You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jl...@apache.org on 2017/05/16 05:37:20 UTC
[01/10] ambari git commit: AMBARI-21014. Quick Links for Spark
History Server component is missing (smohanty)
Repository: ambari
Updated Branches:
refs/heads/branch-feature-AMBARI-14714 fb20c7c52 -> 38cc334e0
AMBARI-21014. Quick Links for Spark History Server component is missing (smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ec6e9406
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ec6e9406
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ec6e9406
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: ec6e940602608666b90d51714f5040d6eb805216
Parents: fb20c7c
Author: Sumit Mohanty <sm...@hortonworks.com>
Authored: Fri May 12 17:56:16 2017 -0700
Committer: Sumit Mohanty <sm...@hortonworks.com>
Committed: Fri May 12 17:57:04 2017 -0700
----------------------------------------------------------------------
.../common-services/SPARK/1.2.1/quicklinks/quicklinks.json | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/ec6e9406/ambari-server/src/main/resources/common-services/SPARK/1.2.1/quicklinks/quicklinks.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.1/quicklinks/quicklinks.json b/ambari-server/src/main/resources/common-services/SPARK/1.2.1/quicklinks/quicklinks.json
index 685665a..5557c53 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.2.1/quicklinks/quicklinks.json
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.1/quicklinks/quicklinks.json
@@ -12,6 +12,7 @@
"name": "spark_history_server_ui",
"label": "Spark History Server UI",
"requires_user_name": "false",
+ "component_name": "SPARK_JOBHISTORYSERVER",
"url": "%@://%@:%@",
"port":{
"http_property": "spark.history.ui.port",
[02/10] ambari git commit: AMBARI-21011. Append PATH to YARN config
'yarn.nodemanager.admin-env' for HDP 2.6.
Posted by jl...@apache.org.
AMBARI-21011. Append PATH to YARN config 'yarn.nodemanager.admin-env' for HDP 2.6.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6e4331e9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6e4331e9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6e4331e9
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: 6e4331e92f6b42fab3d36ea64df42019ae73e715
Parents: ec6e940
Author: Swapan Shridhar <ss...@hortonworks.com>
Authored: Fri May 12 19:27:52 2017 -0700
Committer: Swapan Shridhar <ss...@hortonworks.com>
Committed: Fri May 12 19:27:52 2017 -0700
----------------------------------------------------------------------
.../HDP/2.6/services/YARN/configuration/yarn-site.xml | 9 +++++++++
1 file changed, 9 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/6e4331e9/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/yarn-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/yarn-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/yarn-site.xml
index c434c12..6aa0bae 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/yarn-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/yarn-site.xml
@@ -101,4 +101,13 @@
</depends-on>
<on-ambari-upgrade add="false"/>
</property>
+ <property>
+ <name>yarn.nodemanager.admin-env</name>
+ <value>MALLOC_ARENA_MAX=$MALLOC_ARENA_MAX,PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$PATH</value>
+ <description>
+ Environment variables that should be forwarded from the NodeManager's
+ environment to the container's.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
</configuration>
[09/10] ambari git commit: AMBARI-21010. HDP 3.0 TP - create Service
Advisor for Ranger_KMS.(vbrodetsky)
Posted by jl...@apache.org.
AMBARI-21010. HDP 3.0 TP - create Service Advisor for Ranger_KMS.(vbrodetsky)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e1265262
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e1265262
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e1265262
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: e12652628102bf08b23e58b1954929b102c688df
Parents: ad09bb6
Author: Vitaly Brodetskyi <vb...@hortonworks.com>
Authored: Mon May 15 14:51:05 2017 +0300
Committer: Vitaly Brodetskyi <vb...@hortonworks.com>
Committed: Mon May 15 14:51:05 2017 +0300
----------------------------------------------------------------------
.../RANGER_KMS/0.5.0.3.0/service_advisor.py | 281 +++++++++++++++++++
1 file changed, 281 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/e1265262/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
new file mode 100644
index 0000000..9c33218
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
@@ -0,0 +1,281 @@
+#!/usr/bin/env ambari-python-wrap
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+# Python imports
+import imp
+import os
+import traceback
+import re
+import socket
+import fnmatch
+
+
+from resource_management.core.logger import Logger
+
+SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
+STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/')
+PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py')
+
+try:
+ with open(PARENT_FILE, 'rb') as fp:
+ service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE))
+except Exception as e:
+ traceback.print_exc()
+ print "Failed to load parent"
+
+class RangerKMSServiceAdvisor(service_advisor.ServiceAdvisor):
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerKMSServiceAdvisor, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ # Always call these methods
+ self.modifyMastersWithMultipleInstances()
+ self.modifyCardinalitiesDict()
+ self.modifyHeapSizeProperties()
+ self.modifyNotValuableComponents()
+ self.modifyComponentsNotPreferableOnServer()
+ self.modifyComponentLayoutSchemes()
+
+ def modifyMastersWithMultipleInstances(self):
+ """
+ Modify the set of masters with multiple instances.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyCardinalitiesDict(self):
+ """
+ Modify the dictionary of cardinalities.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyHeapSizeProperties(self):
+ """
+ Modify the dictionary of heap size properties.
+ Must be overriden in child class.
+ """
+ pass
+
+ def modifyNotValuableComponents(self):
+ """
+ Modify the set of components whose host assignment is based on other services.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyComponentsNotPreferableOnServer(self):
+ """
+ Modify the set of components that are not preferable on the server.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyComponentLayoutSchemes(self):
+ """
+ Modify layout scheme dictionaries for components.
+ The scheme dictionary basically maps the number of hosts to
+ host index where component should exist.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def getServiceComponentLayoutValidations(self, services, hosts):
+ """
+ Get a list of errors.
+ Must be overriden in child class.
+ """
+
+ return []
+
+ def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts):
+ """
+ Entry point.
+ Must be overriden in child class.
+ """
+ #Logger.info("Class: %s, Method: %s. Recommending Service Configurations." %
+ # (self.__class__.__name__, inspect.stack()[0][3]))
+
+ recommender = RangerKMSRecommender()
+ recommender.recommendRangerKMSConfigurationsFromHDP23(configurations, clusterData, services, hosts)
+ recommender.recommendRangerKMSConfigurationsFromHDP25(configurations, clusterData, services, hosts)
+
+
+
+ def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts):
+ """
+ Entry point.
+ Validate configurations for the service. Return a list of errors.
+ The code for this function should be the same for each Service Advisor.
+ """
+ #Logger.info("Class: %s, Method: %s. Validating Configurations." %
+ # (self.__class__.__name__, inspect.stack()[0][3]))
+
+ validator = RangerKMSValidator()
+ # Calls the methods of the validator using arguments,
+ # method(siteProperties, siteRecommendations, configurations, services, hosts)
+ return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators)
+
+
+
+class RangerKMSRecommender(service_advisor.ServiceAdvisor):
+ """
+ RangerKMS Recommender suggests properties when adding the service for the first time or modifying configs via the UI.
+ """
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerKMSRecommender, self)
+ self.as_super.__init__(*args, **kwargs)
+
+
+ def recommendRangerKMSConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ putRangerKmsDbksProperty = self.putProperty(configurations, "dbks-site", services)
+ putRangerKmsProperty = self.putProperty(configurations, "kms-properties", services)
+ kmsEnvProperties = self.getSiteProperties(services['configurations'], 'kms-env')
+ putCoreSiteProperty = self.putProperty(configurations, "core-site", services)
+ putCoreSitePropertyAttribute = self.putPropertyAttribute(configurations, "core-site")
+ putRangerKmsAuditProperty = self.putProperty(configurations, "ranger-kms-audit", services)
+ security_enabled = self.isSecurityEnabled(services)
+ putRangerKmsSiteProperty = self.putProperty(configurations, "kms-site", services)
+ putRangerKmsSitePropertyAttribute = self.putPropertyAttribute(configurations, "kms-site")
+
+ if 'kms-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['kms-properties']['properties']):
+
+ rangerKmsDbFlavor = services['configurations']["kms-properties"]["properties"]["DB_FLAVOR"]
+
+ if ('db_host' in services['configurations']['kms-properties']['properties']) and ('db_name' in services['configurations']['kms-properties']['properties']):
+
+ rangerKmsDbHost = services['configurations']["kms-properties"]["properties"]["db_host"]
+ rangerKmsDbName = services['configurations']["kms-properties"]["properties"]["db_name"]
+
+ ranger_kms_db_url_dict = {
+ 'MYSQL': {'ranger.ks.jpa.jdbc.driver': 'com.mysql.jdbc.Driver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
+ 'ORACLE': {'ranger.ks.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost, rangerKmsDbName)},
+ 'POSTGRES': {'ranger.ks.jpa.jdbc.driver': 'org.postgresql.Driver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
+ 'MSSQL': {'ranger.ks.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';databaseName=' + rangerKmsDbName},
+ 'SQLA': {'ranger.ks.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';database=' + rangerKmsDbName}
+ }
+
+ rangerKmsDbProperties = ranger_kms_db_url_dict.get(rangerKmsDbFlavor, ranger_kms_db_url_dict['MYSQL'])
+ for key in rangerKmsDbProperties:
+ putRangerKmsDbksProperty(key, rangerKmsDbProperties.get(key))
+
+ if kmsEnvProperties and self.checkSiteProperties(kmsEnvProperties, 'kms_user') and 'KERBEROS' in servicesList:
+ kmsUser = kmsEnvProperties['kms_user']
+ kmsUserOld = self.getOldValue(services, 'kms-env', 'kms_user')
+ self.put_proxyuser_value(kmsUser, '*', is_groups=True, services=services, configurations=configurations, put_function=putCoreSiteProperty)
+ if kmsUserOld is not None and kmsUser != kmsUserOld:
+ putCoreSitePropertyAttribute("hadoop.proxyuser.{0}.groups".format(kmsUserOld), 'delete', 'true')
+ services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUserOld)})
+ services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUser)})
+
+ if "HDFS" in servicesList:
+ if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
+ default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
+ putRangerKmsAuditProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit'))
+
+ required_services = [{'service' : 'YARN', 'config-type': 'yarn-env', 'property-name': 'yarn_user', 'proxy-category': ['hosts', 'users', 'groups']},
+ {'service' : 'SPARK', 'config-type': 'livy-env', 'property-name': 'livy_user', 'proxy-category': ['hosts', 'users', 'groups']}]
+
+ required_services_for_secure = [{'service' : 'HIVE', 'config-type': 'hive-env', 'property-name': 'hive_user', 'proxy-category': ['hosts', 'users']},
+ {'service' : 'OOZIE', 'config-type': 'oozie-env', 'property-name': 'oozie_user', 'proxy-category': ['hosts', 'users']}]
+
+ if security_enabled:
+ required_services.extend(required_services_for_secure)
+
+ # recommendations for kms proxy related properties
+ self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
+
+ ambari_user = self.getAmbariUser(services)
+ if security_enabled:
+ # adding for ambari user
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), '*')
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), '*')
+ # adding for HTTP
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.users', '*')
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.hosts', '*')
+ else:
+ self.deleteKMSProxyUsers(configurations, services, hosts, required_services_for_secure)
+ # deleting ambari user proxy properties
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), 'delete', 'true')
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), 'delete', 'true')
+ # deleting HTTP proxy properties
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.hosts', 'delete', 'true')
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.users', 'delete', 'true')
+
+
+ def recommendRangerKMSConfigurationsFromHDP25(self, configurations, clusterData, services, hosts):
+
+ security_enabled = self.isSecurityEnabled(services)
+ required_services = [{'service' : 'RANGER', 'config-type': 'ranger-env', 'property-name': 'ranger_user', 'proxy-category': ['hosts', 'users', 'groups']}]
+
+ if security_enabled:
+ # recommendations for kms proxy related properties
+ self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
+ else:
+ self.deleteKMSProxyUsers(configurations, services, hosts, required_services)
+
+
+
+ def recommendRangerKMSConfigurations(self, configurations, clusterData, services, hosts):
+ putRangerKmsEnvProperty = self.putProperty(configurations, "kms-env", services)
+
+ ranger_kms_ssl_enabled = False
+ ranger_kms_ssl_port = "9393"
+ if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.attrib.ssl.enabled' in services['configurations']['ranger-kms-site']['properties']:
+ ranger_kms_ssl_enabled = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.attrib.ssl.enabled'].lower() == "true"
+
+ if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.port' in services['configurations']['ranger-kms-site']['properties']:
+ ranger_kms_ssl_port = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.port']
+
+ if ranger_kms_ssl_enabled:
+ putRangerKmsEnvProperty("kms_port", ranger_kms_ssl_port)
+ else:
+ putRangerKmsEnvProperty("kms_port", "9292")
+
+
+
+class RangerKMSValidator(service_advisor.ServiceAdvisor):
+ """
+ RangerKMS Validator checks the correctness of properties whenever the service is first added or the user attempts to
+ change configs via the UI.
