You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/03/13 21:58:10 UTC
[1/3] incubator-ranger git commit: RANGER-302:DBA Privilege
separation in Ranger Installation after hiding password typing (Gautam Borad
via Velmurugan Periasamy)
Repository: incubator-ranger
Updated Branches:
refs/heads/master 23482defe -> 03d1dec38
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/03d1dec3/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
new file mode 100644
index 0000000..9680bfa
--- /dev/null
+++ b/security-admin/scripts/dba_script.py
@@ -0,0 +1,959 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+import os
+import re
+import sys
+import errno
+import shlex
+import logging
+import subprocess
+import fileinput
+import getpass
+from os.path import basename
+from subprocess import Popen,PIPE
+from datetime import date
+globalDict = {}
+
+def check_output(query):
+ p = subprocess.Popen(query, stdout=subprocess.PIPE)
+ output = p.communicate ()[0]
+ return output
+
+def log(msg,type):
+ if type == 'info':
+ logging.info(" %s",msg)
+ if type == 'debug':
+ logging.debug(" %s",msg)
+ if type == 'warning':
+ logging.warning(" %s",msg)
+ if type == 'exception':
+ logging.exception(" %s",msg)
+ if type == 'error':
+ logging.error(" %s",msg)
+'''
+def populate_global_dict():
+ global globalDict
+ read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
+ for each_line in read_config_file.read().split('\n') :
+ if len(each_line) == 0 : continue
+ if re.search('=', each_line):
+ key , value = each_line.strip().split("=",1)
+ key = key.strip()
+
+ if 'PASSWORD' in key:
+ jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
+ statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
+ if statuscode == 1:
+ value = ''
+ value = value.strip()
+ globalDict[key] = value
+'''
+
+class BaseDB(object):
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ log("[I] ---------- Creating user ----------", "info")
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] ---------- Verifying DB connection ----------", "info")
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ log("[I] ---------- Verifying database ----------", "info")
+
+ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ log("[I] ----------------- Create audit user ------------", "info")
+
+
+
+class MysqlConf(BaseDB):
+ # Constructor
+ def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
+ def get_jisql_cmd(self, user, password ,db_name):
+ #TODO: User array for forming command
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
+ return jisql_cmd
+
+ def verify_user(slef, root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] Verifying user " + db_user , "info")
+ query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection..", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"SELECT version();\""
+ output = check_output(shlex.split(query))
+ if output.strip('Production |'):
+ log("[I] Checking connection passed.", "info")
+ return True
+ else:
+ log("[E] Can't establish connection!! Exiting.." ,"error")
+ sys.exit(1)
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ if self.check_connection('mysql', root_user, db_root_password):
+ hosts_arr =["%", "localhost"]
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user + " already exists for host " + host, "info")
+ else:
+ log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
+ if db_password == "":
+ query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed","error")
+ sys.exit(1)
+ else:
+ query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user,host,db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed","error")
+ sys.exit(1)
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed","error")
+ sys.exit(1)
+
+
+ def verify_db(self, root_user, db_root_password, db_name):
+ log("[I] Verifying database " + db_name , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
+
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database "+db_name + " already exists.","info")
+ else:
+ log("[I] Database does not exist! Creating database " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"create database %s;\"" %(db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+
+
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke):
+ hosts_arr =["%", "localhost"]
+ if is_revoke:
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ else:
+ sys.exit(1)
+
+ for host in hosts_arr:
+ log("[I] ---------------Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] ---------------FLUSH PRIVILEGES -------------" , "info")
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
+ else:
+ log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
+ sys.exit(1)
+ else:
+ log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
+ sys.exit(1)
+
+
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ if DBA_MODE == "TRUE" :
+ log("[I] --------- Setup audit user ---------","info")
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
+ hosts_arr =["%", "localhost"]
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
+ query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ else:
+ sys.exit(1)
+ self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False)
+
+
+
+class OracleConf(BaseDB):
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
+ def get_jisql_cmd(self, user, password):
+ #TODO: User array for forming command
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
+ return jisql_cmd
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
+ query = get_cmd + " -c \; -query \"select * from v$version;\""
+ output = check_output(shlex.split(query))
+ if output.strip('Production |'):
+ log("[I] Connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection!", "error")
+ sys.exit(1)
+
+ def verify_user(self, root_user, db_user, db_root_password):
+ log("[I] Verifying user " + db_user ,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ if self.check_connection(self, root_user, db_root_password):
+ if self.verify_user(root_user, db_user, db_root_password):
+ log("[I] Oracle user " + db_user + " already exists!", "info")
+ else:
+ log("[I] User does not exists, Creating user : " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_user, db_root_password):
+ log("[I] User " + db_user + " created", "info")
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
+ else:
+ log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+
+
+ def verify_tablespace(self, root_user, db_root_password, db_name):
+ log("[I] Verifying tablespace " + db_name, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name+' |'):
+ return True
+ else:
+ return False
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_tablespace(root_user, db_root_password, db_name):
+ log("[I] Tablespace " + db_name + " already exists.","info")
+ if self.verify_user(root_user, db_user, db_root_password):
+ get_cmd = self.get_jisql_cmd(db_user ,db_password)
+ query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
+ output = check_output(shlex.split(query)).strip()
+ db_name = db_name.upper() +' |'
+ if output == db_name:
+ log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
+ else:
+ log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error")
+ sys.exit(1)
+ #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False)
+ #return status
+ else:
+ log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_tablespace(root_user, db_root_password, db_name):
+ log("[I] Creating tablespace "+db_name+" succeeded", "info")
+ status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, True)
+ return status
+ else:
+ log("[E] Creating tablespace "+db_name+" failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating tablespace "+db_name+" failed", "error")
+ sys.exit(1)
+
+ def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status):
+ log("[I] Assign default tablespace " +db_name + " to " + db_user, "info")
+ # Assign default tablespace db_name
+ get_cmd = self.get_jisql_cmd(root_user , db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting Oracle user '" + db_user + "' done", "info")
+ return status
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Assigning default tablespace to user '" + db_user + "' failed", "error")
+ sys.exit(1)
+
+
+ def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password):
+ if self.verify_tablespace(audit_db_root_user, audit_db_root_password, audit_db_name):
+ log("[I] Tablespace " + audit_db_name + " already exists.","info")
+ status1 = True
+ else:
+ log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Tablespace creation failed!!","error")
+ sys.exit(1)
+ else:
+ log("[I] Creating tablespace "+ audit_db_name + " succeeded", "info")
+ status1 = True
+
+ if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name):
+ log("[I] Tablespace " + db_name + " already exists.","info")
+ status2 = True
+ else:
+ log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Tablespace creation failed!!","error")
+ sys.exit(1)
+ else:
+ log("[I] Creating tablespace "+ db_name + " succeeded", "info")
+ status2 = True
+
+ if (status1 == True and status2 == True):
+ log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info")
+ # Assign default tablespace db_name
+ get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
+ ret1 = subprocess.check_call(shlex.split(query))
+
+ log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
+ # Assign default tablespace audit_db_name
+ get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
+ ret2 = subprocess.check_call(shlex.split(query))
+
+ if (ret1 == 0 and ret2 == 0):
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ return True
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ return False
+
+
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke):
+ get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granted permission to " + db_user, "info")
+ return True
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+
+
+ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ if DBA_MODE == "TRUE":
+ log("[I] --------- Setup audit user ---------","info")
+ #self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
+ if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
