Skip to content

Retry Mechanism for Policy and Security Zone Updates

Overview

Apache Ranger includes a retry mechanism for handling partial policy and security zone updates. This mechanism ensures that temporary failures do not result in incomplete updates, improving system resilience and reliability.The following APIs in Apache Ranger have implemented the retry mechanism to handle transient failures:

  • Grant access to principals for resources defined in a policy identified by the policy ID.
  • Update access to principals in a policy identified by the policy ID.
  • Delete access to principals for resources defined in a policy identified by the policy ID.
  • Deny access to principals for resources defined in a policy identified by the policy ID.
  • Update deny access to principals for resources defined in a policy identified by the policy ID
  • Delete deny access to principals for resources defined in a policy identified by the policy ID.
  • Update an existing security zone (version 2) by ID.

The retry behavior is controlled by the following configuration settings:

  • RANGER_RETRY_WAIT_INTERVAL_MS: Specifies the wait time (in milliseconds) before retrying an update operation.
  • RANGER_UPDATE_RETRY_MAX_COUNT: Defines the maximum number of retry attempts before the update operation fails.

Configuration

To fine-tune the retry behavior, update the configuration settings as follows:

  1. Navigate to the configuration directory on the server where Privacera Manager is installed:

    Bash
    1
2
3
4
    cd ~/privacera/privacera-manager/config
# Copy the sample vars file to the custom vars directory if it does not exist in custom-vars directory
cp -n sample-vars/vars.ranger.admin.yml custom-vars/
vi custom-vars/vars.ranger.admin.yml

  2. Add the following property and set it to true. If the property already exists, update the value to true:

YAML
1
2
 RANGER_RETRY_WAIT_INTERVAL_MS: "10000"
 RANGER_UPDATE_RETRY_MAX_COUNT: "3"

  1. After making the changes, save the file and run the following command to apply the configuration changes and restart the Ranger Admin service:

    a - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
     cd ~/privacera/privacera-manager
 ./privacera-manager.sh setup
    b - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade

Comments