+ """
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerKMSValidator, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ self.validators = []
+
+
+
+
+
[04/10] ambari git commit: AMBARI-20999. More updates to llap configs
for hdp stack (Siddharth Seth via smohanty)
Posted by jl...@apache.org.
AMBARI-20999. More updates to llap configs for hdp stack (Siddharth Seth via smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/822d5457
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/822d5457
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/822d5457
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: 822d54577677384f5a31eef90e2a345378fbcaf4
Parents: d0a5cd4
Author: Sumit Mohanty <sm...@hortonworks.com>
Authored: Fri May 12 22:15:53 2017 -0700
Committer: Sumit Mohanty <sm...@hortonworks.com>
Committed: Fri May 12 22:30:38 2017 -0700
----------------------------------------------------------------------
.../stacks/HDP/2.5/upgrades/config-upgrade.xml | 4 +++-
.../HIVE/configuration/tez-interactive-site.xml | 12 ++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/822d5457/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
index 9ac7042..61bd581 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
@@ -499,8 +499,10 @@
<definition xsi:type="configure" id="llap_update_tez_settings" summary="Update additional LLAP-Tez settings">
<type>tez-interactive-site</type>
<set key="tez.runtime.shuffle.keep-alive.enabled" value="true"/>
- <set key="tez.am.am-rm.heartbeat.interval-ms.max" value="30000"/>
+ <set key="tez.am.am-rm.heartbeat.interval-ms.max" value="10000"/>
<set key="tez.session.am.dag.submit.timeout.secs" value="1209600"/>
+ <set key="tez.runtime.enable.final-merge.in.output" value="false"/>
+ <set key="tez.am.task.reschedule.higher.priority" value="false"/>
</definition>
<definition xsi:type="configure" id="hdp_2_6_0_0_copy_hive_tez_container_size_to_hiveInteractive">
http://git-wip-us.apache.org/repos/asf/ambari/blob/822d5457/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/tez-interactive-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/tez-interactive-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/tez-interactive-site.xml
index 09416e3..6752d65 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/tez-interactive-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/tez-interactive-site.xml
@@ -114,5 +114,17 @@
<description>The heartbeat interval between the tez AM and YARN RM</description>
<on-ambari-upgrade add="false"/>
</property>
+ <property>
+ <name>tez.runtime.enable.final-merge.in.output</name>
+ <value>false</value>
+ <description>Whether to enable a map side merge of outputs</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>tez.am.task.reschedule.higher.priority</name>
+ <value>false</value>
+ <description>Whether rescheduled tasks should be treated at higher priority</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
</configuration>
[08/10] ambari git commit: AMBARI-21006. HDP 3.0 TP - create service
definition for Ranger KMS with configs, kerberos, widgets, etc.(vbrodetsky)
Posted by jl...@apache.org.
AMBARI-21006. HDP 3.0 TP - create service definition for Ranger KMS with configs, kerberos, widgets, etc.(vbrodetsky)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ad09bb66
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ad09bb66
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ad09bb66
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: ad09bb66e17783ea5fa10f873b325c6bdfb5e91f
Parents: 7ccb6dc
Author: Vitaly Brodetskyi <vb...@hortonworks.com>
Authored: Mon May 15 14:19:01 2017 +0300
Committer: Vitaly Brodetskyi <vb...@hortonworks.com>
Committed: Mon May 15 14:19:01 2017 +0300
----------------------------------------------------------------------
.../RANGER_KMS/0.5.0.3.0/alerts.json | 32 +
.../0.5.0.3.0/configuration/dbks-site.xml | 206 ++++++
.../0.5.0.3.0/configuration/kms-env.xml | 116 ++++
.../0.5.0.3.0/configuration/kms-log4j.xml | 120 ++++
.../0.5.0.3.0/configuration/kms-properties.xml | 166 +++++
.../0.5.0.3.0/configuration/kms-site.xml | 133 ++++
.../configuration/ranger-kms-audit.xml | 124 ++++
.../configuration/ranger-kms-policymgr-ssl.xml | 68 ++
.../configuration/ranger-kms-security.xml | 64 ++
.../0.5.0.3.0/configuration/ranger-kms-site.xml | 104 +++
.../RANGER_KMS/0.5.0.3.0/kerberos.json | 84 +++
.../RANGER_KMS/0.5.0.3.0/metainfo.xml | 115 ++++
.../RANGER_KMS/0.5.0.3.0/package/scripts/kms.py | 677 +++++++++++++++++++
.../0.5.0.3.0/package/scripts/kms_server.py | 117 ++++
.../0.5.0.3.0/package/scripts/kms_service.py | 58 ++
.../0.5.0.3.0/package/scripts/params.py | 331 +++++++++
.../0.5.0.3.0/package/scripts/service_check.py | 41 ++
.../0.5.0.3.0/package/scripts/status_params.py | 36 +
.../0.5.0.3.0/package/scripts/upgrade.py | 30 +
.../templates/input.config-ranger-kms.json.j2 | 48 ++
.../0.5.0.3.0/role_command_order.json | 7 +
.../0.5.0.3.0/themes/theme_version_1.json | 303 +++++++++
.../0.5.0.3.0/themes/theme_version_2.json | 124 ++++
.../HDP/3.0/services/RANGER_KMS/metainfo.xml | 27 +
24 files changed, 3131 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json
new file mode 100644
index 0000000..05c3fe6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json
@@ -0,0 +1,32 @@
+{
+ "RANGER_KMS": {
+ "service": [],
+ "RANGER_KMS_SERVER": [
+ {
+ "name": "ranger_kms_server_process",
+ "label": "Ranger KMS Server Process",
+ "description": "This host-level alert is triggered if the Ranger KMS Server cannot be determined to be up.",
+ "interval": 1,
+ "scope": "HOST",
+ "source": {
+ "type": "PORT",
+ "uri": "{{kms-env/kms_port}}",
+ "default_port": 9292,
+ "reporting": {
+ "ok": {
+ "text": "TCP OK - {0:.3f}s response on port {1}"
+ },
+ "warning": {
+ "text": "TCP OK - {0:.3f}s response on port {1}",
+ "value": 1.5
+ },
+ "critical": {
+ "text": "Connection failed: {0} to {1}:{2}",
+ "value": 5.0
+ }
+ }
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml
new file mode 100644
index 0000000..4ac20b3
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
+ <value>hdfs</value>
+ <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.db.encrypt.key.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>Password used for encrypting Master Key</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.url</name>
+ <display-name>JDBC connect string</display-name>
+ <value>jdbc:mysql://localhost</value>
+ <description>URL for Database</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>kms-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>kms-properties</type>
+ <name>db_host</name>
+ </property>
+ <property>
+ <type>kms-properties</type>
+ <name>db_name</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.user</name>
+ <value>{{db_user}}</value>
+ <description>Database username used for operation</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>Database user's password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.credential.provider.path</name>
+ <value>/etc/ranger/kms/rangerkms.jceks</value>
+ <description>Credential provider path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.credential.alias</name>
+ <value>ranger.ks.jdbc.password</value>
+ <description>Credential alias used for password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.masterkey.credential.alias</name>
+ <value>ranger.ks.masterkey.password</value>
+ <description>Credential alias used for masterkey</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.dialect</name>
+ <value>{{jdbc_dialect}}</value>
+ <description>Dialect used for database</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.driver</name>
+ <display-name>Driver class name for a JDBC Ranger KMS database</display-name>
+ <value>com.mysql.jdbc.Driver</value>
+ <description>Driver used for database</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>kms-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jdbc.sqlconnectorjar</name>
+ <value>{{ews_lib_jar_path}}</value>
+ <description>Driver used for database</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.type</name>
+ <display-name>HSM Type</display-name>
+ <value>LunaProvider</value>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>LunaProvider</value>
+ <label>Luna Provider</label>
+ </entry>
+ </entries>
+ </value-attributes>
+ <description>HSM type</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.enabled</name>
+ <display-name>HSM Enabled</display-name>
+ <value>false</value>
+ <description>Enable HSM ?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.partition.name</name>
+ <display-name>HSM partition name. In case of HSM HA enter the group name</display-name>
+ <value>par19</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.partition.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>HSM partition password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.partition.password.alias</name>
+ <display-name>HSM partition password alias</display-name>
+ <value>ranger.kms.hsm.partition.password</value>
+ <description>HSM partition password alias</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.kerberos.principal</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml
new file mode 100644
index 0000000..e049840
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="true">
+ <property>
+ <name>kms_user</name>
+ <display-name>Kms User</display-name>
+ <value>kms</value>
+ <property-type>USER</property-type>
+ <description>Kms username</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>kms_group</name>
+ <display-name>Kms group</display-name>
+ <value>kms</value>
+ <property-type>GROUP</property-type>
+ <description>Kms group</description>
+ <value-attributes>
+ <type>user</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>kms_log_dir</name>
+ <value>/var/log/ranger/kms</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>kms_port</name>
+ <value>9292</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>ranger-kms-site</type>
+ <name>ranger.service.https.port</name>
+ </property>
+ <property>
+ <type>ranger-kms-site</type>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>create_db_user</name>
+ <display-name>Setup Database and Database User</display-name>
+ <value>true</value>
+ <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hsm_partition_password</name>
+ <display-name>HSM partition password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>HSM partition password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_pid_dir</name>
+ <value>/var/run/ranger_kms</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml
new file mode 100644
index 0000000..18dc46b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_kms_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger-kms Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger-kms Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_audit_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger-kms Audit Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_audit_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger-kms Audit Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>kms-log4j template</display-name>
+ <description>kms-log4j.properties</description>
+ <value>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+# If the Java System property 'kms.log.dir' is not defined at KMS start up time
+# Setup sets its value to '${kms.home}/logs'
+
+log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.kms.DatePattern='.'yyyy-MM-dd
+log4j.appender.kms.File=${kms.log.dir}/kms.log
+log4j.appender.kms.Append=true
+log4j.appender.kms.layout=org.apache.log4j.PatternLayout
+log4j.appender.kms.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
+log4j.appender.kms.MaxFileSize = {{ranger_kms_log_maxfilesize}}MB
+log4j.appender.kms.MaxBackupIndex = {{ranger_kms_log_maxbackupindex}}
+
+log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.kms-audit.DatePattern='.'yyyy-MM-dd
+log4j.appender.kms-audit.File=${kms.log.dir}/kms-audit.log
+log4j.appender.kms-audit.Append=true
+log4j.appender.kms-audit.layout=org.apache.log4j.PatternLayout
+log4j.appender.kms-audit.layout.ConversionPattern=%d{ISO8601} %m%n
+log4j.appender.kms-audit.MaxFileSize = {{ranger_kms_audit_log_maxfilesize}}MB
+log4j.appender.kms-audit.MaxBackupIndex = {{ranger_kms_audit_log_maxbackupindex}}
+
+log4j.logger.kms-audit=INFO, kms-audit
+log4j.additivity.kms-audit=false
+
+log4j.logger=INFO, kms
+log4j.additivity.kms=false
+log4j.rootLogger=INFO, kms
+log4j.logger.org.apache.hadoop.conf=ERROR
+log4j.logger.org.apache.hadoop=INFO
+log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml
new file mode 100644
index 0000000..d2d4da5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>REPOSITORY_CONFIG_USERNAME</name>
+ <display-name>Repository config username</display-name>
+ <value>keyadmin</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>REPOSITORY_CONFIG_PASSWORD</name>
+ <display-name>Repository config password</display-name>
+ <value>keyadmin</value>
+ <property-type>PASSWORD</property-type>
+ <description/>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>DB_FLAVOR</name>
+ <display-name>DB FLAVOR</display-name>
+ <value>MYSQL</value>
+ <description>The database type to be used</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>MYSQL</value>
+ <label>MYSQL</label>
+ </entry>
+ <entry>
+ <value>ORACLE</value>
+ <label>ORACLE</label>
+ </entry>
+ <entry>
+ <value>POSTGRES</value>
+ <label>POSTGRES</label>
+ </entry>
+ <entry>
+ <value>MSSQL</value>
+ <label>MSSQL</label>
+ </entry>
+ <entry>
+ <value>SQLA</value>
+ <label>SQL Anywhere</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>SQL_CONNECTOR_JAR</name>
+ <display-name>SQL connector jar</display-name>
+ <value>{{driver_curl_target}}</value>
+ <description>Location of DB client library (please check the location of the jar file)</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>kms-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false" update="false"/>
+ </property>
+ <property>
+ <name>db_root_user</name>
+ <display-name>Database Administrator (DBA) username</display-name>
+ <value>root</value>
+ <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_root_password</name>
+ <display-name>Database Administrator (DBA) password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Database password for the database admin username</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_host</name>
+ <display-name>Ranger KMS DB host</display-name>
+ <value/>
+ <description>Database host</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_name</name>
+ <display-name>Ranger KMS DB name</display-name>
+ <value>rangerkms</value>
+ <description>Database name</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_user</name>
+ <display-name>Ranger KMS DB username</display-name>
+ <value>rangerkms</value>
+ <description>Database username used for the Ranger KMS schema</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_password</name>
+ <display-name>Ranger KMS DB password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Database password for the Ranger KMS schema</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>KMS_MASTER_KEY_PASSWD</name>
+ <display-name>KMS master key password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description/>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml
new file mode 100644
index 0000000..1e6f7b5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>hadoop.kms.key.provider.uri</name>
+ <value>dbks://http@localhost:9292/kms</value>
+ <description>URI of the backing KeyProvider for the KMS.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.security.keystore.JavaKeyStoreProvider.password</name>
+ <value>none</value>
+ <description>If using the JavaKeyStoreProvider, the password for the keystore file.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.cache.enable</name>
+ <value>true</value>
+ <description>Whether the KMS will act as a cache for the backing KeyProvider. When the cache is enabled, operations like getKeyVersion, getMetadata, and getCurrentKey will sometimes return cached data without consulting the backing KeyProvider. Cached values are flushed when keys are deleted or modified.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.cache.timeout.ms</name>
+ <value>600000</value>
+ <description>Expiry time for the KMS key version and key metadata cache, in milliseconds. This affects getKeyVersion and getMetadata.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.current.key.cache.timeout.ms</name>
+ <value>30000</value>
+ <description>Expiry time for the KMS current key cache, in milliseconds. This affects getCurrentKey operations.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.audit.aggregation.window.ms</name>
+ <value>10000</value>
+ <description>Duplicate audit log events within the aggregation window (specified in ms) are quashed to reduce log traffic. A single message for aggregated events is printed at the end of the window, along with a count of the number of aggregated events.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.type</name>
+ <value>simple</value>
+ <description>Authentication type for the KMS. Can be either "simple" or "kerberos".