+ log("[I] Oracle admin user " + db_user + " already exists!", "info")
+ else:
+ log("[I] User does not exists, Creating user " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
+ log("[I] User " + db_user + " created", "info")
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
+ else:
+ log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+
+ if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
+ log("[I] Oracle audit user " + audit_db_user + " already exist!", "info")
+ else:
+ log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
+ query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permission to " + audit_db_user + " done", "info")
+ else:
+ log("[E] Granting permission to " + audit_db_user + " failed", "error")
+ sys.exit(1)
+ else:
+ log("[I] Creating audit user " + audit_db_user + " failed!", "info")
+
+ self.create_auditdb(audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password)
+ if DBA_MODE == "TRUE":
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+
+
+class PostgresConf(BaseDB):
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
+
+ def get_jisql_cmd(self, user, password, db_name):
+ #TODO: User array for forming command
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
+ return jisql_cmd
+
+ def verify_user(self, root_user, db_root_password, db_user):
+ log("[I] Verifying user " + db_user , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"SELECT 1;\""
+ output = check_output(shlex.split(query))
+ if output.strip('1 |'):
+ log("[I] connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection", "error")
+ sys.exit(1)
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ if self.check_connection('postgres', root_user, db_root_password):
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] Postgres user " + db_user + " already exists!", "info")
+ else:
+ log("[I] User does not exists, Creating user : " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] Postgres user " + db_user + " created", "info")
+ else:
+ log("[E] Postgres user " +db_user+" creation failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Postgres user " +db_user+" creation failed", "error")
+ sys.exit(1)
+
+
+ def verify_db(self, root_user, db_root_password, db_name):
+ log("[I] Verifying database " + db_name , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
+
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database "+db_name + " already exists.", "info")
+ else:
+ log("[I] Database does not exist! Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+
+
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , True):
+ log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on tables in schema public failed", "error")
+ sys.exit(1)
+
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on schema public failed", "error")
+ sys.exit(1)
+
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on database "+db_name+ " failed", "error")
+ sys.exit(1)
+
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on database "+db_name+ " failed", "error")
+ sys.exit(1)
+ log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
+
+
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ if DBA_MODE == "TRUE":
+ log("[I] --------- Setup audit user ---------","info")
+ self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
+ self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
+
+ if DBA_MODE == "TRUE":
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+
+
+class SqlServerConf(BaseDB):
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
+
+ def get_jisql_cmd(self, user, password, db_name):
+ #TODO: User array for forming command
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
+ return jisql_cmd
+
+ def verify_user(self, root_user, db_root_password, db_user):
+ log("[I] Verifying user " + db_user , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -c \; -query \"SELECT 1;\""
+ output = check_output(shlex.split(query))
+ if output.strip('1 |'):
+ log("[I] Connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection", "error")
+ sys.exit(1)
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ if self.check_connection('msdb', root_user, db_root_password):
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] SQL Server user " + db_user + " already exists!", "info")
+ else:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ log("[I] User does not exists, Creating Login user " + db_user, "info")
+ query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] SQL Server user " + db_user + " created", "info")
+ else:
+ log("[E] SQL Server user " +db_user+" creation failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] SQL Server user " +db_user+" creation failed", "error")
+ sys.exit(1)
+
+
+ def verify_db(self, root_user, db_root_password, db_name):
+ log("[I] Verifying database " + db_name, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database " + db_name + " already exists.","info")
+ else:
+ log("[I] Database does not exist! Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name):
+ self.create_user(root_user, db_name ,db_user, db_password, db_root_password)
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+# self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+
+
+ def create_user(self, root_user, db_name ,db_user, db_password, db_root_password):
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+
+
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, True):
+ log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user)
+# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+
+
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ if DBA_MODE == "TRUE":
+ log("[I] --------- Setup audit user --------- ","info")
+ self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
+ #log("[I] --------- Setup audit user --------- ","info")
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
+ self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, audit_db_user, audit_db_password)
+ self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+
+
+def main():
+ #populate_global_dict()
+
+ FORMAT = '%(asctime)-15s %(message)s'
+ logging.basicConfig(format=FORMAT, level=logging.DEBUG)
+
+ DBA_MODE = 'TRUE'
+
+ #JAVA_BIN=globalDict['JAVA_BIN']
+ if os.environ['JAVA_HOME'] == "":
+ log("[E] --------- JAVA_HOME environment property not defined, aborting installation! ---------", "error")
+ sys.exit(1)
+ JAVA_BIN=os.environ['JAVA_HOME']+'/bin/java'
+ while os.path.isfile(JAVA_BIN) == False:
+ log("Enter java executable path: :","info")
+ JAVA_BIN=raw_input()
+
+ #XA_DB_FLAVOR=globalDict['DB_FLAVOR']
+ #AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
+ XA_DB_FLAVOR=''
+ while XA_DB_FLAVOR == "":
+ log("Enter db flavour{MYSQL|ORACLE|POSTGRES|SQLSERVER} :","info")
+ XA_DB_FLAVOR=raw_input()
+ AUDIT_DB_FLAVOR = XA_DB_FLAVOR
+ XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
+ AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
+
+ CONNECTOR_JAR=''
+ if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "SQLSERVER":
+ log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
+ CONNECTOR_JAR=raw_input()
+ while os.path.isfile(CONNECTOR_JAR) == False:
+ log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=raw_input()
+ else:
+ log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
+ sys.exit(1)
+
+ #xa_db_host = globalDict['db_host']
+ #audit_db_host = globalDict['db_host']
+ xa_db_host=''
+ while xa_db_host == "":
+ log("Enter DB Host :","info")
+ xa_db_host=raw_input()
+ audit_db_host=xa_db_host
+
+ mysql_dbversion_catalog = 'db/mysql/create_dbversion_catalog.sql'
+ #mysql_core_file = globalDict['mysql_core_file']
+ mysql_core_file = 'db/mysql/xa_core_db.sql'
+ #mysql_audit_file = globalDict['mysql_audit_file']
+ mysql_audit_file = 'db/mysql/xa_audit_db.sql'
+ mysql_patches = 'db/mysql/patches'
+
+ oracle_dbversion_catalog = 'db/oracle/create_dbversion_catalog.sql'
+ #oracle_core_file = globalDict['oracle_core_file']
+ oracle_core_file = 'db/oracle/xa_core_db_oracle.sql'
+ #oracle_audit_file = globalDict['oracle_audit_file']
+ oracle_audit_file = 'db/oracle/xa_audit_db_oracle.sql'
+ oracle_patches = 'db/oracle/patches'
+
+ postgres_dbversion_catalog = 'db/postgres/create_dbversion_catalog.sql'
+ #postgres_core_file = globalDict['postgres_core_file']
+ postgres_core_file = 'db/postgres/xa_core_db_postgres.sql'
+ #postgres_audit_file = globalDict['postgres_audit_file']
+ postgres_audit_file = 'db/postgres/xa_audit_db_postgres.sql'
+ postgres_patches = 'db/postgres/patches'
+
+ sqlserver_dbversion_catalog = 'db/sqlserver/create_dbversion_catalog.sql'
+ #sqlserver_core_file = globalDict['sqlserver_core_file']
+ sqlserver_core_file = 'db/sqlserver/xa_core_db_sqlserver.sql'
+ #sqlserver_audit_file = globalDict['sqlserver_audit_file']
+ sqlserver_audit_file = 'db/sqlserver/xa_audit_db_sqlserver.sql'
+ sqlserver_patches = 'db/sqlserver/patches'
+
+ #db_name = globalDict['db_name']
+ #db_user = globalDict['db_user']
+ #db_password = globalDict['db_password']
+ #xa_db_root_user = globalDict['db_root_user']
+ #xa_db_root_password = globalDict['db_root_password']
+
+ xa_db_root_user=''
+ while xa_db_root_user == "":
+ log("Enter db root user:","info")
+ xa_db_root_user=raw_input()
+
+ log("Enter db root password:","info")
+ xa_db_root_password = getpass.getpass("Enter db root password:")
+
+ db_name = ''
+ while db_name == "":
+ log("Enter DB Name :","info")
+ db_name=raw_input()
+
+ db_user=''
+ while db_user == "":
+ log("Enter db user name:","info")
+ db_user=raw_input()
+
+ db_password=''
+ while db_password == "":
+ log("Enter db user password:","info")
+ db_password = getpass.getpass("Enter db user password:")
+
+
+ x_db_version = 'x_db_version_h'
+ xa_access_audit = 'xa_access_audit'
+ x_user = 'x_portal_user'
+
+ #audit_db_name = globalDict['audit_db_name']
+ #audit_db_user = globalDict['audit_db_user']
+ #audit_db_password = globalDict['audit_db_password']
+ #audit_db_root_user = globalDict['db_root_user']
+ #audit_db_root_password = globalDict['db_root_password']
+ #print "Enter audit_db_root_password :"
+ audit_db_name=''
+ while audit_db_name == "":
+ log("Enter audit db name:","info")
+ audit_db_name = raw_input()
