[Bug] [api] ranger plugin will never be enabled on node only has Hbase RegionServer deployed

datavane / datasophon

The next generation of cloud-native big data management expert , Aims to help users rapidly build stable, efficient, and scalable cloud-native platforms for big data.

https://datasophon.github.io/datasophon-website/

Apache License 2.0

1.14k stars 393 forks source link

[Bug] [api] ranger plugin will never be enabled on node only has Hbase RegionServer deployed #405

Open junhanqiao opened 1 year ago

junhanqiao commented 1 year ago

Search before asking

[X] I had searched in the issues and found no similar issues.

What happened

when i enable ranger for hbase in web ui,node that only has hbase regionServer deployed never enable the ranger-hbase-plugin for node that has Hbase master deployed ,ranger-hbase-plugin enabled as expected

What you expected to happen

i want ranger-hbase-plugin get enabled for node that has only hbase regionServer deployed

How to reproduce

1.deployed hbase ,and have one node only has HBASE RegionServer role

deploy ranger
enable ranger for HBASE service
then check hbase-site.xml on node that only has Hbase RegionServer role deployed,it will see no ranger related config in the file

Anything else

i read the code ,find that the logic is only Master role will enable ranger plugin

44a6d5127fb844e2f54b30967ed12da

Version

v1.1.0

Are you willing to submit PR?

[ ] Yes I am willing to submit a PR!

Code of Conduct

[X] I agree to follow this project's Code of Conduct

datasophon commented 1 year ago

We think that we only need to start Ranger Plugin on HBase Master

junhanqiao commented 1 year ago

We think that we only need to start Ranger Plugin on HBase Master

there is a FAQ said both master and regionserver need install in folling URL https://cwiki.apache.org/confluence/display/RANGER/HBase+Plugin

datasophon commented 1 year ago

We think that we only need to start Ranger Plugin on HBase Master

there is a FAQ said both master and regionserver need install in folling URL https://cwiki.apache.org/confluence/display/RANGER/HBase+Plugin

Although the Ranger plugin can be deployed on HBase RegionServer,but it is not necessary. You can try it by yourself.

datasophon commented 1 year ago

Hbase version 2.4.16 requires version 2.4.0 of the Ranger, and you need to upgrade the Ranger https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.4.0+-+Release+Notes

junhanqiao commented 1 year ago

txs very much! before this issue, i test that authorization check funcion is ok,but when i saw FQA mentioned in ranger doc,i think this must be a problem; I will continue to check if everything funcs ok

junhanqiao commented 1 year ago

finaly ,i foud that ranger-hbase-plugin are still needed;if not ,operations(put,get,delete,scan ...) direct to regionserver ,will not be controlled by ranger;So ranger-hbase-plugin should enabled on both master and region server