Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-12782

Handle file permissions for jceks file in umask 027

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.1
    • Fix Version/s: 2.1.2
    • Component/s: None
    • Labels:
      None

      Description

      1. Handle : cd_access='a' for /etc/ranger/ (when jceks files are created)
        • Audit to DB fails in a case if Ranger is not installed on same host as that of component host.
        • For example Ranger is running on Host1 and Hiveserver2 is running on Host2. Then as /etc/ranger/<repository_name> gets created and has owner as hive user. However, due to umask setting /etc/ranger gets 750 permission with root:root as owner:group.
        • Due to this when hive user tries to read the jceks file to generate audits to DB - it gets permission denied error.
      2. rectifying ranger_audit_db passwd to be used while creating jceks for Ranger Audit DB

        Issue Links

          Activity

          Hide
          hadoopqa Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12750775/AMBARI-12782.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in ambari-server.

          Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/3595//testReport/
          Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3595//console

          This message is automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12750775/AMBARI-12782.patch against trunk revision . +1 @author . The patch does not contain any @author tags. -1 tests included . The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in ambari-server. Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/3595//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3595//console This message is automatically generated.
          Hide
          afernandez Alejandro Fernandez added a comment -

          Pushed to branch-2.1
          commit 569c4a1596f214c6a1475ae8dfee5bb770ac28eb

          Does this need to go into trunk?

          Show
          afernandez Alejandro Fernandez added a comment - Pushed to branch-2.1 commit 569c4a1596f214c6a1475ae8dfee5bb770ac28eb Does this need to go into trunk?
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Ambari-branch-2.1 #389 (See https://builds.apache.org/job/Ambari-branch-2.1/389/)
          AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro) (afernandez: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=569c4a1596f214c6a1475ae8dfee5bb770ac28eb)

          • ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
          • ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
          • ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Ambari-branch-2.1 #389 (See https://builds.apache.org/job/Ambari-branch-2.1/389/ ) AMBARI-12782 . Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro) (afernandez: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=569c4a1596f214c6a1475ae8dfee5bb770ac28eb ) ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
          Hide
          afernandez Alejandro Fernandez added a comment -

          Pushed to trunk,
          commit ba4e1c956ed30a1cd6553af85ddd61d136061f6c

          Show
          afernandez Alejandro Fernandez added a comment - Pushed to trunk, commit ba4e1c956ed30a1cd6553af85ddd61d136061f6c
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Ambari-trunk-Commit #3303 (See https://builds.apache.org/job/Ambari-trunk-Commit/3303/)
          AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro) (afernandez: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=ba4e1c956ed30a1cd6553af85ddd61d136061f6c)

          • ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
          • ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
          • ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Ambari-trunk-Commit #3303 (See https://builds.apache.org/job/Ambari-trunk-Commit/3303/ ) AMBARI-12782 . Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro) (afernandez: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=ba4e1c956ed30a1cd6553af85ddd61d136061f6c ) ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py

            People

            • Assignee:
              gautamborad Gautam Borad
              Reporter:
              gautamborad Gautam Borad
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development