+
+ audit_db_user=''
+ while audit_db_user == "":
+ log("Enter audit user name:","info")
+ audit_db_user = raw_input()
+
+ audit_db_password=''
+ while audit_db_password == "":
+ log("Enter audit db user password:","info")
+ audit_db_password = getpass.getpass("Enter audit db user password:")
+
+ audit_db_root_user = xa_db_root_user
+ audit_db_root_password = xa_db_root_password
+# log("Enter audit db root user:","info")
+# audit_db_root_user = raw_input()
+# log("Enter db root password:","info")
+# xa_db_root_password = raw_input()
+
+ if XA_DB_FLAVOR == "MYSQL":
+ #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
+ #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
+ MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
+ xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN)
+ xa_db_version_file = os.path.join(os.getcwd(),mysql_dbversion_catalog)
+ xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file)
+ xa_patch_file = os.path.join(os.getcwd(),mysql_patches)
+
+ elif XA_DB_FLAVOR == "ORACLE":
+# ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
+ #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
+ ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
+ xa_db_root_user = xa_db_root_user+" AS SYSDBA"
+ xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
+ xa_db_version_file = os.path.join(os.getcwd(),oracle_dbversion_catalog)
+ xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file)
+ xa_patch_file = os.path.join(os.getcwd(),oracle_patches)
+
+ elif XA_DB_FLAVOR == "POSTGRES":
+# POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
+ POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
+ xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
+ xa_db_version_file = os.path.join(os.getcwd(),postgres_dbversion_catalog)
+ xa_db_core_file = os.path.join(os.getcwd(),postgres_core_file)
+ xa_patch_file = os.path.join(os.getcwd(),postgres_patches)
+
+ elif XA_DB_FLAVOR == "SQLSERVER":
+# SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
+ SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
+ xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
+ xa_db_version_file = os.path.join(os.getcwd(),sqlserver_dbversion_catalog)
+ xa_db_core_file = os.path.join(os.getcwd(),sqlserver_core_file)
+ xa_patch_file = os.path.join(os.getcwd(),sqlserver_patches)
+ else:
+ log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
+ sys.exit(1)
+
+ if AUDIT_DB_FLAVOR == "MYSQL":
+# MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
+ #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
+ MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
+ audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN)
+ audit_db_file = os.path.join(os.getcwd(),mysql_audit_file)
+
+ elif AUDIT_DB_FLAVOR == "ORACLE":
+ #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
+ #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
+ ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
+ audit_db_root_user = audit_db_root_user+" AS SYSDBA"
+ audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
+ audit_db_file = os.path.join(os.getcwd(),oracle_audit_file)
+
+ elif AUDIT_DB_FLAVOR == "POSTGRES":
+ #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
+ POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
+ audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
+ audit_db_file = os.path.join(os.getcwd(),postgres_audit_file)
+
+ elif AUDIT_DB_FLAVOR == "SQLSERVER":
+ #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
+ SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
+ audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
+ audit_db_file = os.path.join(os.getcwd(),sqlserver_audit_file)
+ else:
+ log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
+ sys.exit(1)
+
+ # Methods Begin
+ if DBA_MODE == "TRUE" :
+ log("[I] --------- Creating Ranger Admin db user --------- ","info")
+ xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password)
+ log("[I] --------- Creating Ranger Admin database ---------","info")
+ xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password)
+ log("[I] --------- Granting permission to Ranger Admin db user ---------","info")
+ xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, True)
+
+ # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
+ log("[I] --------- Verifying/Creating audit user --------- ","info")
+ audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE)
+ log("[I] --------- Ranger Policy Manager DB and User Creation Process Completed.. --------- ","info")
+main()
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/03d1dec3/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index b9bcb20..03d09eb 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -18,10 +18,9 @@
#
#------------------------- DB CONFIG - BEGIN ----------------------------------
-PYTHON_COMMAND_INVOKER='python'
+PYTHON_COMMAND_INVOKER=python
-#DB_FLAVOR=ORACLE
-#DB_FLAVOR=MYSQL
+#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|SQLSERVER
DB_FLAVOR=MYSQL
#
# The executable path to be used to invoke command-line MYSQL
@@ -35,6 +34,8 @@ SQL_COMMAND_INVOKER='mysql'
#
#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar
SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
@@ -45,14 +46,13 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
# ** it will be prompted to enter the password during installation process
# **************************************************************************
#
-#db_root_user=root
-#db_root_user=SYS
+#db_root_user=root|SYS|postgres|sa
db_root_user=root
db_root_password=
db_host=localhost
#
-# DB UserId used for the XASecure schema
+# DB UserId used for the Ranger schema
#
db_name=ranger
db_user=rangeradmin
@@ -61,8 +61,8 @@ db_password=
#
# DB UserId for storing auditlog infromation
#
-# * audit_db can be same as the XASecure schema db
-# * audit_db must exists in the same ${db_host} as xaserver database ${db_name}
+# * audit_db can be same as the Ranger schema db
+# * audit_db must exists in the same ${db_host} as Ranger database ${db_name}
# * audit_user must be a different user than db_user (as audit user has access to only audit tables)
#
audit_db_name=ranger_audit
@@ -97,10 +97,10 @@ unix_group=ranger
# UNIX authentication service for Policy Manager
#
# PolicyManager can authenticate using UNIX username/password
-# The UNIX server specified here as authServiceHostName needs to be installed with xasecure-unix-ugsync package.
+# The UNIX server specified here as authServiceHostName needs to be installed with ranger-unix-ugsync package.
# Once the service is installed on authServiceHostName, the UNIX username/password from the host <authServiceHostName> can be used to login into policy manager
#
-# ** The installation of xasecure-unix-ugsync package can be installed after the policymanager installation is finished.
+# ** The installation of ranger-unix-ugsync package can be installed after the policymanager installation is finished.
#
#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
authentication_method=NONE
@@ -112,7 +112,7 @@ authServicePort=5151
#
# Sample Settings
#
-#xa_ldap_url="ldap://71.127.43.33:389"
+#xa_ldap_url="ldap://127.0.0.1:389"
#xa_ldap_userDNpattern="uid={0},ou=users,dc=xasecure,dc=net"
#xa_ldap_groupSearchBase="ou=groups,dc=xasecure,dc=net"
#xa_ldap_groupSearchFilter="(member=uid={0},ou=users,dc=xasecure,dc=net)"
@@ -129,7 +129,7 @@ xa_ldap_groupRoleAttribute=
# Sample Settings
#
#xa_ldap_ad_domain="xasecure.net"
-#xa_ldap_ad_url="ldap://ad.xasecure.net:389"
+#xa_ldap_ad_url="ldap://127.0.0.1:389"
xa_ldap_ad_domain=
xa_ldap_ad_url=
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/03d1dec3/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 85892ce..6c992f7 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -17,7 +17,7 @@
#
# Ranger Admin Setup Script
#
-# This script will install policymanager webapplication under tomcat and also, initialize the database with xasecure users/tables.
+# This script will install policymanager webapplication under tomcat and also, initialize the database with ranger users/tables.
PROPFILE=$PWD/install.properties
propertyValue=''
@@ -419,7 +419,7 @@ check_db_user_password() {
then
log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
fi
- printf "Please enter password for the XASecure schema owner (${muser}): "
+ printf "Please enter password for the Ranger schema owner (${muser}): "
trap 'stty echo; exit 1' 2 3 15
stty -echo
read db_password
@@ -444,7 +444,7 @@ check_audit_user_password() {
then
log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
fi
- printf "Please enter password for the XASecure Audit Table owner (${muser}): "
+ printf "Please enter password for the Ranger Audit Table owner (${muser}): "
trap 'stty echo; exit 1' 2 3 15
stty -echo
read audit_db_password
@@ -1377,7 +1377,7 @@ execute_java_patches(){
fi
}
init_logfiles
-log " --------- Running XASecure PolicyManager Web Application Install Script --------- "
+log " --------- Running Ranger PolicyManager Web Application Install Script --------- "
log "[I] uname=`uname`"
log "[I] hostname=`hostname`"
init_variables
@@ -1396,8 +1396,12 @@ copy_db_connector
#create_audit_db_user
check_python_command
$PYTHON_COMMAND_INVOKER db_setup.py
+if [ "$?" == "0" ]
+then
update_properties
do_authentication_setup
execute_java_patches
-
-echo "Installation of XASecure PolicyManager Web Application is completed."
+else
+ exit 1
+fi
+echo "Installation of Ranger PolicyManager Web Application is completed."
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/03d1dec3/src/main/assembly/admin-web.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml
index 4a788e9..6988492 100644
--- a/src/main/assembly/admin-web.xml
+++ b/src/main/assembly/admin-web.xml
@@ -171,6 +171,7 @@
<include>setup_authentication.sh</include>
<include>set_globals.sh</include>
<include>db_setup.py</include>
+ <include>dba_script.py</include>
</includes>
<fileMode>544</fileMode>
</fileSet>
[3/3] incubator-ranger git commit: RANGER-302:DBA Privilege
separation in Ranger Installation after hiding password typing (Gautam Borad
via Velmurugan Periasamy)
Posted by ve...@apache.org.