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.kerberos.keytab</name>
+ <value>${user.home}/kms.keytab</value>
+ <description>Path to the keytab with credentials for the configured Kerberos principal.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.kerberos.principal</name>
+ <value>HTTP/localhost</value>
+ <description>The Kerberos principal to use for the HTTP endpoint. The principal must start with 'HTTP/' as per the Kerberos HTTP SPNEGO specification.</description>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.kerberos.name.rules</name>
+ <value>DEFAULT</value>
+ <description>Rules used to resolve Kerberos principal names.</description>
+ <value-attributes>
+ <type>multiLine</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider</name>
+ <value>random</value>
+ <description>Indicates how the secret to sign the authentication cookies will be stored. Options are 'random' (default), 'string' and 'zookeeper'. If using a setup with multiple KMS instances, 'zookeeper' should be used.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.path</name>
+ <value>/hadoop-kms/hadoop-auth-signature-secret</value>
+ <description>The Zookeeper ZNode path where the KMS instances will store and retrieve the secret from.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string</name>
+ <value>#HOSTNAME#:#PORT#,...</value>
+ <description>The Zookeeper connection string, a list of hostnames and port comma separated.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
+ <value>kerberos</value>
+ <description>The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab</name>
+ <value>/etc/hadoop/conf/kms.keytab</value>
+ <description>The absolute path for the Kerberos keytab with the credentials to connect to Zookeeper.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal</name>
+ <value>kms/#HOSTNAME#</value>
+ <description>The Kerberos service principal used to connect to Zookeeper.</description>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.security.authorization.manager</name>
+ <value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml
new file mode 100644
index 0000000..526794e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.audit.is.enabled</name>
+ <value>true</value>
+ <description>Is Audit enabled?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>true</value>
+ <display-name>Audit to HDFS</display-name>
+ <description>Is Audit to HDFS enabled?</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
+ <value>/var/log/ranger/kms/audit/hdfs/spool</value>
+ <description>/var/log/ranger/kms/audit/hdfs/spool</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr</name>
+ <value>true</value>
+ <display-name>Audit to SOLR</display-name>
+ <description>Is Solr audit enabled?</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
+ <value>/var/log/ranger/kms/audit/solr/spool</value>
+ <description>/var/log/ranger/kms/audit/solr/spool</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.provider.summary.enabled</name>
+ <value>false</value>
+ <display-name>Audit provider summary enabled</display-name>
+ <description>Enable Summary audit?</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr.urls</name>
+ <value>{{ranger_audit_solr_urls}}</value>
+ <description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr.zookeepers</name>
+ <value>none</value>
+ <description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.ambari.cluster.name</name>
+ <value>{{cluster_name}}</value>
+ <description>Capture cluster name from where Ranger kms plugin is enabled.</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
new file mode 100644
index 0000000..9eedc73
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>password for keystore</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>java truststore password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/usr/hdp/current/ranger-kms/conf/ranger-plugin-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/usr/hdp/current/ranger-kms/conf/ranger-plugin-truststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml
new file mode 100644
index 0000000..13adcb4
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger.plugin.kms.service.name</name>
+ <value>{{repo_name}}</value>
+ <description>Name of the Ranger service containing policies for this kms instance</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.source.impl</name>
+ <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+ <description>Class to retrieve policies from the source</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.rest.url</name>
+ <value>{{policymgr_mgr_url}}</value>
+ <description>URL to Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
+ <value>/etc/ranger/kms/conf/ranger-policymgr-ssl.xml</value>
+ <description>Path to the file containing SSL details to contact Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.pollIntervalMs</name>
+ <value>30000</value>
+ <description>How often to poll for changes in policies?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.cache.dir</name>
+ <value>/etc/ranger/{{repo_name}}/policycache</value>
+ <description>Directory where Ranger policies are cached after successful retrieval from the source</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml
new file mode 100644
index 0000000..1d32f72
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger.service.host</name>
+ <value>{{kms_host}}</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.port</name>
+ <value>{{kms_port}}</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>9393</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.shutdown.port</name>
+ <value>7085</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.contextName</name>
+ <value>/kms</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xa.webapp.dir</name>
+ <value>./webapp</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ <value>false</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.file</name>
+ <value>/etc/security/serverKeys/ranger-kms-keystore.jks</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.client.auth</name>
+ <value>want</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.keyalias</name>
+ <value>rangerkms</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.pass</name>
+ <value>rangerkms</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.credential.provider.path</name>
+ <value>/etc/ranger/kms/rangerkms.jceks</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.credential.alias</name>
+ <value>keyStoreCredentialAlias</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ajp.enabled</name>
+ <value>false</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json
new file mode 100644
index 0000000..a54783e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json
@@ -0,0 +1,84 @@
+{
+ "services": [
+ {
+ "name": "RANGER_KMS",
+ "identities": [
+ {
+ "name": "/spnego",
+ "keytab": {
+ "configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/smokeuser"
+ }
+ ],
+ "auth_to_local_properties" : [
+ "kms-site/hadoop.kms.authentication.kerberos.name.rules"
+ ],
+ "configurations": [
+ {
+ "kms-site": {
+ "hadoop.kms.authentication.type": "kerberos",
+ "hadoop.kms.authentication.kerberos.principal": "*"
+ }
+ },
+ {
+ "ranger-kms-audit": {
+ "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+ "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+ "xasecure.audit.jaas.Client.option.storeKey": "false",
+ "xasecure.audit.jaas.Client.option.serviceName": "solr",
+ "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "RANGER_KMS_SERVER",
+ "identities": [
+ {
+ "name": "/spnego",
+ "principal": {
+ "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
+ },
+ "keytab": {
+ "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/smokeuser"
+ },
+ {
+ "name": "rangerkms",
+ "principal": {
+ "value": "rangerkms/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "dbks-site/ranger.ks.kerberos.principal",
+ "local_username" : "keyadmin"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerkms.service.keytab",
+ "owner": {
+ "name": "${kms-env/kms_user}",
+ "access": "r"
+ },
+ "configuration": "dbks-site/ranger.ks.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
+ "principal": {
+ "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
+ },
+ "keytab": {
+ "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml
new file mode 100644
index 0000000..24ac51f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER_KMS</name>
+ <displayName>Ranger KMS</displayName>
+ <comment>Key Management Server</comment>
+ <version>0.5.0.3.0</version>
+ <components>
+
+ <component>
+ <name>RANGER_KMS_SERVER</name>
+ <displayName>Ranger KMS Server</displayName>
+ <category>MASTER</category>
+ <cardinality>1+</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <commandScript>
+ <script>scripts/kms_server.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_kms</logId>
+ <primary>true</primary>
+ </log>
+ </logs>
+ <dependencies>
+ <dependency>
+ <name>HDFS/HDFS_CLIENT</name>
+ <scope>host</scope>
+ <auto-deploy>
+ <enabled>true</enabled>
+ </auto-deploy>
+ </dependency>
+ </dependencies>
+ </component>
+ </components>
+
+
+ <osSpecifics>
+ <osSpecific>
+ <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+ <packages>
+ <package>
+ <name>ranger_${stack_version}-kms</name>
+ </package>
+ </packages>
+ </osSpecific>
+ <osSpecific>
+ <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
+ <packages>
+ <package>
+ <name>ranger-${stack_version}-kms</name>
+ </package>
+ </packages>
+ </osSpecific>
+ </osSpecifics>
+
+ <configuration-dependencies>
+ <config-type>kms-properties</config-type>
+ <config-type>kms-site</config-type>
+ <config-type>kms-log4j</config-type>
+ <config-type>dbks-site</config-type>
+ <config-type>ranger-kms-site</config-type>
+ <config-type>ranger-kms-audit</config-type>
+ <config-type>ranger-kms-policymgr-ssl</config-type>
+ <config-type>ranger-kms-security</config-type>
+ </configuration-dependencies>
+
+ <commandScript>
+ <script>scripts/service_check.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>300</timeout>
+ </commandScript>
+
+ <requiredServices>
+ <service>RANGER</service>
+ <service>HDFS</service>
+ </requiredServices>
+
+ <themes>
+ <theme>
+ <fileName>theme_version_1.json</fileName>
+ <default>true</default>
+ </theme>
+ <theme>
+ <fileName>theme_version_2.json</fileName>
+ <default>true</default>
+ </theme>
+ </themes>
+
+ </service>
+ </services>
+</metainfo>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py
new file mode 100755
index 0000000..5a25b92
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py
@@ -0,0 +1,677 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+import sys
+import fileinput
+import os
+import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import urllib2, base64, httplib
+from StringIO import StringIO as BytesIO
+from datetime import datetime
+from resource_management.core.resources.system import File, Directory, Execute
+from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.core.source import DownloadSource, InlineTemplate
+from resource_management.core.exceptions import Fail
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.ranger_functions import Rangeradmin
+from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2
+from resource_management.libraries.functions.decorator import safe_retry
+from resource_management.core.utils import PasswordString
+from resource_management.core.shell import as_sudo
+import re
+import time
+import socket
+
+def password_validation(password, key):
+ import params
+ if password.strip() == "":
+ raise Fail("Blank password is not allowed for {0} property. Please enter valid password.".format(key))
+ if re.search("[\\\`'\"]",password):
+ raise Fail("{0} password contains one of the unsupported special characters like \" ' \ `".format(key))
+ else:
+ Logger.info("Password validated")
+
+def setup_kms_db(stack_version=None):
+ import params
+
+ if params.has_ranger_admin:
+
+ kms_home = params.kms_home
+ version = params.version
+ if stack_version is not None:
+ kms_home = format("{stack_root}/{stack_version}/ranger-kms")
+ version = stack_version
+
+ password_validation(params.kms_master_key_password, 'KMS master key')
+
+ copy_jdbc_connector(stack_version=version)
+
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH':params.ld_library_path}
+
+ dba_setup = format('ambari-python-wrap {kms_home}/dba_script.py -q')
+ db_setup = format('ambari-python-wrap {kms_home}/db_setup.py')
+
+ if params.create_db_user:
+ Logger.info('Setting up Ranger KMS DB and DB User')
+ Execute(dba_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
+ else:
+ Logger.info('Separate DBA property not set. Assuming Ranger KMS DB and DB User exists!')
