You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2015/08/18 19:27:06 UTC
ambari git commit: AMBARI-12782. Handle file permissions for jceks
file in umask 027 (Gautam Borad via alejandro)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 c1c1effca -> 569c4a159
AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/569c4a15
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/569c4a15
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/569c4a15
Branch: refs/heads/branch-2.1
Commit: 569c4a1596f214c6a1475ae8dfee5bb770ac28eb
Parents: c1c1eff
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Tue Aug 18 10:26:54 2015 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Tue Aug 18 10:26:54 2015 -0700
----------------------------------------------------------------------
.../functions/setup_ranger_plugin_xml.py | 22 +++++++++++---------
.../0.4.0/package/scripts/setup_ranger_xml.py | 14 ++++++++-----
.../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 7 +++++--
3 files changed, 26 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
index 74f0e83..0d2a6d3 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
@@ -30,7 +30,7 @@ from resource_management.libraries.functions.get_hdp_version import get_hdp_vers
from resource_management.core.logger import Logger
from resource_management.core.source import DownloadSource, InlineTemplate
from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2
-
+from resource_management.core.utils import PasswordString
def setup_ranger_plugin(component_select_name, service_name,
component_downloaded_custom_connector, component_driver_curl_source,
@@ -97,7 +97,8 @@ def setup_ranger_plugin(component_select_name, service_name,
owner = component_user,
group = component_group,
mode=0775,
- recursive = True
+ recursive = True,
+ cd_access = 'a'
)
for cache_service in cache_service_list:
@@ -168,19 +169,20 @@ def setup_ranger_plugin_keystore(service_name, audit_db_is_enabled, hdp_version,
ssl_truststore_password, ssl_keystore_password, component_user, component_group, java_home):
cred_lib_path = format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/install/lib/*')
- cred_setup_prefix = format('python /usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py -l "{cred_lib_path}"')
+ cred_setup_prefix = (format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py'), '-l', cred_lib_path)
if audit_db_is_enabled:
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v {xa_audit_db_password!p} -c 1')
- Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
+ cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'auditDBCred', '-v', PasswordString(xa_audit_db_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True)
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v {ssl_keystore_password!p} -c 1')
- Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
+ cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'sslKeyStore', '-v', PasswordString(ssl_keystore_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True)
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v {ssl_truststore_password!p} -c 1')
- Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
+ cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'sslTrustStore', '-v', PasswordString(ssl_truststore_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True)
File(credential_file,
owner = component_user,
- group = component_group
+ group = component_group,
+ mode = 0640
)
http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index c3008aa..a3aa5bb 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -195,12 +195,13 @@ def do_keystore_setup(rolling_upgrade=False):
)
File(params.ranger_credential_provider_path,
owner = params.unix_user,
- group = params.unix_group
+ group = params.unix_group,
+ mode = 0640
)
if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
jceks_path = params.ranger_credential_provider_path
- cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias, '-v', PasswordString(params.ranger_ambari_db_password), '-c', '1')
+ cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias, '-v', PasswordString(params.ranger_ambari_audit_db_password), '-c', '1')
Execute(cred_setup,
environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home},
logoutput=True,
@@ -209,7 +210,8 @@ def do_keystore_setup(rolling_upgrade=False):
File(params.ranger_credential_provider_path,
owner = params.unix_user,
- group = params.unix_group
+ group = params.unix_group,
+ mode = 0640
)
@@ -253,7 +255,8 @@ def setup_usersync():
File(params.ugsync_jceks_path,
owner = params.unix_user,
- group = params.unix_group
+ group = params.unix_group,
+ mode = 0640
)
File([params.usersync_start, params.usersync_stop],
@@ -277,5 +280,6 @@ def setup_usersync():
File(params.ranger_usersync_keystore_file,
owner = params.unix_user,
- group = params.unix_group
+ group = params.unix_group,
+ mode = 0640
)
http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 8f8be17..d9bb941 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -112,7 +112,8 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password)
File(cred_provider_path,
owner = params.kms_user,
- group = params.kms_group
+ group = params.kms_group,
+ mode = 0640
)
def kms():
@@ -291,7 +292,9 @@ def enable_kms_plugin():
File(params.credential_file,
owner = params.kms_user,
- group = params.kms_group)
+ group = params.kms_group,
+ mode = 0640
+ )
def create_repo(url, data, usernamepassword):