RANGER-302:DBA Privilege separation in Ranger Installation after hiding password typing (Gautam Borad via Velmurugan Periasamy)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/03d1dec3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/03d1dec3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/03d1dec3
Branch: refs/heads/master
Commit: 03d1dec3800c554b36fa897c0c679c3b352af617
Parents: 23482de
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Fri Mar 13 16:57:20 2015 -0400
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Mar 13 16:57:20 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/db_setup.py | 1583 +++++++++++++-----------
security-admin/scripts/dba_script.py | 959 ++++++++++++++
security-admin/scripts/install.properties | 24 +-
security-admin/scripts/setup.sh | 16 +-
src/main/assembly/admin-web.xml | 1 +
5 files changed, 1868 insertions(+), 715 deletions(-)
----------------------------------------------------------------------
[2/3] incubator-ranger git commit: RANGER-302:DBA Privilege
separation in Ranger Installation after hiding password typing (Gautam Borad
via Velmurugan Periasamy)
Posted by ve...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/03d1dec3/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 1f05589..aa9d73e 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -21,7 +21,7 @@ import logging
import subprocess
import fileinput
from os.path import basename
-#import commands
+from subprocess import Popen,PIPE
from datetime import date
globalDict = {}
@@ -29,7 +29,7 @@ def check_output(query):
p = subprocess.Popen(query, stdout=subprocess.PIPE)
output = p.communicate ()[0]
return output
-
+
def log(msg,type):
if type == 'info':
logging.info(" %s",msg)
@@ -39,64 +39,65 @@ def log(msg,type):
logging.warning(" %s",msg)
if type == 'exception':
logging.exception(" %s",msg)
+ if type == 'error':
+ logging.error(" %s",msg)
-#'''
def populate_global_dict():
- global globalDict
- #RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
- read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
- #library_path = os.path.join(RANGER_ADMIN_HOME,"cred","lib","*")
- for each_line in read_config_file.read().split('\n') :
- if len(each_line) == 0 : continue
- if re.search('=', each_line):
- key , value = each_line.strip().split("=",1)
- key = key.strip()
-
- if 'PASSWORD' in key:
- jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
- statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
- if statuscode == 1:
- value = ''
- value = value.strip()
- globalDict[key] = value
-#'''
-#----------------------------------------------
-class BaseDB(object):
+ global globalDict
+ read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
+ for each_line in read_config_file.read().split('\n') :
+ if len(each_line) == 0 : continue
+ if re.search('=', each_line):
+ key , value = each_line.strip().split("=",1)
+ key = key.strip()
+
+ if 'PASSWORD' in key:
+ jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
+ statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
+ if statuscode == 1:
+ value = ''
+ value = value.strip()
+ globalDict[key] = value
- def init_logfiles(self):
- FORMAT = '%(asctime)-15s %(message)s'
- logging.basicConfig(format=FORMAT, level=logging.DEBUG)
+
+class BaseDB(object):
def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- log("---------- Creating User ----------", "info")
+ log("[I] ---------- Creating user ----------", "info")
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] ---------- Verifying DB connection ----------", "info")
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ log("[I] ---------- Verifying database ----------", "info")
+
+ def check_table(self, db_name, db_user, db_password, TABLE_NAME):
+ log("[I] ---------- Verifying table ----------", "info")
- def check_table(self, db_name, root_user, db_root_password, TABLE_NAME):
- log("---------- Verifying table ----------", "info")
- def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name):
- log("---------- Importing db schema ----------", "info")
+ def import_db_file(self, db_name, db_user, db_password, file_name):
+ log("[I] ---------- Importing db schema ----------", "info")
- def upgrade_db(self, db_name, root_user, db_user, db_password, db_root_password, DBVERSION_CATALOG_CREATION):
- log("\nCreating Baseline DB upgrade ... \n", "debug")
- self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, DBVERSION_CATALOG_CREATION)
- log("\nBaseline DB upgraded successfully\n", "info")
+ def upgrade_db(self, db_name, db_user, db_password, DBVERSION_CATALOG_CREATION):
+ self.import_db_file(db_name, db_user, db_password, DBVERSION_CATALOG_CREATION)
+ log("[I] Baseline DB upgraded successfully", "info")
- def apply_patches(self, db_name, root_user, db_user, db_password ,db_root_password, PATCHES_PATH):
+ def apply_patches(self, db_name, db_user, db_password, PATCHES_PATH):
#first get all patches and then apply each patch
if not os.path.exists(PATCHES_PATH):
- log("No Patches to apply.","info")
+ log("[I] No patches to apply!","info")
else:
- files = os.listdir(PATCHES_PATH)
# files: coming from os.listdir() sorted alphabetically, thus not numerically
+ files = os.listdir(PATCHES_PATH)
if files:
sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
for filename in sorted_files:
currentPatch = PATCHES_PATH + "/"+filename
- self.import_db_patches(db_name, root_user, db_user, db_password ,db_root_password, currentPatch)
+ self.import_db_patches(db_name, db_user, db_password, currentPatch)
else:
- log("No Patches to apply.","info")
-
- def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name , TABLE_NAME):
- log("----------------- Create Audit User ------------", "info")
+ log("[I] No patches to apply!","info")
+
+ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME):
+ log("[I] ----------------- Create audit user ------------", "info")
@@ -106,80 +107,111 @@ class MysqlConf(BaseDB):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
- BaseDB.init_logfiles(self)
def get_jisql_cmd(self, user, password ,db_name):
#TODO: User array for forming command
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
return jisql_cmd
-
+ def verify_user(slef, root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] Verifying user " + db_user , "info")
+ query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection..", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"SELECT version();\""
+ output = check_output(shlex.split(query))
+ if output.strip('Production |'):
+ log("[I] Checking connection passed.", "info")
+ return True
+ else:
+ log("[E] Can't establish connection!! Exiting.." ,"error")
+ sys.exit(1)
+
def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password ,'mysql')
- query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- log( "\nMYSQL User: " + db_user + " already exists!", "debug")
- else:
- log("User does not exists", "info")
- if db_password == "":
- log ("Creating MySQL user: "+ db_user +" with DB password blank\n", "info")
- query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- log("Mysql user " + db_user +" created","info")
- else:
- log("Creating Mysql user " + db_user +" Failed","info")
- sys.exit(1)
+ if self.check_connection('mysql', root_user, db_root_password):
+ hosts_arr =["%", "localhost"]
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user + " already exists for host " + host, "info")
else:
- log ("Creating MySQL user: "+ db_user +" with DB password\n", "info")
- query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("Mysql user " + db_user +" created","info")
+ log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
+ if db_password == "":
+ query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed","error")
+ sys.exit(1)
else:
- log("Creating Mysql user " + db_user +" Failed","info")
- sys.exit(1)
+ query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed","error")
+ sys.exit(1)
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed","error")
+ sys.exit(1)
- def verify_db(self, root_user, db_root_password, db_name):
- log("\nVerifying Database: " + db_name + "\n", "debug")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
- output = check_output(shlex.split(query))
- if output.strip(db_name + " |"):
- return True
- else:
- return False
-
-
- def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name):
- log ("\nImporting db schema to Database: " + db_name,"debug");
- if self.verify_db(root_user, db_root_password, db_name):
- log("\nDatabase: "+db_name + " already exists. Ignoring import_db\n","info")
- else:
- log("\nDatabase does not exist. Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"create database %s;\"" %(db_name)
+
+ def verify_db(self, root_user, db_root_password, db_name):
+ log("[I] Verifying database " + db_name , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
+
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database "+db_name + " already exists.","info")
+ else:
+ log("[I] Database does not exist! Creating database " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"create database %s;\"" %(db_name)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log("\nDatabase creation failed!!\n","info")
+ log("[E] Database creation failed!!","error")
sys.exit(1)
- else:
+ else:
if self.verify_db(root_user, db_root_password, db_name):
- log("Creating database: " + db_name + " succeeded", "info")
- self.import_db_file(db_name, root_user , db_user, db_password, db_root_password, file_name)
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
else:
- log("\nDatabase creation failed!!\n","info")
+ log("[E] Database creation failed!!","error")
sys.exit(1)
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke):
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke):
hosts_arr =["%", "localhost"]
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user + " exists for host " + host, "info")
+ else:
+ log("[I] MySQL user " + db_user + " does not exists for host " + host, "error")
+ sys.exit(E)
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database "+db_name + " exists!","info")
+ else:
+ log("[I] Database "+db_name + " does not exists!","error")
+ sys.exit(E)
+
if is_revoke:
for host in hosts_arr:
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
@@ -192,25 +224,25 @@ class MysqlConf(BaseDB):
sys.exit(1)
else:
sys.exit(1)
-
+
for host in hosts_arr:
- log ("---------------GRANTING PRIVILEGES TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info")
+ log("[I] ---------------Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log ("---------------FLUSH PRIVILEGES -------------" , "info")
+ log("[I] ---------------FLUSH PRIVILEGES -------------" , "info")
query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("Privileges granted to '" + db_user + "' on '"+db_name+"'\n", "info")
+ log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
else:
