49:12 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 82860 invoked by uid 500); 13 Feb 2015 20:49:12 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 82791 invoked by uid 99); 13 Feb 2015 20:49:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Feb 2015 20:49:12 +0000 Date: Fri, 13 Feb 2015 20:49:12 +0000 (UTC) From: "Srimanth Gunturi (JIRA)" To: dev@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AMBARI-9626) Enabling ranger plugin config should modify dependent configs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMBARI-9626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Srimanth Gunturi updated AMBARI-9626: ------------------------------------- Attachment: AMBARI-9626.patch Verified on live cluster and tests pass {code} [exec] [exec] 5372 tests complete (11 seconds) [exec] 62 tests pending [exec] {code} > Enabling ranger plugin config should modify dependent configs > ------------------------------------------------------------- > > Key: AMBARI-9626 > URL: https://issues.apache.org/jira/browse/AMBARI-9626 > Project: Ambari > Issue Type: Bug > Components: ambari-web > Affects Versions: 2.0.0 > Reporter: Srimanth Gunturi > Assignee: Srimanth Gunturi > Fix For: 2.0.0 > > Attachments: AMBARI-9626.patch > > > h4. Changes required for enabling Ranger plugin > *+HDFS+* > ||Property||Value||File|| > |dfs.permissions.enabled|*true*|hdfs-site.xml| > -|dfs.permissions|*true*|hdfs-site.xml|- <- crossing out since this is only for backward compatibility and no longer needed > *+HIVE+* > ||Property||Value||File|| > |hive.security.authorization.enabled|*true*|hive-site.xml| > |hive.security.authorization.manager|*com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory*|hiveserver2-site.xml| > |hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml| > |hive.conf.restricted.list|*Must contain all elements of hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager*|hive-site.xml| > *+HBASE+* > ||Property||Value||File|| > |hbase.security.authorization|*true*|hbase-site.xml| > |hbase.coprocessor.master.classes|Replace org.apache.hadoop.hbase.security.access.AccessController with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor* and add if not present|hbase-site.xml| > |hbase.coprocessor.region.classes|Replace org.apache.hadoop.hbase.security.access.AccessController with *com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml| > |hbase.rpc.protection|*privacy*|hbase-site.xml| > -|hbase.rpc.engine|*org.apache.hadoop.hbase.ipc.SecureRpcEngine*|hbase-site.xml|- <- crossing out since this is no longer needed by HBase > *+KNOX+* > Replace instances of {{AclsAuthz}} with {{XASecurePDPKnox}} in all xml files under the topologies directory > *+STORM+* > ||Property||Value||File|| > |nimbus.authorizer|*com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer*|storm.yaml| > Note that nimbus.authorizer should be added only when the cluster is already Kerberized; having this property in a non-Kerberized cluster causes Storm to fail. > h4. Changes required for disabling Ranger plugin > *+HDFS+* > ||Property||Value||File|| > *+HIVE+* > ||Property||Value||File|| > |hive.security.authorization.manager|*org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory*|hiveserver2-site.xml| > |hive.security.authenticator.manager|*org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator*|hiveserver2-site.xml| > *+HBASE+* > ||Property||Value||File|| > |hbase.coprocessor.master.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml|| > |hbase.coprocessor.region.classes|*Remove com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor*|hbase-site.xml|| > |hbase.rpc.protection|*authentication*|hbase-site.xml| > *+KNOX+* > Replace instance of {{XASecurePDPKnox}} with {{AclsAuthz}} in all xml files under the topologies directory > *+STORM+* > ||Property||Value||File|| > |nimbus.authorizer|*backtype.storm.security.auth.authorizer.SimpleACLAuthorizer* -com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer-|storm.yaml| > Note that nimbus.authorizer should be added only when the cluster is already Kerberized; having this property in a non-Kerberized cluster causes Storm to fail. -- This message was sent by Atlassian JIRA (v6.3.4#6332)