+ Execute(db_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
+
+def setup_java_patch():
+ import params
+
+ if params.has_ranger_admin:
+
+ kms_home = params.kms_home
+ setup_java_patch = format('ambari-python-wrap {kms_home}/db_setup.py -javapatch')
+
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH':params.ld_library_path}
+
+ Execute(setup_java_patch, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
+
+ kms_lib_path = format('{kms_home}/ews/webapp/lib/')
+ files = os.listdir(kms_lib_path)
+ hadoop_jar_files = []
+
+ for x in files:
+ if x.startswith('hadoop-common') and x.endswith('.jar'):
+ hadoop_jar_files.append(x)
+
+ if len(hadoop_jar_files) != 0:
+ for f in hadoop_jar_files:
+ Execute((format('{java_home}/bin/jar'),'-uf', format('{kms_home}/ews/webapp/lib/{f}'), format('{kms_home}/ews/webapp/META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory')),
+ user=params.kms_user)
+
+ File(format('{kms_home}/ews/webapp/lib/{f}'), owner=params.kms_user, group=params.kms_group)
+
+
+def do_keystore_setup(cred_provider_path, credential_alias, credential_password):
+ import params
+
+ if cred_provider_path is not None:
+ java_bin = format('{java_home}/bin/java')
+ file_path = format('jceks://file{cred_provider_path}')
+ cmd = (java_bin, '-cp', params.cred_lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', credential_alias, '-value', PasswordString(credential_password), '-provider', file_path)
+ Execute(cmd,
+ environment={'JAVA_HOME': params.java_home},
+ logoutput=True,
+ sudo=True,
+ )
+
+ File(cred_provider_path,
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0640
+ )
+
+def kms(upgrade_type=None):
+ import params
+
+ if params.has_ranger_admin:
+
+ Directory(params.kms_conf_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ create_parents = True
+ )
+
+ Directory("/etc/security/serverKeys",
+ create_parents = True,
+ cd_access = "a"
+ )
+
+ Directory("/etc/ranger/kms",
+ create_parents = True,
+ cd_access = "a"
+ )
+
+ copy_jdbc_connector()
+
+ File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
+ content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
+ mode = 0644,
+ )
+
+ cp = format("{check_db_connection_jar}")
+ if params.db_flavor.lower() == 'sqla':
+ cp = cp + os.pathsep + format("{kms_home}/ews/webapp/lib/sajdbc4.jar")
+ else:
+ path_to_jdbc = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+ if not os.path.isfile(path_to_jdbc):
+ path_to_jdbc = format("{kms_home}/ews/webapp/lib/") + \
+ params.default_connectors_map[params.db_flavor.lower()] if params.db_flavor.lower() in params.default_connectors_map else None
+ if not os.path.isfile(path_to_jdbc):
+ path_to_jdbc = format("{kms_home}/ews/webapp/lib/") + "*"
+ error_message = "Error! Sorry, but we can't find jdbc driver with default name " + params.default_connectors_map[params.db_flavor] + \
+ " in ranger kms lib dir. So, db connection check can fail. Please run 'ambari-server setup --jdbc-db={db_name} --jdbc-driver={path_to_jdbc} on server host.'"
+ Logger.error(error_message)
+
+ cp = cp + os.pathsep + path_to_jdbc
+
+ db_connection_check_command = format(
+ "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_kms_jdbc_connection_url}' {db_user} {db_password!p} {ranger_kms_jdbc_driver}")
+
+ env_dict = {}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'LD_LIBRARY_PATH':params.ld_library_path}
+
+ Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
+
+ if params.xa_audit_db_is_enabled and params.driver_source is not None and not params.driver_source.endswith("/None"):
+ if params.xa_previous_jdbc_jar and os.path.isfile(params.xa_previous_jdbc_jar):
+ File(params.xa_previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_connector_path,
+ content = DownloadSource(params.driver_source),
+ mode = 0644
+ )
+
+ Execute(('cp', '--remove-destination', params.downloaded_connector_path, params.driver_target),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(params.driver_target, mode=0644)
+
+ Directory(os.path.join(params.kms_home, 'ews', 'webapp', 'WEB-INF', 'classes', 'lib'),
+ mode=0755,
+ owner=params.kms_user,
+ group=params.kms_group
+ )
+
+ Execute(('cp',format('{kms_home}/ranger-kms-initd'),'/etc/init.d/ranger-kms'),
+ not_if=format('ls /etc/init.d/ranger-kms'),
+ only_if=format('ls {kms_home}/ranger-kms-initd'),
+ sudo=True)
+
+ File('/etc/init.d/ranger-kms',
+ mode = 0755
+ )
+
+ Directory(format('{kms_home}/'),
+ owner = params.kms_user,
+ group = params.kms_group,
+ recursive_ownership = True,
+ )
+
+ Directory(params.ranger_kms_pid_dir,
+ mode=0755,
+ owner = params.kms_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{kms_conf_dir}/ranger-kms-env-piddir.sh'),
+ content = format("export RANGER_KMS_PID_DIR_PATH={ranger_kms_pid_dir}\nexport KMS_USER={kms_user}"),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode=0755
+ )
+
+ Directory(params.kms_log_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ cd_access = 'a',
+ create_parents=True,
+ mode=0755
+ )
+
+ File(format('{kms_conf_dir}/ranger-kms-env-logdir.sh'),
+ content = format("export RANGER_KMS_LOG_DIR={kms_log_dir}"),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode=0755
+ )
+
+ Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms'),
+ not_if=format('ls /usr/bin/ranger-kms'),
+ only_if=format('ls {kms_home}/ranger-kms'),
+ sudo=True)
+
+ File('/usr/bin/ranger-kms', mode = 0755)
+
+ Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms-services.sh'),
+ not_if=format('ls /usr/bin/ranger-kms-services.sh'),
+ only_if=format('ls {kms_home}/ranger-kms'),
+ sudo=True)
+
+ File('/usr/bin/ranger-kms-services.sh', mode = 0755)
+
+ Execute(('ln','-sf', format('{kms_home}/ranger-kms-initd'),format('{kms_home}/ranger-kms-services.sh')),
+ not_if=format('ls {kms_home}/ranger-kms-services.sh'),
+ only_if=format('ls {kms_home}/ranger-kms-initd'),
+ sudo=True)
+
+ File(format('{kms_home}/ranger-kms-services.sh'), mode = 0755)
+
+ Directory(params.kms_log_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0775
+ )
+
+ do_keystore_setup(params.credential_provider_path, params.jdbc_alias, params.db_password)
+ do_keystore_setup(params.credential_provider_path, params.masterkey_alias, params.kms_master_key_password)
+ if params.stack_support_kms_hsm and params.enable_kms_hsm:
+ do_keystore_setup(params.credential_provider_path, params.hms_partition_alias, unicode(params.hms_partition_passwd))
+ if params.stack_supports_ranger_kms_ssl and params.ranger_kms_ssl_enabled:
+ do_keystore_setup(params.ranger_kms_cred_ssl_path, params.ranger_kms_ssl_keystore_alias, params.ranger_kms_ssl_passwd)
+
+ # remove plain-text password from xml configs
+ dbks_site_copy = {}
+ dbks_site_copy.update(params.config['configurations']['dbks-site'])
+
+ for prop in params.dbks_site_password_properties:
+ if prop in dbks_site_copy:
+ dbks_site_copy[prop] = "_"
+
+ XmlConfig("dbks-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=dbks_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['dbks-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+
+ ranger_kms_site_copy = {}
+ ranger_kms_site_copy.update(params.config['configurations']['ranger-kms-site'])
+ if params.stack_supports_ranger_kms_ssl:
+ # remove plain-text password from xml configs
+ for prop in params.ranger_kms_site_password_properties:
+ if prop in ranger_kms_site_copy:
+ ranger_kms_site_copy[prop] = "_"
+
+ XmlConfig("ranger-kms-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=ranger_kms_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+
+ XmlConfig("kms-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['kms-site'],
+ configuration_attributes=params.config['configuration_attributes']['kms-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+
+ File(os.path.join(params.kms_conf_dir, "kms-log4j.properties"),
+ owner=params.kms_user,
+ group=params.kms_group,
+ content=InlineTemplate(params.kms_log4j),
+ mode=0644
+ )
+ if params.security_enabled:
+ # core-site.xml linking required by setup for HDFS encryption
+ XmlConfig("core-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['core-site'],
+ configuration_attributes=params.config['configuration_attributes']['core-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+ else:
+ File(format('{kms_conf_dir}/core-site.xml'), action="delete")
+
+def copy_jdbc_connector(stack_version=None):
+ import params
+
+ if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
+ error_message = "Error! Sorry, but we can't find jdbc driver related to {0} database to download from {1}. \
+ Please run 'ambari-server setup --jdbc-db={db_name} --jdbc-driver={path_to_jdbc} on server host.'".format(params.db_flavor, params.jdk_location)
+ Logger.error(error_message)
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ kms_home = params.kms_home
+ if stack_version is not None:
+ kms_home = format("{stack_root}/{stack_version}/ranger-kms")
+
+ driver_curl_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ Directory(os.path.join(kms_home, 'ews', 'lib'),
+ mode=0755
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
+
+ Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(kms_home, 'ews', 'webapp', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ Directory(params.jdbc_libs_dir,
+ cd_access="a",
+ create_parents=True)
+
+ Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
+ path=["/bin", "/usr/bin/"])
+
+ File(os.path.join(kms_home, 'ews', 'webapp', 'lib', 'sajdbc4.jar'), mode=0644)
+ else:
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(kms_home, 'ews', 'webapp', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(kms_home, 'ews', 'webapp', 'lib', params.jdbc_jar_name), mode=0644)
+
+ ModifyPropertiesFile(format("{kms_home}/install.properties"),
+ properties = params.config['configurations']['kms-properties'],
+ owner = params.kms_user
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ ModifyPropertiesFile(format("{kms_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{kms_home}/ews/webapp/lib/sajdbc4.jar')},
+ owner = params.kms_user,
+ )
+ else:
+ ModifyPropertiesFile(format("{kms_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
+ owner = params.kms_user,
+ )
+
+def enable_kms_plugin():
+
+ import params
+
+ if params.has_ranger_admin:
+
+ ranger_flag = False
+
+ if params.stack_supports_ranger_kerberos and params.security_enabled:
+ if not is_empty(params.rangerkms_principal) and params.rangerkms_principal != '':
+ ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal)
+ else:
+ ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.spengo_keytab, params.spnego_principal)
+ else:
+ ranger_flag = check_ranger_service()
+
+ if not ranger_flag:
+ Logger.error('Error in Get/Create service for Ranger Kms.')