- log("Granting privileges to '" +db_user+"' FAILED on '"+db_name+"'\n", "info")
+ log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
sys.exit(1)
else:
- log("\nGranting privileges to '" +db_user+"' FAILED on '"+db_name+"'\n", "info")
+ log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
sys.exit(1)
-
+
def grant_audit_db_user(self, audit_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke):
hosts_arr =["%", "localhost"]
@@ -226,9 +258,9 @@ class MysqlConf(BaseDB):
sys.exit(1)
else:
sys.exit(1)
-
+
for host in hosts_arr:
- log ("---------------GRANTING PRIVILEGES TO '"+ audit_db_user + "' on '" + audit_db_name+"'-------------" , "info")
+ log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on '" + audit_db_name+"'-------------" , "info")
get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql')
query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host)
ret = subprocess.check_call(shlex.split(query))
@@ -237,178 +269,172 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("Granting privileges to '" + audit_db_user+"' Done on '"+ audit_db_name+"'\n", "info")
+ log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info")
else:
- log("Granting privileges to '" +audit_db_user+"' Failed on '" + audit_db_name+"'\n", "info")
+ log("[E] Granting privileges to '" +audit_db_user+"' failed on '" + audit_db_name+"'", "error")
sys.exit(1)
else:
- log("\nGranting privileges to '" + audit_db_user+"' Failed on '" + audit_db_name+"'\n", "info")
+ log("[E] Granting privileges to '" + audit_db_user+"' failed on '" + audit_db_name+"'", "error")
sys.exit(1)
-
- def import_db_file(self, db_name, root_user, db_user, db_password, db_root_password, file_name):
+
+ def import_db_file(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
- log("Importing db schema to database : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
+ log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
query = get_cmd + " -input %s" %file_name
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log(name + " DB schema imported successfully\n","info")
+ log("[I] "+name + " DB schema imported successfully","info")
else:
- log(name + " DB Schema import failed!\n","info")
+ log("[E] "+name + " DB schema import failed!","error")
sys.exit(1)
else:
- log("\nDB Schema file " + name+ " not found\n","exception")
- sys.exit(1)
+ log("[E] DB schema file " + name+ " not found","error")
+ sys.exit(1)
+
- def import_db_patches(self, db_name, root_user, db_user, db_password, db_root_password, file_name):
+ def import_db_patches(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
- log("Executing patch on : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
+ log("[I] Executing patch on " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
output = check_output(shlex.split(query))
if output.strip(version + " |"):
- log("Patch "+ name +" is already Applied" ,"info")
+ log("[I] Patch "+ name +" is already applied" ,"info")
else:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
query = get_cmd + " -input %s" %file_name
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log(name + " Patch Applied\n","info")
+ log("[I] "+name + " patch applied","info")
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\"" %(version)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("Patch version updated", "info")
- else:
- log("Updating Patch version failed", "info")
- sys.exit(1)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Patch version updated", "info")
+ else:
+ log("[E] Updating patch version failed", "error")
+ sys.exit(1)
else:
- log(name + "\n Import failed!\n","info")
+ log("[E] "+name + " import failed!","error")
sys.exit(1)
else:
- log("\nImport " +name + " file not found\n","exception")
- sys.exit(1)
-
-
- def check_table(self, db_name, root_user, db_root_password, TABLE_NAME):
- if self.verify_db(root_user, db_root_password, db_name):
- log("Verifying table " + TABLE_NAME +" in database " + db_name, "debug")
-
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME)
- output = check_output(shlex.split(query))
- if output.strip(TABLE_NAME + " |"):
- log("Table " + TABLE_NAME +" already exists in database " + db_name + "\n","info")
- return True
- else:
- log("Table " + TABLE_NAME +" does not exist in database " + db_name + "\n","info")
- return False
- else:
- log("Database " + db_name +" does not exist\n","info")
- return False
+ log("[I] Import " +name + " file not found","error")
+ sys.exit(1)
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name , TABLE_NAME):
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
- query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(audit_db_user,host)
- output = check_output(shlex.split(query))
- if output.strip(audit_db_user + " |"):
- log( "\nMYSQL User: " + audit_db_user + " already exists!", "debug")
- else:
- log("User does not exists", "info")
- if audit_db_password == "":
- log ("Creating MySQL user: "+ audit_db_user +" with DB password blank\n", "info")
- query = get_cmd + " -query \" create user '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- else:
- log ("Creating MySQL user: "+ audit_db_user +" with DB password\n", "info")
- query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(audit_db_user,host,audit_db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log( "\nMYSQL User: " + audit_db_user + " Created", "info")
- else:
- sys.exit(1)
+ def check_table(self, db_name, db_user, db_password, TABLE_NAME):
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME)
+ output = check_output(shlex.split(query))
+ if output.strip(TABLE_NAME + " |"):
+ log("[I] Table " + TABLE_NAME +" already exists in database '" + db_name + "'","info")
+ return True
+ else:
+ log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name + "","info")
+ return False
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
+ if DBA_MODE == "TRUE" :
+ log("[I] --------- Setup audit user ---------","info")
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
+ hosts_arr =["%", "localhost"]
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
+ query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
ret = subprocess.check_call(shlex.split(query))
- else:
- sys.exit(1)
-
- log("\n--------- Check audit table exists --------- \n","info")
- output = self.check_table(audit_db_name,audit_db_root_user,audit_db_root_password,TABLE_NAME)
+ if ret == 0:
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ else:
+ sys.exit(1)
+ self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False)
+
+ log("[I] --------- Check admin user connection ---------","info")
+ self.check_connection(audit_db_name, db_user, db_password)
+ #log("[I] --------- Check audit user connection ---------","info")
+ #self.check_connection(audit_db_name, audit_db_user, audit_db_password)
+ log("[I] --------- Check audit table exists --------- ","info")
+ output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == False:
- self.import_file_to_db(audit_db_root_user, audit_db_name ,audit_db_user, audit_db_password, audit_db_root_password, file_name)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False)
- if audit_db_user == db_user:
- is_revoke = False
- else:
- is_revoke = True
- self.grant_audit_db_user(audit_db_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke)
-
+ self.import_db_file(audit_db_name ,db_user, db_password, file_name)
+ if DBA_MODE == "TRUE":
+ if audit_db_user == db_user:
+ is_revoke = False
+ else:
+ is_revoke = True
+ self.grant_audit_db_user(audit_db_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke)
class OracleConf(BaseDB):
# Constructor
- def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
- BaseDB.init_logfiles(self)
def get_jisql_cmd(self, user, password):
#TODO: User array for forming command
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host, user, password)
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
return jisql_cmd
-
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"select username from all_users where UPPER(username)=UPPER('%s');\"" %(db_user)
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
+ query = get_cmd + " -c \; -query \"select * from v$version;\""
output = check_output(shlex.split(query))
- if output.strip(db_user+" |"):
- log( "Oracle User: " + db_user + " already exists!", "debug")
+ if output.strip('Production |'):
+ log("[I] Connection success", "info")
+ return True
else:
- log("User does not exists, Creating User : " + db_user, "info")
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -c \; -query \"select username from all_users where UPPER(username)=UPPER('%s');\"" %(db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user+" |"):
- log("Granting Permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("\nGranting permissions to oracle user '" + db_user + "' for %s DONE\n" %(self.host), "info")
- else:
- log("\nGranting permissions to oracle user '" + db_user + "' FAILED\n", "info")
- sys.exit(1)
- else:
- log("\nCreating ORACLE user '" + db_user + "' FAILED\n", "info")
- sys.exit(1)
-
+ log("[E] Can't establish connection!", "error")
+ sys.exit(1)
def verify_user(self, root_user, db_user, db_root_password):
- log("Verifying User: " + db_user +"\n","debug")
+ log("[I] Verifying user " + db_user ,"info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"select count(*) from all_users where upper(username)=upper('%s');\"" %(db_user)
+ query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
output = check_output(shlex.split(query))
- if output.strip(db_user+" |"):
+ if output.strip(db_user + " |"):
return True
else:
return False
-
- def verify_tablespace(self, root_user,db_user, db_root_password, db_name):
- log("Verifying Tablespace: " + db_name+"\n","debug")
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ if self.check_connection(self, root_user, db_root_password):
+ if self.verify_user(root_user, db_user, db_root_password):
+ log("[I] Oracle user " + db_user + " already exists!", "info")
+ else:
+ log("[I] User does not exists, Creating user : " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_user, db_root_password):
+ log("[I] User " + db_user + " created", "info")
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
+ else:
+ log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+
+ def verify_tablespace(self, root_user, db_root_password, db_name):
+ log("[I] Verifying tablespace " + db_name, "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
output = check_output(shlex.split(query))
@@ -417,613 +443,763 @@ class OracleConf(BaseDB):
else:
return False
-
- def import_file_to_db(self, root_user ,db_name, db_user, db_password, db_root_password,file_name):
- #Verifying Users
- if self.verify_user(root_user,db_user, db_root_password):
- log("User : " +db_user + " already exists.", "info")
- else:
- log("User does not exist " + db_user, "info")
- sys.exit(1)
-
- if self.verify_tablespace(root_user, db_user, db_root_password, db_name):
