New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HDDS-6995. Update ranger-intg to v2.3.0 #3603
Conversation
Thanks @DaveTeng0 for the patch. The CI So it looks like
We might want to try approach (2) first as
As long as the CI passes after the new dependency exclusion we should be good ( |
I'm not sure excluding the dependency is the correct fix. It looks like those failing tests are incorrectly using apache commons LogFactory to get the loggers to scan, instead of slf4j LoggerFactory. I think something like this might be better. |
Thanks @errose28 . But do we want to introduce the extra jar? Looks like I do agree that the incorrect usage should be fixed. Maybe we could open another jira for it? |
I think we should not exclude a dependency unless it is causing breaking problems. Since the test logging issues were on our end I think we should leave |
@errose28 Alrighty. Let's not exclude |
sure! working on it! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 pending CI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the additional fixes in this PR @DaveTeng0 LGTM as well.
Thanks for this PR @DaveTeng0. As we discussed in the community meeting, @errose28 , can we verify the ranger client integration works well with the s3gateway with Grpc transport? Run the CI with Grpc s3gateway settings: Also does the update to 2.3.0 work well both with and without |
CI completed. |
Hi @neils-dev. @smengcl did testing for the new ranger-intg jar version and grpc in a secure cluster and found some issues when testing grpc transport with tls. I will let him add the details. The new ranger client version worked the same as the old one though.
This version change is only for the Ranger client used by multi-tenancy in the |
Hey @neils-dev , sorry for the wait. We were dealing with an issue on our end: We bumped I have briefly tested S3 gateway with and without a tenant (default s3v volume). Works as expected. Env:
$ kinit -kt /path/to/om.keytab om
$ ozone getconf confKey hdds.grpc.tls.enabled
true
$ ozone tenant create tenant1 --om-service-id=ozone1
22/07/21 01:44:14 INFO rpc.RpcClient: Creating Tenant: 'tenant1', with new volume: 'tenant1'
$ ozone tenant user assign --tenant=tenant1 hive --om-service-id=ozone1
export AWS_ACCESS_KEY_ID='tenant1$hive'
export AWS_SECRET_ACCESS_KEY='<RANDOMACCESSKEY>'
$ kdestroy
$ export AWS_ACCESS_KEY_ID='tenant1$hive'
$ export AWS_SECRET_ACCESS_KEY='<RANDOMACCESSKEY>'
$ alias awsc='aws s3api --endpoint https://<S3G>:9879 --ca-bundle /path/to/cacerts.pem'
$ awsc list-buckets
{
"Buckets": []
}
$ awsc create-bucket --bucket buck1
{
"Location": "https://<S3G>:9879/buck1"
}
$ awsc list-buckets
{
"Buckets": [
{
"Name": "buck1",
"CreationDate": "2022-07-21T01:49:23.022000+00:00"
}
]
}
$ awsc list-objects --bucket buck1
$ awsc put-object --bucket buck1 --key awscliv2-uploaded.zip --body awscliv2.zip
$ awsc list-objects --bucket buck1
{
"Contents": [
{
"Key": "awscliv2-uploaded.zip",
"LastModified": "2022-07-21T01:54:12.548000+00:00",
"ETag": "2022-07-21T01:54:12.548Z",
"Size": 47048038,
"StorageClass": "STANDARD"
}
]
}
$ awsc get-object --bucket buck1 --key awscliv2-uploaded.zip awscliv2-got.zip
{
"AcceptRanges": "bytes",
"LastModified": "2022-07-21T01:54:12+00:00",
"ContentLength": 47048038,
"CacheControl": "no-cache",
"ContentType": "application/octet-stream",
"Expires": "2022-07-21T01:54:45+00:00",
"Metadata": {}
}
$ sha256sum *.zip
bb8f11423aaa00be3a18f2cbf301d1d835e3ab17f0d91404ef5ee627ef216e58 awscliv2-got.zip
bb8f11423aaa00be3a18f2cbf301d1d835e3ab17f0d91404ef5ee627ef216e58 awscliv2.zip
Similarly tested with default Thanks, |
No problem, I know you guys are busy. Thank you, @smengcl for testing out the ranger client upgrade with the Glad to learn the ranger integration with and without tenants works as expected. Thanks again! - Neil |
@neils-dev You're welcome! :D |
Thanks @DaveTeng0 for the patch. Thanks @neils-dev for raising the jira. Thanks @errose28 for the review. CI passed. Will merge shortly. |
What changes were proposed in this pull request?
Update ranger-intg to v2.3.0
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-6995
How was this patch tested?
Manual tests build from developer's machine