ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-14036) Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
Date Wed, 25 Nov 2015 23:20:11 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-14036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15027781#comment-15027781
] 

Hudson commented on AMBARI-14036:
---------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #3912 (See [https://builds.apache.org/job/Ambari-trunk-Commit/3912/])
AMBARI-14036. Add recommendations for authorization provider(upgrade (vbrodetskyi: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=82c93425d85b893a8454cf63694b1ce190b0ae3d])
* ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog213Test.java
* ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
* ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog213.java
* ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
* ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py


> Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
> ------------------------------------------------------------------------------------
>
>                 Key: AMBARI-14036
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14036
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.3
>            Reporter: Vitaly Brodetskyi
>            Assignee: Vitaly Brodetskyi
>            Priority: Critical
>             Fix For: 2.1.3
>
>         Attachments: AMBARI-14036.patch
>
>
> Basic implementation AMBARI-9587
> *1st task:*
> While upgrading a cluster above 2.0.0 Ambari version, if knox topology file is present
without authorization provider then add correct authorization provider i.e
> # If Ranger plugin is not enabled for Knox then
> {code}
> <provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider> 
> {code}
> # If Ranger plugin for knox is enabled then
> {code}
> <provider> <role>authorization</role> <name>XASecurePDPKnox</name>
<enabled>true</enabled> </provider> 
> {code}
> NOTE: If this logic is going in upgrade catalog for 2.0.0 then we can simply modify knox
topology to add "<provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider>" as Ranger service itself was added
in 2.0.0 
> *2nd task:*
> Stack advisor right now recommends the value of authorization provider in topology file
when ranger plugin is enabled or disabled. But this will happen only if authorization provider
tag is present in topology file or else the recommendation logic will be skipped. Stack advisor
code needs to be changed so that while enabling or disabling ranger plugin for knox if authorization
provider tag does not exist then the corresponding authorization provider tag should be added
while sending back recommendation to ambari-web.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message