- log("Tablespace " + db_name + " already exists.","info")
- if re.search('xa_core_db' , file_name):
- status = False
- else:
- status = True
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_tablespace(root_user, db_root_password, db_name):
+ log("[I] Tablespace " + db_name + " already exists.","info")
+ if self.verify_user(root_user, db_user, db_root_password):
+ get_cmd = self.get_jisql_cmd(db_user ,db_password)
+ query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
+ output = check_output(shlex.split(query)).strip()
+ db_name = db_name.upper() +' |'
+ if output == db_name:
+ log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
+ else:
+ log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error")
+ sys.exit(1)
+ #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False)
+ #return status
else:
- log("Tablespace does not exist. Creating Tablespace: " + db_name,"info")
+ log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("Tablespace creation failed!!\n","exception" )
- sys.exit(1)
- else:
- log("Creating Tablespace "+db_name+" succeeded", "info")
- status = self.verify_tablespace(root_user, db_user, db_root_password, db_name)
- if status == False:
+ if ret == 0:
+ if self.verify_tablespace(root_user, db_root_password, db_name):
+ log("[I] Creating tablespace "+db_name+" succeeded", "info")
+ status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, True)
+ return status
+ else:
+ log("[E] Creating tablespace "+db_name+" failed", "error")
sys.exit(1)
+ else:
+ log("[E] Creating tablespace "+db_name+" failed", "error")
+ sys.exit(1)
- if status == True:
- log("ASSIGN DEFAULT Tablespace :" +db_name , "info")
- # ASSIGN DEFAULT Tablespace db_name
- get_cmd = self.get_jisql_cmd(root_user , db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
+ def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status):
+ log("[I] Assign default tablespace " +db_name + " to " + db_user, "info")
+ # Assign default tablespace db_name
+ get_cmd = self.get_jisql_cmd(root_user , db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("Granting Permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- self.import_db_file(db_name, root_user ,db_user, db_password, db_root_password ,file_name)
- return True
- else:
- log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info")
- sys.exit(1)
+ log("[I] Granting Oracle user '" + db_user + "' done", "info")
+ return status
else:
- return False
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Assigning default tablespace to user '" + db_user + "' failed", "error")
+ sys.exit(1)
+
- def import_audit_file_to_db(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME):
+ def import_audit_file_to_db(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME):
#Verifying Users
if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
- log("User : " +db_user + " already exists.", "info")
+ log("[I] User " +db_user + " already exists.", "info")
else:
- log("User does not exist " + db_user, "info")
+ log("[E] User does not exist " + db_user, "error")
sys.exit(1)
if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
- log("User : " +audit_db_user + " already exists.", "info")
+ log("[I] User " +audit_db_user + " already exists.", "info")
else:
- log("User does not exist " + audit_db_user, "info")
+ log("[E] User does not exist " + audit_db_user, "error")
sys.exit(1)
- if self.verify_tablespace(audit_db_root_user, db_user, audit_db_root_password, audit_db_name):
- log("\nTablespace " + audit_db_name + " already exists.","info")
+ if self.verify_tablespace(audit_db_root_user, audit_db_root_password, audit_db_name):
+ log("[I] Tablespace " + audit_db_name + " already exists.","info")
status1 = True
else:
- log("\nTablespace does not exist. Creating Tablespace: \n" + audit_db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log("\nTablespace creation failed!!\n","info")
- sys.exit(1)
- else:
- log("Creating Tablespace "+ audit_db_name + " succeeded", "info")
+ log("[E] Tablespace creation failed!!","error")
+ sys.exit(1)
+ else:
+ log("[I] Creating tablespace "+ audit_db_name + " succeeded", "info")
status1 = True
- if self.verify_tablespace(audit_db_root_user, db_user, audit_db_root_password, db_name):
- log("Tablespace " + db_name + " already exists.","info")
+ if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name):
+ log("[I] Tablespace " + db_name + " already exists.","info")
status2 = True
else:
- log("Tablespace does not exist. Creating Tablespace: " + db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log("\nTablespace creation failed!!\n","info")
- sys.exit(1)
- else:
- log("Creating Tablespace "+ db_name + " succeeded", "info")
+ log("[E] Tablespace creation failed!!","error")
+ sys.exit(1)
+ else:
+ log("[I] Creating tablespace "+ db_name + " succeeded", "info")
status2 = True
if (status1 == True and status2 == True):
- log("ASSIGN DEFAULT Tablespace :" + db_name , "info")
- # ASSIGN DEFAULT Tablespace db_name
+ log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info")
+ # Assign default tablespace db_name
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
ret1 = subprocess.check_call(shlex.split(query))
- log("ASSIGN DEFAULT Tablespace :" + audit_db_name , "info")
- # ASSIGN DEFAULT Tablespace db_name
+ log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
+ # Assign default tablespace audit_db_name
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
ret2 = subprocess.check_call(shlex.split(query))
if (ret1 == 0 and ret2 == 0):
- log("Granting Permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
-
- if self.check_table(db_name, audit_db_root_user, audit_db_root_password, TABLE_NAME):
- log("Table exists " + TABLE_NAME +" in tablespace " + db_name ,"info")
- else:
- self.import_db_file(audit_db_name, audit_db_root_user ,db_user, db_password, audit_db_root_password ,file_name)
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- query = get_cmd + " -c \; -query 'GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;'" % (db_user,audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
return True
else:
- log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info")
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
sys.exit(1)
else:
return False
-
-
+
+
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke):
- log("Granting Permission to " + db_user, "info")
- get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
+ if self.verify_user(root_user, db_user, db_root_password):
+ pass
+ else:
+ log("[E] User does not exist " + db_user, "error")
+ sys.exit(1)
+ if self.verify_tablespace(root_user, db_root_password, db_name):
+ pass
+ else:
+ log("[E] Tablespace " + db_name + " does not exists.","error")
+ sys.exit(1)
+
+ get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granted permission to " + db_user, "info")
return True
- else:
- log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info")
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
sys.exit(1)
def grant_audit_db_user(self, audit_db_root_user, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password, audit_db_root_password):
- log("Granting Permission to " + db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granted permission to " + db_user, "info")
return True
- else:
- log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info")
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed", "error")
sys.exit(1)
-
- def import_db_file(self, db_name, root_user ,db_user, db_password, db_root_password,file_name):
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ query = get_cmd + " -c \; -query 'GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;'" % (db_user,audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+
+
+ def import_db_file(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
- if os.path.isfile(file_name):
- log("Importing script : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(db_user, db_password)
- query = get_cmd + " -input %s -c \;" %file_name
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log(name + " Imported successfully\n","info")
- else:
- log(name + " Import failed!\n","info")
- sys.exit(1)
- else:
- log("\nImport " +name + " sql file not found\n","debug")
- sys.exit(1)
-
- def import_db_patches(self, db_name, root_user, db_user, db_password, db_root_password,file_name):
- if os.path.isfile(file_name):
+ if os.path.isfile(file_name):
+ log("[I] Importing script " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
+ query = get_cmd + " -input %s -c \;" %file_name
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] "+name + " imported successfully","info")
+ else:
+ log("[E] "+name + " import failed!","error")
+ sys.exit(1)
+ else:
+ log("[E] Import " +name + " sql file not found","error")
+ sys.exit(1)
+
+ def import_db_patches(self, db_name, db_user, db_password, file_name):
+ if os.path.isfile(file_name):
name = basename(file_name)
version = name.split('-')[0]
- log("Executing patch on : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(db_user, db_password)
+ log("[I] Executing patch on " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
output = check_output(shlex.split(query))
if output.strip(version +" |"):
- log("Patch "+ name +" is already Applied" ,"info")
+ log("[I] Patch "+ name +" is already applied" ,"info")
else:
get_cmd = self.get_jisql_cmd(db_user, db_password)
query = get_cmd + " -input %s -c /" %file_name
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log(name + " Patch Applied\n","info")
+ log("[I] "+name + " patch applied","info")
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s');\"" %(version, db_user, db_user)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("Patch version updated", "info")
+ log("[I] Patch version updated", "info")
else:
- log("Updating Patch version failed", "info")
+ log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
- log(name + "\n Import failed!\n","info")
+ log("[E] "+name + " Import failed!","error")
sys.exit(1)
- else:
- log("\nPatch file not found\n","debug")
- sys.exit(1)
-
-
- def check_table(self, db_name, root_user, db_root_password, TABLE_NAME):
- log("Verifying table " + TABLE_NAME +" in tablespace " + db_name, "debug")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME)
- output = check_output(shlex.split(query))
- if output.strip(TABLE_NAME.upper() + ' |'):
- log("Table " + TABLE_NAME +" already exists in Tablespace " + db_name + "\n","info")
- return True
else:
- log("Table " + TABLE_NAME +" does not exist in Tablespace " + db_name + "\n","info")
- return False
+ log("[I] Patch file not found","error")
+ sys.exit(1)
- def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name , TABLE_NAME):
- self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query \"select username from all_users where UPPER(username)=UPPER('%s');\"" %(audit_db_user)
- output = check_output(shlex.split(query))