+
+ current_datetime = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+
+ File(format('{kms_conf_dir}/ranger-security.xml'),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0644,
+ content = format('<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>')
+ )
+
+ Directory([os.path.join('/etc', 'ranger', params.repo_name), os.path.join('/etc', 'ranger', params.repo_name, 'policycache')],
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode=0775,
+ create_parents = True
+ )
+
+ File(os.path.join('/etc', 'ranger', params.repo_name, 'policycache',format('kms_{repo_name}.json')),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0644
+ )
+
+ # remove plain-text password from xml configs
+ plugin_audit_properties_copy = {}
+ plugin_audit_properties_copy.update(params.config['configurations']['ranger-kms-audit'])
+
+ if params.plugin_audit_password_property in plugin_audit_properties_copy:
+ plugin_audit_properties_copy[params.plugin_audit_password_property] = "crypted"
+
+ XmlConfig("ranger-kms-audit.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=plugin_audit_properties_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-audit'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0744)
+
+ XmlConfig("ranger-kms-security.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['ranger-kms-security'],
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-security'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0744)
+
+ # remove plain-text password from xml configs
+ ranger_kms_policymgr_ssl_copy = {}
+ ranger_kms_policymgr_ssl_copy.update(params.config['configurations']['ranger-kms-policymgr-ssl'])
+
+ for prop in params.kms_plugin_password_properties:
+ if prop in ranger_kms_policymgr_ssl_copy:
+ ranger_kms_policymgr_ssl_copy[prop] = "crypted"
+
+ XmlConfig("ranger-policymgr-ssl.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=ranger_kms_policymgr_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-policymgr-ssl'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0744)
+
+ if params.xa_audit_db_is_enabled:
+ cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'auditDBCred', '-v', PasswordString(params.xa_audit_db_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+ cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslKeyStore', '-v', PasswordString(params.ssl_keystore_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+ cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslTrustStore', '-v', PasswordString(params.ssl_truststore_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+ File(params.credential_file,
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0640
+ )
+
+ # create ranger kms audit directory
+ if params.xa_audit_hdfs_is_enabled and params.has_namenode and params.has_hdfs_client_on_node:
+ params.HdfsResource("/ranger/audit",
+ type="directory",
+ action="create_on_execute",
+ owner=params.hdfs_user,
+ group=params.hdfs_user,
+ mode=0755,
+ recursive_chmod=True
+ )
+ params.HdfsResource("/ranger/audit/kms",
+ type="directory",
+ action="create_on_execute",
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0750,
+ recursive_chmod=True
+ )
+ params.HdfsResource(None, action="execute")
+
+ if params.xa_audit_hdfs_is_enabled and len(params.namenode_host) > 1:
+ Logger.info('Audit to Hdfs enabled in NameNode HA environment, creating hdfs-site.xml')
+ XmlConfig("hdfs-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['hdfs-site'],
+ configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+ else:
+ File(format('{kms_conf_dir}/hdfs-site.xml'), action="delete")
+
+def setup_kms_jce():
+ import params
+
+ if params.jce_name is not None:
+ Directory(params.jce_source_dir,
+ create_parents = True
+ )
+
+ jce_target = format('{jce_source_dir}/{jce_name}')
+
+ File(jce_target,
+ content = DownloadSource(format('{jdk_location}/{jce_name}')),
+ mode = 0644,
+ )
+
+ File([format("{java_home}/jre/lib/security/local_policy.jar"), format("{java_home}/jre/lib/security/US_export_policy.jar")],
+ action = "delete",
+ )
+
+ unzip_cmd = ("unzip", "-o", "-j", "-q", jce_target, "-d", format("{java_home}/jre/lib/security"))
+
+ Execute(unzip_cmd,
+ only_if = format("test -e {java_home}/jre/lib/security && test -f {jce_target}"),
+ path = ['/bin/','/usr/bin'],
+ sudo = True
+ )
+ else:
+ Logger.warning("Required jce policy zip is not available, need to setup manually")
+
+
+def check_ranger_service():
+ import params
+
+ policymgr_mgr_url = params.policymgr_mgr_url
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ ranger_adm_obj = Rangeradmin(url=policymgr_mgr_url)
+ ambari_username_password_for_ranger = format("{ambari_ranger_admin}:{ambari_ranger_password}")
+ response_code = ranger_adm_obj.check_ranger_login_urllib2(policymgr_mgr_url)
+
+ if response_code is not None and response_code == 200:
+ user_resp_code = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
+ if user_resp_code is not None and user_resp_code == 200:
+ get_repo_flag = get_repo(policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger)
+ if not get_repo_flag:
+ return create_repo(policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger)
+ else:
+ return True
+ else:
+ return False
+ else:
+ Logger.error('Ranger service is not reachable')
+ return False
+
+@safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=False)
+def create_repo(url, data, usernamepassword):
+ try:
+ base_url = url + '/service/public/v2/api/service'
+ base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
+ headers = {
+ 'Accept': 'application/json',
+ "Content-Type": "application/json"
+ }
+ request = urllib2.Request(base_url, data, headers)
+ request.add_header("Authorization", "Basic {0}".format(base64string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(json.JSONEncoder().encode(result.read()))
+ if response_code == 200:
+ Logger.info('Repository created Successfully')
+ return True
+ else:
+ Logger.info('Repository not created')
+ return False
+ except urllib2.URLError, e:
+ if isinstance(e, urllib2.HTTPError):
+ raise Fail("Error creating service. Http status code - {0}. \n {1}".format(e.code, e.read()))
+ else:
+ raise Fail("Error creating service. Reason - {0}.".format(e.reason))
+ except socket.timeout as e:
+ raise Fail("Error creating service. Reason - {0}".format(e))
+
+@safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=False)
+def get_repo(url, name, usernamepassword):
+ try:
+ base_url = url + '/service/public/v2/api/service?serviceName=' + name + '&serviceType=kms&isEnabled=true'
+ request = urllib2.Request(base_url)
+ base64string = base64.encodestring(usernamepassword).replace('\n', '')
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base64string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(result.read())
+ if response_code == 200 and len(response) > 0:
+ for repo in response:
+ if repo.get('name').lower() == name.lower() and repo.has_key('name'):
+ Logger.info('KMS repository exist')
+ return True
+ else:
+ Logger.info('KMS repository doesnot exist')
+ return False
+ else:
+ Logger.info('KMS repository doesnot exist')
+ return False
+ except urllib2.URLError, e:
+ if isinstance(e, urllib2.HTTPError):
+ raise Fail("Error getting {0} service. Http status code - {1}. \n {2}".format(name, e.code, e.read()))
+ else:
+ raise Fail("Error getting {0} service. Reason - {1}.".format(name, e.reason))
+ except socket.timeout as e:
+ raise Fail("Error creating service. Reason - {0}".format(e))
+
+def check_ranger_service_support_kerberos(user, keytab, principal):
+ import params
+
+ policymgr_mgr_url = params.policymgr_mgr_url
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url)
+ response_code = ranger_adm_obj.check_ranger_login_curl(user, keytab, principal, policymgr_mgr_url, True)
+
+ if response_code is not None and response_code[0] == 200:
+ get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(user, keytab, principal, params.repo_name, 'kms', 'true', is_keyadmin = True)
+ if get_repo_name_response is not None:
+ Logger.info('KMS repository {0} exist'.format(get_repo_name_response['name']))
+ return True
+ else:
+ create_repo_response = ranger_adm_obj.create_repository_curl(user, keytab, principal, params.repo_name, json.dumps(params.kms_ranger_plugin_repo), None, is_keyadmin = True)
+ if create_repo_response is not None and len(create_repo_response) > 0:
+ return True
+ else:
+ return False
+ else:
+ Logger.error('Ranger service is not reachable')
+ return False
[03/10] ambari git commit: ADDENDUM. AMBARI-21011. Upgrade Code.
Append PATH to YARN config 'yarn.nodemanager.admin-env' for HDP 2.6.
Posted by jl...@apache.org.
ADDENDUM. AMBARI-21011. Upgrade Code. Append PATH to YARN config 'yarn.nodemanager.admin-env' for HDP 2.6.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d0a5cd4a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d0a5cd4a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d0a5cd4a
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: d0a5cd4a6b22f0c8e02bb7ceb2d5de11314f542a
Parents: 6e4331e
Author: Swapan Shridhar <ss...@hortonworks.com>
Authored: Fri May 12 22:13:21 2017 -0700
Committer: Swapan Shridhar <ss...@hortonworks.com>
Committed: Fri May 12 22:13:21 2017 -0700
----------------------------------------------------------------------
.../resources/stacks/HDP/2.3/upgrades/config-upgrade.xml | 8 ++++++++
.../stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml | 6 ++++++
.../main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml | 1 +
.../resources/stacks/HDP/2.4/upgrades/config-upgrade.xml | 6 +++++-
.../stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml | 6 ++++++
.../main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml | 1 +
.../resources/stacks/HDP/2.5/upgrades/config-upgrade.xml | 8 ++++++++
.../stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml | 6 ++++++
.../main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml | 4 ++++
.../resources/stacks/HDP/2.6/upgrades/config-upgrade.xml | 8 ++++++++
.../stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml | 7 +++++++
.../main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml | 4 ++++
12 files changed, 64 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
index 8b5c07d..98bb056 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
@@ -546,6 +546,14 @@
</definition>
</changes>
</component>
+ <component name="NODEMANAGER">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <type>yarn-site</type>
+ <insert key="yarn.nodemanager.admin-env" value=",PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$PATH" insert-type="append" newline-before="false" newline-after="false" />
+ </definition>
+ </changes>
+ </component>
</service>
<service name="MAPREDUCE2">
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
index 5aa08c5..4d2b3ec 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
@@ -353,6 +353,12 @@
</task>
</execute-stage>
+ <execute-stage service="YARN" component="NODEMANAGER" title="Apply config changes for YARN NM admin env">
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <summary>Updating YARN NodeManager admin env config</summary>
+ </task>
+ </execute-stage>
+
<!--Yarn Apptimeline server-->
<execute-stage service="YARN" component="APP_TIMELINE_SERVER" title="Apply config changes for App timeline server">
<task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.FixYarnWebServiceUrl">
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
index d98bb53..f1dd943 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
@@ -789,6 +789,7 @@
<component name="NODEMANAGER">
<pre-upgrade>
<task xsi:type="configure" id="hdp_2_5_0_0_add_spark2_yarn_shuffle"/>
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env"/>
</pre-upgrade>
<pre-downgrade/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
index b3d19d4..b448a2d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
@@ -332,7 +332,11 @@
<set key="yarn.nodemanager.aux-services" value="mapreduce_shuffle,spark_shuffle,spark2_shuffle"/>
<!-- Ideally we need to append spark2_shuffle to the existing value -->
</definition>
- </changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <type>yarn-site</type>
+ <insert key="yarn.nodemanager.admin-env" value=",PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$PATH" insert-type="append" newline-before="false" newline-after="false" />
+ </definition>
+ </changes>
</component>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
index 4a2a502..4920f12 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
@@ -331,6 +331,12 @@
</task>
</execute-stage>
+ <execute-stage service="YARN" component="NODEMANAGER" title="Apply config changes for YARN NM admin env">
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <summary>Updating YARN NodeManager admin env config</summary>
+ </task>
+ </execute-stage>
+
<execute-stage service="MAPREDUCE2" component="MAPREDUCE2_CLIENT" title="Apply config changes for Mapreduce2 client">
<task xsi:type="configure" id="hdp_2_6_0_0_mapreduce_job_queuename">
<summary>Adding queue customization property</summary>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
index 1eb9836..6acedc9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
@@ -794,6 +794,7 @@
<component name="NODEMANAGER">
<pre-upgrade>
<task xsi:type="configure" id="hdp_2_5_0_0_add_spark2_yarn_shuffle"/>
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env"/>
</pre-upgrade>
<pre-downgrade/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
index 045ed5a..9ac7042 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
@@ -206,6 +206,14 @@
</definition>
</changes>
</component>
+ <component name="NODEMANAGER">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <type>yarn-site</type>
+ <insert key="yarn.nodemanager.admin-env" value=",PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$PATH" insert-type="append" newline-before="false" newline-after="false" />
+ </definition>
+ </changes>
+ </component>
</service>
<service name="MAPREDUCE2">
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
index 8c659ee..d617a31 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
@@ -345,6 +345,12 @@
</task>
</execute-stage>
+ <execute-stage service="YARN" component="NODEMANAGER" title="Apply config changes for YARN NM admin env">
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <summary>Updating YARN NM admin env config</summary>
+ </task>
+ </execute-stage>
+
<execute-stage>
<task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.FixCapacitySchedulerOrderingPolicy">
