ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <>
Subject [jira] [Commented] (AMBARI-14036) Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
Date Tue, 24 Nov 2015 13:20:11 GMT


Hadoop QA commented on AMBARI-14036:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment
  against trunk revision .

    {color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output:

This message is automatically generated.

> Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
> ------------------------------------------------------------------------------------
>                 Key: AMBARI-14036
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.3
>            Reporter: Vitaly Brodetskyi
>            Assignee: Vitaly Brodetskyi
>            Priority: Critical
>             Fix For: 2.1.3
>         Attachments: AMBARI-14036.patch
> Basic implementation AMBARI-9587
> *1st task:*
> While upgrading a cluster above 2.0.0 Ambari version, if knox topology file is present
without authorization provider then add correct authorization provider i.e
> # If Ranger plugin is not enabled for Knox then
> {code}
> <provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider> 
> {code}
> # If Ranger plugin for knox is enabled then
> {code}
> <provider> <role>authorization</role> <name>XASecurePDPKnox</name>
<enabled>true</enabled> </provider> 
> {code}
> NOTE: If this logic is going in upgrade catalog for 2.0.0 then we can simply modify knox
topology to add "<provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider>" as Ranger service itself was added
in 2.0.0 
> *2nd task:*
> Stack advisor right now recommends the value of authorization provider in topology file
when ranger plugin is enabled or disabled. But this will happen only if authorization provider
tag is present in topology file or else the recommendation logic will be skipped. Stack advisor
code needs to be changed so that while enabling or disabling ranger plugin for knox if authorization
provider tag does not exist then the corresponding authorization provider tag should be added
while sending back recommendation to ambari-web.

This message was sent by Atlassian JIRA

View raw message