- if output.strip(audit_db_user+" |"):
- log( "Oracle Audit User: " + audit_db_user + " already exists!", "debug")
- else:
- log("Audit User does not exists, Creating Audit User : " + audit_db_user, "info")
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
+ def check_table(self, db_name, db_user, db_password, TABLE_NAME):
+ get_cmd = self.get_jisql_cmd(db_user ,db_password)
+ query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
+ output = check_output(shlex.split(query)).strip()
+ output = output.strip(' |')
+ db_name = db_name.upper()
+ if output == db_name:
+ log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
+ log("[I] Verifying table " + TABLE_NAME +" in tablespace " + db_name, "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
+ query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME)
+ output = check_output(shlex.split(query))
+ if output.strip(TABLE_NAME.upper() + ' |'):
+ log("[I] Table " + TABLE_NAME +" already exists in tablespace " + db_name + "","info")
+ return True
+ else:
+ log("[I] Table " + TABLE_NAME +" does not exist in tablespace " + db_name + "","info")
+ return False
+ else:
+ log("[E] "+db_user + " user already assigned to some other tablespace , provide different DB name.","error")
+ sys.exit(1)
+
+
+ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
+ if DBA_MODE == "TRUE":
+ log("[I] --------- Setup audit user ---------","info")
+ #self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
+ if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
+ log("[I] Oracle admin user " + db_user + " already exists!", "info")
+ else:
+ log("[I] User does not exists, Creating user " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("Granting Permission to " + audit_db_user + " Done", "info")
+ if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
+ log("[I] User " + db_user + " created", "info")
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
+ else:
+ log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ sys.exit(1)
else:
- log("Granting Permission to " + audit_db_user + " Failed", "info")
+ log("[E] Creating Oracle user '" + db_user + "' failed", "error")
sys.exit(1)
-
- log("\n--------- Check audit table exists --------- \n","info")
- output = self.check_table(audit_db_name, audit_db_root_user, audit_db_root_password, TABLE_NAME)
- if output == False:
- self.import_audit_file_to_db(audit_db_root_user, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name,TABLE_NAME)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
- self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password)
+ if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
+ log("[I] Oracle audit user " + audit_db_user + " already exist!", "info")
+ else:
+ log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
+ query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permission to " + audit_db_user + " done", "info")
+ else:
+ log("[E] Granting permission to " + audit_db_user + " failed", "error")
+ sys.exit(1)
+ else:
+ log("[I] Creating audit user " + audit_db_user + " failed!", "info")
+ self.import_audit_file_to_db(audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME)
+ log("[I] --------- Check admin user connection ---------","info")
+ self.check_connection(db_name, db_user, db_password)
+ log("[I] --------- Check audit user connection ---------","info")
+ self.check_connection(audit_db_name, audit_db_user, audit_db_password)
+ log("[I] --------- Check table ---------","info")
+ if self.check_table(db_name, db_user, db_password, TABLE_NAME):
+ pass
+ else:
+ self.import_db_file(audit_db_name, db_user, db_password ,file_name)
+ if DBA_MODE == "TRUE":
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+ self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password)
class PostgresConf(BaseDB):
- # Constructor
- def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
- self.host = host
- self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
- self.JAVA_BIN = JAVA_BIN
- BaseDB.init_logfiles(self)
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
def get_jisql_cmd(self, user, password, db_name):
- #TODO: User array for forming command
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host, db_name, user, password)
- return jisql_cmd
+ #TODO: User array for forming command
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
+ return jisql_cmd
+ def verify_user(self, root_user, db_root_password, db_user):
+ log("[I] Verifying user " + db_user , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"SELECT 1;\""
+ output = check_output(shlex.split(query))
+ if output.strip('1 |'):
+ log("[I] connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection", "error")
+ sys.exit(1)
def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user+" |"):
- log( "Postgres User: " + db_user + " already exists!", "debug")
- else:
- log("User does not exists, Creating User : " + db_user, "info")
- query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("Postgres user " + db_user + " created", "info")
- else:
- log("Postgres user " +db_user+" creation failed\n", "info")
- sys.exit(1)
-
-
- def verify_db(self, root_user, db_root_password, db_name):
- log("\nVerifying Database: " + db_name + "\n", "debug")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
- output = check_output(shlex.split(query))
- if output.strip(db_name + " |"):
- return True
- else:
- return False
-
- def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name):
- log ("\nImporting to Database: " + db_name,"debug");
- if self.verify_db(root_user, db_root_password, db_name):
- log("\nDatabase: "+db_name + " already exists. Ignoring import_db\n","info")
- else:
- log("\nDatabase does not exist. Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("\nDatabase creation failed!!","info")
- sys.exit(1)
- else:
- log("Creating database : " + db_name + " succeeded", "info")
- self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
-
-
- def import_db_file(self, db_name, root_user, db_user, db_password, db_root_password, file_name):
- name = basename(file_name)
- if os.path.isfile(file_name):
- log("Importing db schema to database : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -input %s" %file_name
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log(name + " DB schema imported successfully\n","info")
- else:
- log(name + " DB Schema import failed!\n","info")
- sys.exit(1)
- else:
- log("\nDB Schema file " + name+ " not found\n","info")
- sys.exit(1)
+ if self.check_connection('postgres', root_user, db_root_password):
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] Postgres user " + db_user + " already exists!", "info")
+ else:
+ log("[I] User does not exists, Creating user : " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] Postgres user " + db_user + " created", "info")
+ else:
+ log("[E] Postgres user " +db_user+" creation failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] Postgres user " +db_user+" creation failed", "error")
+ sys.exit(1)
+
+
+ def verify_db(self, root_user, db_root_password, db_name):
+ log("[I] Verifying database " + db_name , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
+
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database "+db_name + " already exists.", "info")
+ else:
+ log("[I] Database does not exist! Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+
+
+ def import_db_file(self, db_name, db_user, db_password, file_name):
+ name = basename(file_name)
+ if os.path.isfile(file_name):
+ log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] "+name + " DB schema imported successfully","info")
+ else:
+ log("[E] "+name + " DB schema import failed!","error")
+ sys.exit(1)
+ else:
+ log("[E] DB schema file " + name+ " not found","error")
+ sys.exit(1)
+
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , True):
- log ("GRANTING PRIVILEGES TO user '"+db_user+"' on db '"+db_name+"'" , "info")
+ log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log ("Ganting privileges on tables in schema public failed", "info")
+ log("[E] Granting privileges on tables in schema public failed", "error")
sys.exit(1)
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log ("Ganting privileges on schema public failed", "info")
+ log("[E] Granting privileges on schema public failed", "error")
sys.exit(1)
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log ("Ganting privileges on database "+db_name+ " failed", "info")
+ log("[E] Granting privileges on database "+db_name+ " failed", "error")
sys.exit(1)
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log ("Ganting privileges on database "+db_name+ " failed", "info")
+ log("[E] Granting privileges on database "+db_name+ " failed", "error")
sys.exit(1)
- log ("GRANTING PRIVILEGES TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
+ log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
- def grant_audit_db_user(self, audit_db_root_user, audit_db_name , db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password):
- log("Granting Permission to " + audit_db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password, audit_db_name)
- log("\nGranting Select privileges to Postgres Audit user '" + audit_db_user + "'", "info")
- query = get_cmd + " -query 'GRANT ALL ON XA_ACCESS_AUDIT_SEQ TO %s;'" % (audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("\nGranting Select privileges to Postgres user '" + audit_db_user + "' FAILED\n", "info")
- sys.exit(1)
+ def grant_audit_db_user(self, audit_db_root_user, audit_db_name , db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password):
+ log("[I] Granting permission to " + audit_db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password, audit_db_name)
+ log("[I] Granting select and usage privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT_SEQ", "info")
+ query = get_cmd + " -query 'GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;'" % (audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting select privileges to Postgres user '" + audit_db_user + "' failed", "error")
+ sys.exit(1)
- log("\nGranting insert privileges to Postgres Audit user '" + audit_db_user + "'\n", "info")
+ log("[I] Granting insert privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT table", "info")
query = get_cmd + " -query 'GRANT INSERT ON XA_ACCESS_AUDIT TO %s;'" % (audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("\nGranting insert privileges to Postgres user '" + audit_db_user + "' FAILED\n", "info")
- sys.exit(1)
-
-
- def import_db_patches(self, db_name, root_user, db_user, db_password, db_root_password, file_name):
- name = basename(file_name)
- if os.path.isfile(file_name):
- version = name.split('-')[0]
- log("Executing patch on : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
- output = check_output(shlex.split(query))
- if output.strip(version + " |"):