<summary>Validate Root Queue Ordering Policy</summary>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
index 3054ca3..fb854b9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
@@ -721,6 +721,10 @@
</component>
<component name="NODEMANAGER">
+ <pre-upgrade>
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env"/>
+ </pre-upgrade>
+ <pre-downgrade />
<upgrade>
<task xsi:type="restart-task" />
</upgrade>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
index a6b7523..628c119 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
@@ -117,6 +117,14 @@
</definition>
</changes>
</component>
+ <component name="NODEMANAGER">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <type>yarn-site</type>
+ <insert key="yarn.nodemanager.admin-env" value=",PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$PATH" insert-type="append" newline-before="false" newline-after="false" />
+ </definition>
+ </changes>
+ </component>
</service>
<service name="KAFKA">
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
index db845bd..f844f98 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
@@ -327,6 +327,13 @@
<task xsi:type="configure" id="hdp_2_6_yarn_preemption"/>
</execute-stage>
+ <!-- YARN -->
+ <execute-stage service="YARN" component="NODEMANAGER" title="Apply config changes for YARN NM admin env">
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env">
+ <summary>Updating YARN NodeManager admin env config</summary>
+ </task>
+ </execute-stage>
+
<!-- KAFKA -->
<execute-stage service="KAFKA" component="KAFKA_BROKER" title="Apply config changes for Ranger Kafka plugin">
<task xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d0a5cd4a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
index 35d3da2..ceb5b84 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
@@ -695,6 +695,10 @@
</component>
<component name="NODEMANAGER">
+ <pre-upgrade>
+ <task xsi:type="configure" id="hdp_2_6_0_0_yarn_nodemanager_admin_env"/>
+ </pre-upgrade>
+ <pre-downgrade/> <!-- no-op to prevent config changes on downgrade -->
<upgrade>
<task xsi:type="restart-task" />
</upgrade>
[07/10] ambari git commit: AMBARI-21006. HDP 3.0 TP - create service
definition for Ranger KMS with configs, kerberos, widgets, etc.(vbrodetsky)
Posted by jl...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py
new file mode 100755
index 0000000..44d61da
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py
@@ -0,0 +1,117 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from resource_management.libraries.functions.default import default
+from kms import kms, setup_kms_db, setup_java_patch, enable_kms_plugin, setup_kms_jce
+from kms_service import kms_service
+import upgrade
+
+class KmsServer(Script):
+
+ def get_component_name(self):
+ return "ranger-kms"
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ setup_kms_db()
+ self.configure(env)
+ setup_java_patch()
+
+ def stop(self, env, upgrade_type=None):
+ import params
+
+ env.set_params(params)
+ kms_service(action = 'stop', upgrade_type=upgrade_type)
+ if params.stack_supports_pid:
+ File(params.ranger_kms_pid_file,
+ action = "delete"
+ )
+
+ def start(self, env, upgrade_type=None):
+ import params
+
+ env.set_params(params)
+ self.configure(env)
+ enable_kms_plugin()
+ setup_kms_jce()
+ kms_service(action = 'start', upgrade_type=upgrade_type)
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_kms_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangerkms | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+ if code != 0:
+ Logger.debug('KMS process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def configure(self, env):
+ import params
+
+ env.set_params(params)
+ kms()
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ upgrade.prestart(env, "ranger-kms")
+ kms(upgrade_type=upgrade_type)
+ setup_java_patch()
+
+ def setup_ranger_kms_database(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+ Logger.info(format('Setting Ranger KMS database schema, using version {stack_version}'))
+ setup_kms_db(stack_version=stack_version)
+
+ def get_log_folder(self):
+ import params
+ return params.kms_log_dir
+
+ def get_user(self):
+ import params
+ return params.kms_user
+
+if __name__ == "__main__":
+ KmsServer().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py
new file mode 100644
index 0000000..2ff48c3
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.core.resources.system import Execute, File
+from resource_management.core import shell
+from resource_management.libraries.functions.format import format
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions.show_logs import show_logs
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+import os
+
+def kms_service(action='start', upgrade_type=None):
+ import params
+
+ env_dict = {'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_library_path}
+
+ if action == 'start':
+ no_op_test = format('ps -ef | grep proc_rangerkms | grep -v grep')
+ cmd = format('{kms_home}/ranger-kms start')
+ try:
+ Execute(cmd, not_if=no_op_test, environment=env_dict, user=format('{kms_user}'))
+ except:
+ show_logs(params.kms_log_dir, params.kms_user)
+ raise
+ elif action == 'stop':
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if os.path.isfile(format('{kms_home}/ranger-kms')):
+ File(format('{kms_home}/ranger-kms'),
+ owner=params.kms_user,
+ group = params.kms_group
+ )
+ cmd = format('{kms_home}/ranger-kms stop')
+ try:
+ Execute(cmd, environment=env_dict, user=format('{kms_user}'))
+ except:
+ show_logs(params.kms_log_dir, params.kms_user)
+ raise
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py
new file mode 100755
index 0000000..2445f2e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py
@@ -0,0 +1,331 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions.stack_features import get_stack_feature_version
+from resource_management.libraries.functions import StackFeature
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.setup_ranger_plugin_xml import generate_ranger_service_config
+from resource_management.libraries.resources.hdfs_resource import HdfsResource
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions import get_kinit_path
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+stack_root = Script.get_stack_root()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+version = default("/commandParams/version", None)
+upgrade_direction = default("/commandParams/upgrade_direction", None)
+
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+
+# get the correct version to use for checking stack features
+version_for_stack_feature_checks = get_stack_feature_version(config)
+
+stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
+stack_support_kms_hsm = check_stack_feature(StackFeature.RANGER_KMS_HSM_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
+stack_supports_pid = check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kms_ssl = check_stack_feature(StackFeature.RANGER_KMS_SSL, version_for_stack_feature_checks)
+
+hadoop_conf_dir = conf_select.get_hadoop_conf_dir()
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+
+if stack_supports_config_versioning:
+ kms_home = format('{stack_root}/current/ranger-kms')
+ kms_conf_dir = format('{stack_root}/current/ranger-kms/conf')
+
+kms_log_dir = default("/configurations/kms-env/kms_log_dir", "/var/log/ranger/kms")
+java_home = config['hostLevelParams']['java_home']
+kms_user = default("/configurations/kms-env/kms_user", "kms")
+kms_group = default("/configurations/kms-env/kms_group", "kms")
+
+ranger_kms_audit_log_maxfilesize = default('/configurations/kms-log4j/ranger_kms_audit_log_maxfilesize',256)
+ranger_kms_audit_log_maxbackupindex = default('/configurations/kms-log4j/ranger_kms_audit_log_maxbackupindex',20)
+ranger_kms_log_maxfilesize = default('/configurations/kms-log4j/ranger_kms_log_maxfilesize',256)
+ranger_kms_log_maxbackupindex = default('/configurations/kms-log4j/ranger_kms_log_maxbackupindex',20)
+
+jdk_location = config['hostLevelParams']['jdk_location']
+kms_log4j = config['configurations']['kms-log4j']['content']
+
+# ranger host
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts'][0]
+has_ranger_admin = len(ranger_admin_hosts) > 0
+kms_host = config['clusterHostInfo']['ranger_kms_server_hosts'][0]
+kms_port = config['configurations']['kms-env']['kms_port']
+
+create_db_user = config['configurations']['kms-env']['create_db_user']
+
+#kms properties
+db_flavor = (config['configurations']['kms-properties']['DB_FLAVOR']).lower()
+db_host = config['configurations']['kms-properties']['db_host']
+db_name = config['configurations']['kms-properties']['db_name']
+db_user = config['configurations']['kms-properties']['db_user']
+db_password = unicode(config['configurations']['kms-properties']['db_password'])
+kms_master_key_password = unicode(config['configurations']['kms-properties']['KMS_MASTER_KEY_PASSWD'])
+credential_provider_path = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.provider.path']
+jdbc_alias = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.alias']
+masterkey_alias = config['configurations']['dbks-site']['ranger.ks.masterkey.credential.alias']
+repo_name = str(config['clusterName']) + '_kms'
+repo_name_value = config['configurations']['ranger-kms-security']['ranger.plugin.kms.service.name']
+if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+cred_lib_path = os.path.join(kms_home,"cred","lib","*")
+cred_setup_prefix = (format('{kms_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+if has_ranger_admin:
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+ xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+ xa_audit_db_password = ''
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+ xa_db_host = config['configurations']['admin-properties']['db_host']
+
+ admin_uname = config['configurations']['ranger-env']['admin_username']
+ admin_password = config['configurations']['ranger-env']['admin_password']
+ ambari_ranger_admin = config['configurations']['ranger-env']['ranger_admin_username']
+ ambari_ranger_password = config['configurations']['ranger-env']['ranger_admin_password']
+ admin_uname_password = format("{admin_uname}:{admin_password}")
+ ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
+
+default_connectors_map = { "mssql":"sqljdbc4.jar",
+ "mysql":"mysql-connector-java.jar",
+ "postgres":"postgresql-jdbc.jar",
+ "oracle":"ojdbc.jar",
+ "sqla":"sajdbc4.jar"}
+
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = None
+previous_jdbc_jar_name = None
+if db_flavor == 'mysql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ db_jdbc_url = format('jdbc:log4jdbc:mysql://{db_host}/{db_name}')
+ db_jdbc_driver = "com.mysql.jdbc.Driver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
+elif db_flavor == 'oracle':
+ jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ colon_count = db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ db_jdbc_url = format('jdbc:oracle:thin:@{db_host}')
+ else:
+ db_jdbc_url = format('jdbc:oracle:thin:@//{db_host}')
+ db_jdbc_driver = "oracle.jdbc.OracleDriver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
+elif db_flavor == 'postgres':
+ jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ db_jdbc_url = format('jdbc:postgresql://{db_host}/{db_name}')
+ db_jdbc_driver = "org.postgresql.Driver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
+elif db_flavor == 'mssql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ db_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={db_name}')
+ db_jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
+elif db_flavor == 'sqla':
+ jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ db_jdbc_url = format('jdbc:sqlanywhere:database={db_name};host={db_host}')
+ db_jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+previous_jdbc_jar = format("{kms_home}/ews/webapp/lib/{previous_jdbc_jar_name}")
+ews_lib_jar_path = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+
+if db_flavor == 'sqla':
+ downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
+ jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
+ libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
+ jdbc_libs_dir = format("{kms_home}/native/lib64")
+ ld_library_path = format("{jdbc_libs_dir}")
+
+if has_ranger_admin:
+ xa_previous_jdbc_jar_name = None
+ if stack_supports_ranger_audit_db:
+ if xa_audit_db_flavor == 'mysql':
+ jdbc_jar = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
+ jdbc_driver = "com.mysql.jdbc.Driver"
+ elif xa_audit_db_flavor == 'oracle':
+ jdbc_jar = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ colon_count = xa_db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
+ else:
+ audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
+ jdbc_driver = "oracle.jdbc.OracleDriver"
+ elif xa_audit_db_flavor == 'postgres':
+ jdbc_jar = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
+ jdbc_driver = "org.postgresql.Driver"
+ elif xa_audit_db_flavor == 'mssql':
+ jdbc_jar = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
+ jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
+ elif xa_audit_db_flavor == 'sqla':
+ jdbc_jar = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
+ jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
+
+ downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") if stack_supports_ranger_audit_db else None
+ driver_source = format("{jdk_location}/{jdbc_jar}") if stack_supports_ranger_audit_db else None
+ driver_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar}") if stack_supports_ranger_audit_db else None
+ xa_previous_jdbc_jar = format("{kms_home}/ews/webapp/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+
+repo_config_username = config['configurations']['kms-properties']['REPOSITORY_CONFIG_USERNAME']
+repo_config_password = unicode(config['configurations']['kms-properties']['REPOSITORY_CONFIG_PASSWORD'])
+
+kms_plugin_config = {
+ 'username' : repo_config_username,
+ 'password' : repo_config_password,
+ 'provider' : format('kms://http@{kms_host}:{kms_port}/kms')
+}
+
+xa_audit_db_is_enabled = False
+if stack_supports_ranger_audit_db:
+ xa_audit_db_is_enabled = config['configurations']['ranger-kms-audit']['xasecure.audit.destination.db']
+ssl_keystore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
+ssl_truststore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
+
+#For SQLA explicitly disable audit to DB for Ranger
+if xa_audit_db_flavor == 'sqla':
+ xa_audit_db_is_enabled = False
+
+current_host = config['hostname']
