We are planning to make a replica cluster of existing CDP cluster. I can import/export policies but can not import/export roles.
We have around 2k+ roles, using following api I can create role but wanted to know if this can be automated
/public/v2/api/roles
Any pointers would be helpful?
As of now there is no easy our automated way to import/export roles in Ranger-CDP.
However, we can automate it using a simple python script. You can find the script on following url:-
https://github.com/patilajinkya/ranger_automate/blob/main/roles_exporter.py
Note:- Please read roles_exportes_README.txt before executing the script and let me know if you face any issues. I have tested this on one my test clusters and all looks good.
One thing to keep in mind is, all users and groups from source cluster needs to be available in destination cluster and no duplicate roles should exist in destination cluster.
If you have any suggestions to improve the script, let me know in the comments.
Related
We are a small team. Developers are also ops guys. When I use the role based strategy, I have a role devops that allows all developers to create and run jobs. However, there's also a go-production job, and I don't want all the developers to be able to run it. I tried project role, but looks like if I give the role devops to developers, the project role does not take effect.
How can I solve this?
Yes, the Global Roles override anything you specify in the Project Roles, that's why your project role doesn't take effect. I propose you to limit global devops role to have permissions only for reading and creating jobs, and then create new project role with permission to run/configure/delete jobs on the specific project (or projects).
For project roles there is useful Pattern field, that consists in a regular expression aimed at matching the full name (including the folder name, if you're using Cloudbees Folders Plugin) of the jobs which the role will apply to. For details see official documentation.
I know it's gonna be a very broad question and I'm pretty sure this is not anything new in todays world, but I really don't now where to start on this one.
I've started working on a rails-based service that would allow users to create, configure and manage their projects (basicaly copies of a single app with customization). The projects would be run on a subdomain with an option of connecting their own domain. (Quite similar to how SquareSpace and Wix and many other website building services handle their websites)
I want these projects to be as flexible and customizable as possible (including the visual design, some additional features etc) while maintaing ease of setup and updates for the codebase itself.
So the questions I start with:
Should each project be a separate app (basicaly a copy out of the
same repo) with its own configs, database, nginx and unicorn
configs, etc. or should I keep all in 1 app and differenciate them
with different configs and maybe databases and assets?
If it's better to keep everything separated...
... what's the best setup process (provided that I have basic configuration to start with)?
... how would I be able to update them all (with bugfixes, new features, performance improvements etc.) from one place?
If I keep all the projects in the same app...
... how should I manage the configuration concurency between projects?
... how do I separate the data and assets?
As always, I'd be grateful for any sufficient help I can get.
I have no experience building these kind of things and maybe there is an easy solution I'm not aware of. But my answer may give you some ideas/pointers to start with.
1) It's hard to give an accurate answer but based on the high personalization criteria and the "copies of a single app" you talk about, I would go for an architecture more PAAS-like than SAAS-like. So separated apps.
2.1) You may want to consider a setting using:
A main rails app, with a main webserver and a main nginx conf. A wildcard domain.
A bunch of dynamically managed docker containers. Each container is initialized from your single app, and then personalized by the user. User is associated to its containers through the main rails app. When a container is created from the main app, the main nginx config is updated (i.e. by adding a file in sites-enabled which define a new 'server' that bind the open port of the new container, and the right 'server_name').
Each contained rails app ship an unique and shared rails engine. The rails engine is shipped by adding the corresponding gem in the Gemfile so it can be updated.
2.2) You update the 'shared rails engine' gem. You can then run bundle install in each containers.
People interested in these kind of setups may consider tools like dokku and deis.
Consider a multi-tenant architecture. We've used it effectively for fleet-genius.com.
The following link provides a good overview of the architecture from a Rails point of view.
http://blog.elbowroomstudios.com/zero-to-multitenant-in-15-minutes-a-rails-walkthrough/
I'm looking to build an application similar to Github, similar in the sense that you have both Users and Organizations, and these two can have many X (in the case of Github, it's repositories).
Does anyone know what's the best way to go about this? Should I put them both on the same Database table with a 'type' attribute, or just do 2 different tables?
Thanks for any help!
Edit: So the application I have in mind is not meant to host code. It's similar to Github in just that it has Users and Organizations, who both can create X.
This has already been done very well with GitLab. You might consider using GitLab, rather than creating your own application. If you do decide to continue, perhaps you can start with a fork of GitLab, or at least crib any relevant portions from their architecture.
What is the best way to achieve multi-tenancy in neo4j?
I have seen Tinkerpop and Spring Data.
I'm have multiple clients and I would like to store client info in its own database to ensure security.
I do not want to use labels or indexes to solve this problem.
You mention that you've "seen TinkerPop" but I couldn't tell if that meant you've seen it, considered it and dismissed it as a solution here, so apologies if that is the case and I'm not answering your question.
I've successfully used PartitionStrategy (formerly PartitionGraph) from TinkerPop to achieve multi-tenancy in Neo4j (and other graph databases).
You can read more about the approach here in this blog post on the subject.
Neo4j does not support multi-tenant deployments at this time. You can run multiple instances on the same server, each one on a different port.
Alternatively, you can use a managed hosting service like GrapheneDB, which provides secure independent instances. Disclaimer: I work at GrapheneDB.
I am trying to build a CMS I can use to host multiple sites. I know I'm going to end up reinventing the wheel a million times with this project, so I'm thinking about extending an existing open source Ruby on Rails CMS to meet my needs.
One of those needs is to be able to run multiple sites, while using only one code-base. That way, when there's an update I want to make, I can update it in one place, and the change is reflected on all of the sites. I think that this will be able to scale by running multiple instances of the application.
I think that I can use the domain/subdomain to determine which data to display. For example, someone goes to subdomain1.mysite.com and the application looks in the database for the content for subdomain1.
The problem I see is with most pre-built CMS solutions, they are only designed to host one site, including the one I want to use. So the database is structured to work with one site. However, I had the idea that I could overcome this by "creating a new database" for each site, then specifying which database to connect to based on the domain/subdomain as I mentioned above.
I'm thinking of hosting this on Heroku, so I'm wondering what my options for this might be. I'm not very familiar with Amazon S3, or Amazon SimpleDB, but I feel like there's some sort of "cloud database" that would make this solution a lot more realistic, than creating a new MySQL database for each site.
What do you think? Am I thinking about this the wrong way? What advice do you have to offer in this area?
I've worked on a Rails app like this, and the way it was done there was named-based virtual hosts, with db entries for each site running. Each record was scoped to a site if necessary (blog posts, etc.) while users would have access to all sites running out of that db. Administrator permissions could be global or scoped to one or more sites.
You're absolutely correct when you say you'll reinvent the wheel a million times during the project. Plugins will likely require hacking on top of the CMS itself.
In my situation, it ended up being a waste of almost a million dollars of company money to build that codebase to run multiple sites while still being able to cater to the whims of each client site. It worked, but was not very maintainable due to the number of site-specific hacks that subsequently entered the codebase. You may be able to make it work if you don't have to worry about catering to specific client sites running on your platform.
In the end, you're going to need a layer of indirection to handle the different sites regardless of methodology. We ended up putting it in the database itself. If you go with the different-db-for-each-site method you mentioned, you'll put that layer in your code instead. I'm not sure which one is the better method.
I hope you're able to pull this off. I failed.
Also, as I learned today, Heroku offers postgres instead of mysql for rails apps.
There's James Stewart's Theme Support Plugin for Rails 2.3, and lucasefe's themes_for_rails gem for Rails 3+.
I just started using the 2.3 version and it's working well so far.