- log("Patch "+ name +" is already Applied" ,"info")
- else:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -input %s" %file_name
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log(name + " Patch Applied\n","info")
- query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\"" %(version)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("Patch version updated", "info")
- else:
- log("Updating Patch version failed", "info")
- sys.exit(1)
- else:
- log(name + "\n Import failed!\n","info")
- sys.exit(1)
- else:
- log("\nImport " +name + " file not found\n","info")
- sys.exit(1)
-
-
- def check_table(self, db_name, root_user, db_root_password, TABLE_NAME):
- if self.verify_db(root_user, db_root_password, db_name):
- log("Database: " + db_name + " exists","info")
- log("Verifying table " + TABLE_NAME +" in database " + db_name, "debug")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\"" %(db_name , TABLE_NAME)
- output = check_output(shlex.split(query))
- if output.strip(TABLE_NAME +" |"):
- log("\nTable " + TABLE_NAME +" already exists in database " + db_name + "\n","info")
- return True
- else:
- log("\nTable " + TABLE_NAME +" does not exist in database " + db_name + "\n","info")
- return False
- else:
- log("Database does not exist \n","info")
- return False
-
-
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME):
- self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- output = self.check_table(audit_db_name, audit_db_root_user, audit_db_root_password, TABLE_NAME)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error")
+ sys.exit(1)
+
+
+ def import_db_patches(self, db_name, db_user, db_password, file_name):
+ name = basename(file_name)
+ if os.path.isfile(file_name):
+ version = name.split('-')[0]
+ log("[I] Executing patch on " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
+ output = check_output(shlex.split(query))
+ if output.strip(version + " |"):
+ log("[I] Patch "+ name +" is already applied" ,"info")
+ else:
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] "+name + " patch applied","info")
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\"" %(version)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Patch version updated", "info")
+ else:
+ log("[E] Updating patch version failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] "+name + " import failed!","error")
+ sys.exit(1)
+ else:
+ log("[E] Import " +name + " file not found","error")
+ sys.exit(1)
+
+
+ def check_table(self, db_name, db_user, db_password, TABLE_NAME):
+ log("[I] Verifying table " + TABLE_NAME +" in database " + db_name, "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\"" %(db_name , TABLE_NAME)
+ output = check_output(shlex.split(query))
+ if output.strip(TABLE_NAME +" |"):
+ log("[I] Table " + TABLE_NAME +" already exists in database " + db_name, "info")
+ return True
+ else:
+ log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name, "info")
+ return False
+
+
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
+ if DBA_MODE == "TRUE":
+ log("[I] --------- Setup audit user ---------","info")
+ self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
+ self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
+
+ log("[I] --------- Check admin user connection ---------","info")
+ self.check_connection(audit_db_name, db_user, db_password)
+ log("[I] --------- Check audit user connection ---------","info")
+ self.check_connection(audit_db_name, audit_db_user, audit_db_password)
+ log("[I] --------- Check table ---------","info")
+ output = self.check_table(audit_db_name, audit_db_user, audit_db_password, TABLE_NAME)
if output == False:
- self.import_file_to_db(audit_db_root_user, audit_db_name ,db_user, db_password, audit_db_root_password, file_name)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
- self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password)
+ self.import_db_file(audit_db_name, db_user, db_password, file_name)
+ if DBA_MODE == "TRUE":
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+ self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password)
class SqlServerConf(BaseDB):
- # Constructor
- def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
- BaseDB.init_logfiles(self)
-
- def get_jisql_cmd(self, user, password, db_name):
- #TODO: User array for forming command
- jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -u %s -p %s -noheader -trim"%(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host, db_name, user, password)
- return jisql_cmd
-
-
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
-# query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user)
- query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user)
- output = subprocess.check_output(shlex.split(query))
-# print query
-# print output
-# sys.exit(1)
- if output.strip(db_user +" |"):
- log( "SQLServer User: " + db_user + " already exists!", "debug")
- else:
- log("User does not exists, Creating Login User : " + db_user, "info")
- query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("SQLServer user " + db_user + " created", "info")
+
+
+ def get_jisql_cmd(self, user, password, db_name):
+ #TODO: User array for forming command
+ jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
+ return jisql_cmd
+
+ def verify_user(self, root_user, db_root_password, db_user):
+ log("[I] Verifying user " + db_user , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -c \; -query \"SELECT 1;\""
+ output = check_output(shlex.split(query))
+ if output.strip('1 |'):
+ log("[I] Connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection", "error")
+ sys.exit(1)
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ if self.check_connection('msdb', root_user, db_root_password):
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] SQL Server user " + db_user + " already exists!", "info")
+ else:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ log("[I] User does not exists, Creating Login user " + db_user, "info")
+ query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user):
+ log("[I] SQL Server user " + db_user + " created", "info")
else:
- log("SQLServer user " +db_user+" creation failed\n", "info")
+ log("[E] SQL Server user " +db_user+" creation failed", "error")
sys.exit(1)
- '''
- log("Creating User : " + db_user, "info")
- query = get_cmd + " -c \; -query \"CREATE USER %s for LOGIN %s WITH DEFAULT_SCHEMA=[dbo];\"" %(db_user,db_user)
-# query = get_cmd + " -c \; -query \"CREATE USER %s for LOGIN %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user,db_user, db_user)
- ret = subprocess.check_call(shlex.split(query))
-# print query
-# print ret
-# sys.exit(1)
- if ret == 0:
- log("SQLServer user " + db_user + " created", "info")
- else:
- log("SQLServer user " +db_user+" creation failed\n", "info")
- sys.exit(1)
- '''
-
- def verify_db(self, root_user, db_root_password, db_name):
- log("Verifying Database: " + db_name + "\n", "debug")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
- output = subprocess.check_output(shlex.split(query))
- if output.strip(db_name + " |"):
- return True
- else:
- return False
-
-
- def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name):
- log ("Importing to Database: " + db_name,"debug");
- if self.verify_db(root_user, db_root_password, db_name):
- log("Database : " + db_name + " already exists. Ignoring import_db\n","info")
- else:
- log("Database does not exist. Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("\nDatabase creation failed!!","info")
- sys.exit(1)
- else:
- log("Creating database : " + db_name + " succeeded", "info")
- '''
- status = 0
- status = status + 1
- if status == 1:
- '''
- self.create_user(root_user, db_name ,db_user, db_password, db_root_password)
- self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
+ else:
+ log("[E] SQL Server user " +db_user+" creation failed", "error")
+ sys.exit(1)
- def create_user(self, root_user, db_name ,db_user, db_password, db_root_password):
-# if flag == True:
+ def verify_db(self, root_user, db_root_password, db_name):
+ log("[I] Verifying database " + db_name, "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user)
- output = subprocess.check_output(shlex.split(query))
+ query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
+ output = check_output(shlex.split(query))
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
- if output.strip(db_user + " |"):
- log("","info")
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ if self.verify_db(root_user, db_root_password, db_name):
+ log("[I] Database " + db_name + " already exists.","info")
else:
- query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
+ log("[I] Database does not exist! Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log("\nDatabase creation failed!!","info")
+ log("[E] Database creation failed!!","error")
sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name):
+ self.create_user(root_user, db_name ,db_user, db_password, db_root_password)
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+# self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
- def import_db_file(self, db_name, root_user, db_user, db_password, db_root_password, file_name):
- name = basename(file_name)
- if os.path.isfile(file_name):
- log("Importing db schema to database : " + db_name + " from file: " + name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
-# get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
- query = get_cmd + " -input %s" %file_name
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log(name + " DB schema imported successfully\n","info")
- else:
- log(name + " DB Schema import failed!\n","info")
- sys.exit(1)
- else:
- log("\nDB Schema file " + name+ " not found\n","info")
- sys.exit(1)
-
-
- def check_table(self, db_name, root_user, db_root_password, TABLE_NAME):
- if self.verify_db(root_user, db_root_password, db_name):
- log("Verifying table '" + TABLE_NAME +"' in database '" + db_name + "'", "debug")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -c \; -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\"" %(TABLE_NAME)
- output = subprocess.check_output(shlex.split(query))
- if output.strip(TABLE_NAME + " |"):
- log("Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'\n","info")
- return True
+ def create_user(self, root_user, db_name ,db_user, db_password, db_root_password):
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
else:
- log("Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'\n","info")
- return False
+ log("[E] Database creation failed!!","error")
+ sys.exit(1)
+
+ def import_db_file(self, db_name, db_user, db_password, file_name):
+ name = basename(file_name)
+ if os.path.isfile(file_name):
+ log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] "+name + " DB schema imported successfully","info")
+ else:
+ log("[E] "+name + " DB Schema import failed!","error")
+ sys.exit(1)
else:
-
<TRUNCATED>