+ranger_kms_hosts = config['clusterHostInfo']['ranger_kms_server_hosts']
+if current_host in ranger_kms_hosts:
+ kms_host = current_host
+
+check_db_connection_jar_name = "DBConnectionVerification.jar"
+check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
+ranger_kms_jdbc_connection_url = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.url']
+ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.driver']
+
+jce_name = default("/hostLevelParams/jce_name", None)
+jce_source_dir = format('{tmp_dir}/jce_dir')
+
+#kms hsm support
+enable_kms_hsm = default("/configurations/dbks-site/ranger.ks.hsm.enabled", False)
+hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition.password.alias", "ranger.kms.hsm.partition.password")
+hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None)
+
+# kms kerberos from stack 2.5 onward
+rangerkms_bare_principal = 'rangerkms'
+
+if stack_supports_ranger_kerberos:
+ if security_enabled:
+ rangerkms_principal = config['configurations']['dbks-site']['ranger.ks.kerberos.principal']
+ rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab']
+ if not is_empty(rangerkms_principal) and rangerkms_principal != '':
+ rangerkms_bare_principal = get_bare_principal(rangerkms_principal)
+ rangerkms_principal = rangerkms_principal.replace('_HOST', kms_host.lower())
+ kms_plugin_config['policy.download.auth.users'] = format('keyadmin,{rangerkms_bare_principal}')
+
+custom_ranger_service_config = generate_ranger_service_config(config['configurations']['kms-properties'])
+if len(custom_ranger_service_config) > 0:
+ kms_plugin_config.update(custom_ranger_service_config)
+
+kms_ranger_plugin_repo = {
+ 'isEnabled' : 'true',
+ 'configs' : kms_plugin_config,
+ 'description' : 'kms repo',
+ 'name' : repo_name,
+ 'type' : 'kms'
+}
+
+# ranger kms pid
+user_group = config['configurations']['cluster-env']['user_group']
+ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
+ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
+
+if security_enabled:
+ spengo_keytab = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab']
+ spnego_principal = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal']
+ spnego_principal = spnego_principal.replace('_HOST', current_host.lower())
+
+plugin_audit_password_property = 'xasecure.audit.destination.db.password'
+kms_plugin_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
+dbks_site_password_properties = ['ranger.db.encrypt.key.password', 'ranger.ks.jpa.jdbc.password', 'ranger.ks.hsm.partition.password']
+ranger_kms_site_password_properties = ['ranger.service.https.attrib.keystore.pass']
+ranger_kms_cred_ssl_path = config['configurations']['ranger-kms-site']['ranger.credential.provider.path']
+ranger_kms_ssl_keystore_alias = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.credential.alias']
+ranger_kms_ssl_passwd = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.pass']
+ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled']
+
+xa_audit_hdfs_is_enabled = default("/configurations/ranger-kms-audit/xasecure.audit.destination.hdfs", False)
+namenode_host = default("/clusterHostInfo/namenode_host", [])
+
+# need this to capture cluster name from where ranger kms plugin is enabled
+cluster_name = config['clusterName']
+
+has_namenode = len(namenode_host) > 0
+
+hdfs_user = default("/configurations/hadoop-env/hdfs_user", None)
+hdfs_user_keytab = default("/configurations/hadoop-env/hdfs_user_keytab", None)
+hdfs_principal_name = default("/configurations/hadoop-env/hdfs_principal_name", None)
+default_fs = default("/configurations/core-site/fs.defaultFS", None)
+hdfs_site = config['configurations']['hdfs-site'] if has_namenode else None
+hadoop_bin_dir = stack_select.get_hadoop_dir("bin") if has_namenode else None
+kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None))
+
+import functools
+# create partial functions with common arguments for every HdfsResource call
+# to create/delete hdfs directory/file/copyfromlocal we need to call params.HdfsResource in code
+HdfsResource = functools.partial(
+ HdfsResource,
+ user=hdfs_user,
+ security_enabled = security_enabled,
+ keytab = hdfs_user_keytab,
+ kinit_path_local = kinit_path_local,
+ hadoop_bin_dir = hadoop_bin_dir,
+ hadoop_conf_dir = hadoop_conf_dir,
+ principal_name = hdfs_principal_name,
+ hdfs_site = hdfs_site,
+ default_fs = default_fs
+)
+
+local_component_list = default("/localComponents", [])
+has_hdfs_client_on_node = 'HDFS_CLIENT' in local_component_list
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py
new file mode 100644
index 0000000..84e4e73
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from resource_management.core.exceptions import ComponentIsNotRunning
+
+
+class KmsServiceCheck(Script):
+ def service_check(self, env):
+ import params
+
+ env.set_params(params)
+ cmd = 'ps -ef | grep proc_rangerkms | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+ if code == 0:
+ Logger.info('KMS process up and running')
+ else:
+ Logger.debug('KMS process not running')
+ raise ComponentIsNotRunning()
+
+if __name__ == "__main__":
+ KmsServiceCheck().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
new file mode 100644
index 0000000..34d0082
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, stack_version_formatted)
+ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
+ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
new file mode 100644
index 0000000..8478bb8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions.format import format
+
+def prestart(env, stack_component):
+ import params
+
+ if params.version and params.stack_supports_config_versioning:
+ conf_select.select(params.stack_name, stack_component, params.version)
+ stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2 b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
new file mode 100644
index 0000000..306fade
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
@@ -0,0 +1,48 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+{
+ "input":[
+ {
+ "type":"ranger_kms",
+ "rowtype":"service",
+ "path":"{{default('/configurations/kms-env/kms_log_dir', '/var/log/ranger/kms')}}/kms.log"
+ }
+ ],
+ "filter":[
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_kms"
+ ]
+ }
+ },
+ "log4j_format":"%d{ISO8601} %-5p %c{1} - %m%n",
+ "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
+ "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
new file mode 100644
index 0000000..7ddab41
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
@@ -0,0 +1,7 @@
+{
+ "general_deps" : {
+ "_comment" : "dependencies for RANGER-KMS",
+ "RANGER_KMS_SERVER-START" : ["RANGER_ADMIN-START", "NAMENODE-START"],
+ "RANGER_KMS_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_KMS_SERVER-START"]
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
new file mode 100644
index 0000000..c08a56c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
@@ -0,0 +1,303 @@
+{
+ "name": "default",
+ "description": "Default theme for Ranger KMS service",
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "db_settings",
+ "display-name": "Settings",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-db-settings",
+ "display-name": "",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "4",
+ "column-span": "2",
+ "section-columns": "2",
+ "section-rows": "4",
+ "subsections": [
+ {
+ "name": "subsection-kms-db-row1-col1",
+ "display-name": "Ranger KMS DB",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-kms-db-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-kms-create-db-user-row2-col",
+ "display-name": "Setup Database and Database User",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2"
+ },
+ {
+ "name": "subsection-kms-db-root-user-row3-col1",
+ "display-name": "Ranger KMS Root DB",
+ "row-index": "2",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "kms-env/create_db_user"
+ ],
+ "if": "${kms-env/create_db_user}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "subsection-kms-db-root-user-row3-col2",
+ "row-index": "2",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "kms-env/create_db_user"
+ ],
+ "if": "${kms-env/create_db_user}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "subsection-kms-master-row4-col",
+ "display-name": "KMS Master Secret Password",
+ "row-index": "3",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "kms-properties/DB_FLAVOR",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "kms-properties/db_name",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.url",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "kms-properties/db_user",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "kms-properties/db_host",
+ "subsection-name": "subsection-kms-db-row1-col2"
+ },
+ {
+ "config": "kms-properties/SQL_CONNECTOR_JAR",
+ "subsection-name": "subsection-kms-db-row1-col2",
+ "depends-on" : [
+ {
+ "configs":[
+ "kms-properties/DB_FLAVOR"
+ ],
+ "if": "${kms-properties/DB_FLAVOR} === SQLA",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
+ "subsection-name": "subsection-kms-db-row1-col2"
+ },
+ {
+ "config": "kms-properties/db_password",
+ "subsection-name": "subsection-kms-db-row1-col2"
+ },
+ {
+ "config": "kms-properties/db_root_user",
+ "subsection-name": "subsection-kms-db-root-user-row3-col1"
+ },
+ {
+ "config": "kms-properties/db_root_password",
+ "subsection-name": "subsection-kms-db-root-user-row3-col2"
+ },
+ {
+ "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
+ "subsection-name": "subsection-kms-master-row4-col"
+ },
+ {
+ "config" : "kms-env/create_db_user",
+ "subsection-name": "subsection-kms-create-db-user-row2-col"
+ },
+ {
+ "config": "kms-env/test_db_kms_connection",
+ "subsection-name": "subsection-kms-create-db-user-row2-col",
+ "property_value_attributes": {
+ "ui_only_property": true
+ },
+ "depends-on": [
+ {
+ "configs":[
+ "kms-env/create_db_user"
+ ],
+ "if": "${kms-env/create_db_user}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "kms-properties/DB_FLAVOR",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "kms-properties/db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/SQL_CONNECTOR_JAR",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_root_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_host",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "kms-properties/db_root_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "kms-env/create_db_user",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "kms-env/test_db_kms_connection",
+ "widget": {
+ "type": "test-db-connection",
+ "display-name": "Test Connection",
+ "required-properties": {
+ "jdbc.driver.class": "dbks-site/ranger.ks.jpa.jdbc.driver",
+ "jdbc.driver.url": "dbks-site/ranger.ks.jpa.jdbc.url",
+ "db.connection.source.host": "ranger_kms-site/ranger_kms_server_hosts",
+ "db.type": "kms-properties/DB_FLAVOR",
+ "db.connection.destination.host": "kms-properties/db_host",
+ "db.connection.user": "kms-properties/db_user",
+ "db.connection.password": "kms-properties/db_password"
+ }
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
+ "widget" : {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.url",
+ "widget": {
+ "type": "text-field"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
new file mode 100644
index 0000000..be50dad
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
@@ -0,0 +1,124 @@
+{
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "kms_hsm",
+ "display-name": "KMS HSM",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-kms-hms",
+ "display-name": "",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "2",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "2",
+ "subsections": [
+ {
+ "name": "subsection-kms-hsm-row1-col1",
+ "display-name": "Ranger KMS HSM Enabled",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-kms-hsm-row2-col1",
+ "display-name": "Configuration Settings",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs": [
+ "dbks-site/ranger.ks.hsm.enabled"
+ ],
+ "if": "${dbks-site/ranger.ks.hsm.enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "dbks-site/ranger.ks.hsm.enabled",
+ "subsection-name": "subsection-kms-hsm-row1-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.type",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.name",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ },
+ {
+ "config": "kms-env/hsm_partition_password",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "dbks-site/ranger.ks.hsm.enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.type",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-env/hsm_partition_password",
+ "widget": {
+ "type": "password"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/ad09bb66/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
new file mode 100644
index 0000000..3375d90
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER_KMS</name>
+ <version>0.5.0.3.0</version>
+ <extends>common-services/RANGER_KMS/0.5.0.3.0</extends>
+ </service>
+ </services>
+</metainfo>
[05/10] ambari git commit: AMBARI-21015. Add RegistryClient Jaas
section to storm_jaas.conf (Sriharsha Chintalapani via smohanty)
Posted by jl...@apache.org.
AMBARI-21015. Add RegistryClient Jaas section to storm_jaas.conf (Sriharsha Chintalapani via smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d83f733b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d83f733b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d83f733b
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: d83f733b054e9f2ed898093012af856835d6ae1a
Parents: 822d545
Author: Sumit Mohanty <sm...@hortonworks.com>
Authored: Sat May 13 00:16:07 2017 -0700
Committer: Sumit Mohanty <sm...@hortonworks.com>
Committed: Sat May 13 00:17:00 2017 -0700
----------------------------------------------------------------------
.../STORM/0.9.1/package/templates/storm_jaas.conf.j2 | 8 ++++++++
1 file changed, 8 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d83f733b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
index 8116492..c22cb51 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
@@ -33,6 +33,14 @@ StormClient {
serviceName="{{nimbus_bare_jaas_principal}}"
principal="{{storm_jaas_principal}}";
};
+RegistryClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="{{storm_keytab_path}}"
+ storeKey=true
+ useTicketCache=false
+ principal="{{storm_jaas_principal}}";
+};
{% endif %}
Client {
com.sun.security.auth.module.Krb5LoginModule required
[10/10] ambari git commit: AMBARI-21021. Service-level repositories
should indicate 'Service' on the UI (alexantonenko)
Posted by jl...@apache.org.
AMBARI-21021. Service-level repositories should indicate 'Service' on the UI (alexantonenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/38cc334e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/38cc334e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/38cc334e
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: 38cc334e035f588d1077962b597d77c068c31326
Parents: e126526
Author: Alex Antonenko <hi...@gmail.com>
Authored: Mon May 15 16:32:47 2017 +0300
Committer: Alex Antonenko <hi...@gmail.com>
Committed: Mon May 15 17:10:48 2017 +0300
----------------------------------------------------------------------
.../admin/stack_upgrade/upgrade_version_box.hbs | 3 ++
.../stack_upgrade/upgrade_version_box_view.js | 2 +
.../step7/assign_master_controller_test.js | 40 +++++++++++++-------
ambari-web/test/utils/helper_test.js | 6 +--
4 files changed, 34 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/38cc334e/ambari-web/app/templates/main/admin/stack_upgrade/upgrade_version_box.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/admin/stack_upgrade/upgrade_version_box.hbs b/ambari-web/app/templates/main/admin/stack_upgrade/upgrade_version_box.hbs
index 13dca9a..0772215 100644
--- a/ambari-web/app/templates/main/admin/stack_upgrade/upgrade_version_box.hbs
+++ b/ambari-web/app/templates/main/admin/stack_upgrade/upgrade_version_box.hbs
@@ -32,6 +32,9 @@
{{#if view.isPatch}}
<i class="glyphicon glyphicon-umbrella"></i> {{t common.patch}}
{{/if}}
+ {{#if view.isService}}
+ <i class="glyphicon glyphicon-umbrella"></i> {{t common.service}}
+ {{/if}}
</p>
http://git-wip-us.apache.org/repos/asf/ambari/blob/38cc334e/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js b/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
index 081d7cd..f102402 100644
--- a/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
+++ b/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
@@ -73,6 +73,8 @@ App.UpgradeVersionBoxView = Em.View.extend({
isPatch: Em.computed.equal('content.type', 'PATCH'),
+ isService: Em.computed.equal('content.type', 'SERVICE'),
+
/**
* @type {boolean}
*/
http://git-wip-us.apache.org/repos/asf/ambari/blob/38cc334e/ambari-web/test/controllers/wizard/step7/assign_master_controller_test.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/controllers/wizard/step7/assign_master_controller_test.js b/ambari-web/test/controllers/wizard/step7/assign_master_controller_test.js
index 1380ef2..fd7637e 100644
--- a/ambari-web/test/controllers/wizard/step7/assign_master_controller_test.js
+++ b/ambari-web/test/controllers/wizard/step7/assign_master_controller_test.js
@@ -414,19 +414,31 @@ describe('App.AssignMasterOnStep7Controller', function () {
expect(view.showPopup.calledWith({componentName: 'C1'})).to.be.true;
});
- it('showAlertPopup should be called', function() {
- this.mock.returns(true);
- view.pendingBatchRequestsAjaxSuccess({}, {}, {hostComponent: {componentName: 'C1'}});
- expect(App.showAlertPopup.calledWith(
- Em.I18n.t('services.service.actions.hsi.alertPopup.header'),
- Em.I18n.t('services.service.actions.hsi.alertPopup.body')
- )).to.be.true;
- expect(configWidgetContext.get('config.value')).to.be.equal('iv1');
- expect(configWidgetContext.get('controller.forceUpdateBoundaries')).to.be.true;
- expect(configWidgetContext.setValue.calledWith('iv1')).to.be.true;
- expect(configWidgetContext.sendRequestRorDependentConfigs.calledWith(
- configWidgetContext.get('config')
- )).to.be.true;
+ describe('showAlertPopup should be called', function() {
+ beforeEach(function() {
+ this.mock.returns(true);
+ view.pendingBatchRequestsAjaxSuccess({}, {}, {hostComponent: {componentName: 'C1'}});
+ });
+ it('App.showAlertPopup is called', function () {
+ expect(App.showAlertPopup.calledWith(
+ Em.I18n.t('services.service.actions.hsi.alertPopup.header'),
+ Em.I18n.t('services.service.actions.hsi.alertPopup.body')
+ )).to.be.true;
+ });
+ it('config value is correct', function () {
+ expect(configWidgetContext.get('config.value')).to.be.equal('iv1');
+ });
+ it('forceUpdateBoundaries is true', function () {
+ expect(configWidgetContext.get('controller.forceUpdateBoundaries')).to.be.true;
+ });
+ it('configWidgetContext.setValue is called', function () {
+ expect(configWidgetContext.setValue.calledWith('iv1')).to.be.true;
+ });
+ it('configWidgetContext.sendRequestRorDependentConfigs is called', function () {
+ expect(configWidgetContext.sendRequestRorDependentConfigs.calledWith(
+ configWidgetContext.get('config')
+ )).to.be.true;
+ });
});
});
@@ -991,4 +1003,4 @@ describe('App.AssignMasterOnStep7Controller', function () {
]);
});
});
-});
\ No newline at end of file
+});
http://git-wip-us.apache.org/repos/asf/ambari/blob/38cc334e/ambari-web/test/utils/helper_test.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/utils/helper_test.js b/ambari-web/test/utils/helper_test.js
index 368e81c..9dcbc4f 100644
--- a/ambari-web/test/utils/helper_test.js
+++ b/ambari-web/test/utils/helper_test.js
@@ -256,8 +256,8 @@ describe('utils/helper', function() {
describe('#App.format', function(){
describe('#commandDetail()', function() {
var command = "GANGLIA_MONITOR STOP";
- var custom_command_detail = "Remove_Logical_Mycomponent Mycomponent";
- var ops_display_name = "Remove Logical Mycomponent";
+ var customCommandDetail = "Remove_Logical_Mycomponent Mycomponent";
+ var opsDisplayName = "Remove Logical Mycomponent";
var ignored = "DECOMMISSION, NAMENODE";
var removeString = "SERVICE/HDFS STOP";
var nagiosState = "nagios_update_ignore ACTIONEXECUTE";
@@ -266,7 +266,7 @@ describe('utils/helper', function() {
expect(App.format.commandDetail(command)).to.be.equal(' Ganglia Monitor Stop');
});
it('should use display name for operations if specified', function() {
- expect(App.format.commandDetail(custom_command_detail, null, ops_display_name)).to.be.equal(' Remove Logical Mycomponent');
+ expect(App.format.commandDetail(customCommandDetail, null, opsDisplayName)).to.be.equal(' Remove Logical Mycomponent');
});
it('should ignore decommission command', function(){
expect(App.format.commandDetail(ignored)).to.be.equal(' NameNode');
[06/10] ambari git commit: AMBARI-21004. Supprt boot2docker &
docker-machine in Log Search integration test module (oleewere)
Posted by jl...@apache.org.
AMBARI-21004. Supprt boot2docker & docker-machine in Log Search integration test module (oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7ccb6dca
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7ccb6dca
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7ccb6dca
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: 7ccb6dcafe3c24bd80be84cf9aa0f30353c889f4
Parents: d83f733
Author: oleewere <ol...@gmail.com>
Authored: Fri May 12 15:52:30 2017 +0200
Committer: oleewere <ol...@gmail.com>
Committed: Sat May 13 14:09:25 2017 +0200
----------------------------------------------------------------------
ambari-logsearch/README.md | 2 +-
ambari-logsearch/ambari-logsearch-it/pom.xml | 4 ++++
.../logsearch/steps/AbstractLogSearchSteps.java | 3 +--
.../logsearch/story/LogSearchUIStories.java | 5 ++---
.../backend/log_search_api_query_story.story | 17 -----------------
.../stories/backend/log_search_api_tests.story | 17 +++++++++++++++++
.../backend/logfeeder_parsing_story.story | 20 --------------------
.../backend/logfeeder_parsing_tests.story | 20 ++++++++++++++++++++
8 files changed, 45 insertions(+), 43 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/README.md
----------------------------------------------------------------------
diff --git a/ambari-logsearch/README.md b/ambari-logsearch/README.md
index 4123a52..92b98f9 100644
--- a/ambari-logsearch/README.md
+++ b/ambari-logsearch/README.md
@@ -36,7 +36,7 @@ mvn -Dbuild-deb clean package
## Running Integration Tests
-By default integration tests are not a part of the build process, you need to set -Dbackend-tests or -Dselenium-tests (or you can use -Dall-tests to run both). To running the tests you will need docker here as well (right now docker-for-mac and unix are supported only).
+By default integration tests are not a part of the build process, you need to set -Dbackend-tests or -Dselenium-tests (or you can use -Dall-tests to run both). To running the tests you will need docker here as well (right now docker-for-mac and unix are supported by default, for boot2docker you need to pass -Ddocker.host parameter to the build).
```bash
# from ambari-logsearch folder
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/pom.xml
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/pom.xml b/ambari-logsearch/ambari-logsearch-it/pom.xml
index cdb76a5..0058c80 100644
--- a/ambari-logsearch/ambari-logsearch-it/pom.xml
+++ b/ambari-logsearch/ambari-logsearch-it/pom.xml
@@ -38,6 +38,7 @@
<jackson-jaxrs.version>2.6.4</jackson-jaxrs.version>
<failsafe-plugin.version>2.20</failsafe-plugin.version>
<forkCount>1</forkCount>
+ <docker.host>localhost</docker.host>
</properties>
<dependencies>
@@ -160,6 +161,7 @@
</includes>
<systemPropertyVariables>
<log4j.configuration>file:${project.build.testOutputDirectory}/log4j.properties</log4j.configuration>
+ <docker.host>${docker.host}</docker.host>
</systemPropertyVariables>
</configuration>
</execution>
@@ -201,6 +203,7 @@
</includes>
<systemPropertyVariables>
<log4j.configuration>file:${project.build.testOutputDirectory}/log4j.properties</log4j.configuration>
+ <docker.host>${docker.host}</docker.host>
</systemPropertyVariables>
</configuration>
</execution>
@@ -242,6 +245,7 @@
</includes>
<systemPropertyVariables>
<log4j.configuration>file:${project.build.testOutputDirectory}/log4j.properties</log4j.configuration>
+ <docker.host>${docker.host}</docker.host>
</systemPropertyVariables>
</configuration>
</execution>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/steps/AbstractLogSearchSteps.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/steps/AbstractLogSearchSteps.java b/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/steps/AbstractLogSearchSteps.java
index a7dd409..a0027ae 100644
--- a/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/steps/AbstractLogSearchSteps.java
+++ b/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/steps/AbstractLogSearchSteps.java
@@ -55,8 +55,7 @@ public class AbstractLogSearchSteps {
LOG.info("Command output: {}", output);
StoryDataRegistry.INSTANCE.setLogsearchContainerStarted(true);
- // TODO: create a script which returns the proper host for docker, use: runCommand or an env variable
- String dockerHostFromUri = "localhost";
+ String dockerHostFromUri = System.getProperty("docker.host") != null ? System.getProperty("docker.host") : "localhost";;
StoryDataRegistry.INSTANCE.setDockerHost(dockerHostFromUri);
checkHostAndPortReachable(dockerHostFromUri, StoryDataRegistry.INSTANCE.getLogsearchPort(), "LogSearch");
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/story/LogSearchUIStories.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/story/LogSearchUIStories.java b/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/story/LogSearchUIStories.java
index eb2a180..217c50f 100644
--- a/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/story/LogSearchUIStories.java
+++ b/ambari-logsearch/ambari-logsearch-it/src/test/java/org/apache/ambari/logsearch/story/LogSearchUIStories.java
@@ -53,9 +53,8 @@ public class LogSearchUIStories extends JUnitStories {
private SeleniumContext context;
public LogSearchUIStories() {
- // TODO: get docker host from a runCommand funtion
- String hubUrl = "http://localhost:4444/wd/hub";
- System.setProperty("REMOTE_WEBDRIVER_URL", hubUrl);
+ String dockerHost = System.getProperty("docker.host") != null ? System.getProperty("docker.host") : "localhost";
+ System.setProperty("REMOTE_WEBDRIVER_URL", String.format("http://%s:4444/wd/hub", dockerHost));
DesiredCapabilities capability = DesiredCapabilities.firefox();
capability.setPlatform(Platform.LINUX);
capability.setVersion("45.8.0");
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_query_story.story
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_query_story.story b/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_query_story.story
deleted file mode 100644
index 0af00f5..0000000
--- a/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_query_story.story
+++ /dev/null
@@ -1,17 +0,0 @@
-Meta:
-
-Narrative:
-As a user
-I want to perform queries against Log Search api
-So that I can validate the json outputs
-
-Scenario: Log Search API JSON responses
-
-Given logsearch docker container
-When LogSearch api query sent: <apiQuery>
-Then The api query result is <jsonResult>
-
-Examples:
-|apiQuery|jsonResult|
-|/api/v1/service/logs/schema/fields|service-log-schema.json|
-|/api/v1/service/logs/levels/counts?page=0&pageSize=25&startIndex=0&q=*%3A*|service-log-level-counts-values.json|
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_tests.story
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_tests.story b/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_tests.story
new file mode 100644
index 0000000..0af00f5
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/log_search_api_tests.story
@@ -0,0 +1,17 @@
+Meta:
+
+Narrative:
+As a user
+I want to perform queries against Log Search api
+So that I can validate the json outputs
+
+Scenario: Log Search API JSON responses
+
+Given logsearch docker container
+When LogSearch api query sent: <apiQuery>
+Then The api query result is <jsonResult>
+
+Examples:
+|apiQuery|jsonResult|
+|/api/v1/service/logs/schema/fields|service-log-schema.json|
+|/api/v1/service/logs/levels/counts?page=0&pageSize=25&startIndex=0&q=*%3A*|service-log-level-counts-values.json|
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_story.story
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_story.story b/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_story.story
deleted file mode 100644
index 388e624..0000000
--- a/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_story.story
+++ /dev/null
@@ -1,20 +0,0 @@
-Story Service logs are parsed and stored into Solr
-
-Narrative:
-As a user
-I want to start logsearch/logfeeder/solr components in a docker container with test logs
-So that I can parse and store the logs into Solr
-
-Scenario: Number of logs for components
-
-Given logsearch docker container
-When logfeeder started (parse logs & send data to solr)
-Then the number of <component> docs is: <docSize>
-
-Examples:
-|component|docSize|
-|logsearch_app|1|
-|zookeeper|3|
-|hst_agent|4|
-|secure_log|11|
-|system_message|17|
http://git-wip-us.apache.org/repos/asf/ambari/blob/7ccb6dca/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_tests.story
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_tests.story b/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_tests.story
new file mode 100644
index 0000000..388e624
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-it/src/test/resources/stories/backend/logfeeder_parsing_tests.story
@@ -0,0 +1,20 @@
+Story Service logs are parsed and stored into Solr
+
+Narrative:
+As a user
+I want to start logsearch/logfeeder/solr components in a docker container with test logs
+So that I can parse and store the logs into Solr
+
+Scenario: Number of logs for components
+
+Given logsearch docker container
+When logfeeder started (parse logs & send data to solr)
+Then the number of <component> docs is: <docSize>
+
+Examples:
+|component|docSize|
+|logsearch_app|1|
+|zookeeper|3|
+|hst_agent|4|
+|secure_log|11|
+|system_message|17|