You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2015/08/25 23:42:07 UTC
ambari git commit: AMBARI-12864. Allow Ranger & Ranger KMS service to
installed using custom service user (Gautam Borad via alejandro)
Repository: ambari
Updated Branches:
refs/heads/trunk e60dbb4e0 -> 7852bc431
AMBARI-12864. Allow Ranger & Ranger KMS service to installed using custom service user (Gautam Borad via alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7852bc43
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7852bc43
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7852bc43
Branch: refs/heads/trunk
Commit: 7852bc431565acea04a2b0df5ac43b673e4ec1a1
Parents: e60dbb4
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Tue Aug 25 14:40:04 2015 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Tue Aug 25 14:40:04 2015 -0700
----------------------------------------------------------------------
.../functions/setup_ranger_plugin_xml.py | 8 -------
.../0.96.0.2.0/package/scripts/params_linux.py | 2 +-
.../2.1.0.2.0/package/scripts/params_linux.py | 2 +-
.../0.12.0.2.0/package/scripts/params_linux.py | 2 +-
.../RANGER/0.4.0/package/scripts/params.py | 11 ++++++++-
.../0.4.0/package/scripts/setup_ranger_xml.py | 22 +++++++++++++++++-
.../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 24 ++++++++++++++++----
.../0.5.0.2.3/package/scripts/params.py | 2 +-
.../2.1.0.2.0/package/scripts/params_linux.py | 2 +-
9 files changed, 55 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
index 0d2a6d3..cf40a75 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
@@ -51,14 +51,6 @@ def setup_ranger_plugin(component_select_name, service_name,
mode = 0644
)
- directory_path = os.path.dirname(component_driver_curl_target)
-
- if not os.path.exists(directory_path):
- Logger.info('Creating directory path {0}'.format(directory_path))
- Directory(directory_path,
- mode=0755
- )
-
Execute(('cp', '--remove-destination', component_downloaded_custom_connector, component_driver_curl_target),
path=["/bin", "/usr/bin/"],
sudo=True
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index c9aa97f..d515dad 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -255,7 +255,7 @@ if has_ranger_admin:
downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}")
driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
- driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+ driver_curl_target = format("/usr/hdp/current/{component_directory}/lib/{jdbc_jar_name}")
hbase_ranger_plugin_config = {
'username': repo_config_username,
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
index 5f6b8fe..4d8ac0b 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
@@ -427,7 +427,7 @@ if has_ranger_admin:
downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
- driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+ driver_curl_target = format("{hadoop_lib_home}/{jdbc_jar_name}")
hdfs_ranger_plugin_config = {
'username': repo_config_username,
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
index 7f622eb..a5abcb5 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
@@ -533,7 +533,7 @@ if has_ranger_admin:
ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}")
ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_symlink_name}")
- ranger_driver_curl_target = format("{java_share_dir}/{ranger_jdbc_jar_name}")
+ ranger_driver_curl_target = format("{hive_lib}/{ranger_jdbc_jar_name}")
hive_ranger_plugin_config = {
'username': repo_config_username,
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 6f039b2..8e84587 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -49,6 +49,9 @@ create_db_dbuser = config['configurations']['ranger-env']['create_db_dbuser']
stack_is_hdp22_or_further = Script.is_hdp_stack_greater_or_equal("2.2")
stack_is_hdp23_or_further = Script.is_hdp_stack_greater_or_equal("2.3")
+ranger_conf = '/etc/ranger/admin/conf'
+ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+
if stack_is_hdp22_or_further:
ranger_home = '/usr/hdp/current/ranger-admin'
ranger_conf = '/etc/ranger/admin/conf'
@@ -69,7 +72,13 @@ java_home = config['hostLevelParams']['java_home']
unix_user = config['configurations']['ranger-env']['ranger_user']
unix_group = config['configurations']['ranger-env']['ranger_group']
ranger_pid_dir = config['configurations']['ranger-env']['ranger_pid_dir']
-usersync_log_dir = config['configurations']['ranger-env']['ranger_usersync_log_dir']
+usersync_log_dir = default("/configurations/ranger-env/ranger_usersync_log_dir", "/var/log/ranger/usersync")
+admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir", "/var/log/ranger/admin")
+ranger_admin_default_file = format('{ranger_conf}/ranger-admin-default-site.xml')
+security_app_context_file = format('{ranger_conf}/security-applicationContext.xml')
+ranger_ugsync_default_file = format('{ranger_ugsync_conf}/ranger-ugsync-default.xml')
+usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.xml')
+cred_validator_file = format('{usersync_home}/native/credValidator.uexe')
ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index a3aa5bb..de7726a 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -47,6 +47,12 @@ def setup_ranger_admin(rolling_upgrade=False):
ranger_home = params.ranger_home
ranger_conf = params.ranger_conf
+ Directory(ranger_conf,
+ owner = params.unix_user,
+ group = params.unix_group,
+ recursive = True
+ )
+
if rolling_upgrade:
ranger_home = format("/usr/hdp/{version}/ranger-admin")
ranger_conf = format("/usr/hdp/{version}/ranger-admin/conf")
@@ -82,6 +88,14 @@ def setup_ranger_admin(rolling_upgrade=False):
Execute(('chown','-R',format('{unix_user}:{unix_group}'), format('{ranger_home}/')), sudo=True)
+ Directory(params.admin_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+
Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
not_if=format("ls /usr/bin/ranger-admin"),
only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
@@ -113,7 +127,9 @@ def setup_ranger_db(rolling_upgrade=False):
)
Directory(params.java_share_dir,
- mode=0755
+ mode=0755,
+ recursive=True,
+ cd_access="a"
)
Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
@@ -241,6 +257,10 @@ def setup_usersync():
group=params.unix_group,
mode=0644)
+ File(params.ranger_ugsync_default_file, owner=params.unix_user, group=params.unix_group)
+ File(params.usgsync_log4j_file, owner=params.unix_user, group=params.unix_group)
+ File(params.cred_validator_file, group=params.unix_group, mode=04555)
+
cred_lib = os.path.join(params.usersync_home,"lib","*")
cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib)
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index d9bb941..1ed28c4 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -46,7 +46,9 @@ def setup_kms_db():
)
Directory(params.java_share_dir,
- mode=0755
+ mode=0755,
+ recursive=True,
+ cd_access="a"
)
Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
@@ -66,14 +68,15 @@ def setup_kms_db():
File(os.path.join(params.kms_home, 'ews', 'webapp', 'lib', params.jdbc_jar_name), mode=0644)
ModifyPropertiesFile(format("/usr/hdp/current/ranger-kms/install.properties"),
- properties = params.config['configurations']['kms-properties']
+ properties = params.config['configurations']['kms-properties'],
+ owner = params.kms_user
)
dba_setup = format('python {kms_home}/dba_script.py -q')
db_setup = format('python {kms_home}/db_setup.py')
- Execute(dba_setup, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True)
- Execute(db_setup, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True)
+ Execute(dba_setup, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True, user=params.kms_user)
+ Execute(db_setup, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True, user=params.kms_user)
def setup_java_patch():
import params
@@ -81,7 +84,7 @@ def setup_java_patch():
if params.has_ranger_admin:
setup_java_patch = format('python {kms_home}/db_setup.py -javapatch')
- Execute(setup_java_patch, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True)
+ Execute(setup_java_patch, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True, user=params.kms_user)
kms_lib_path = format('{kms_home}/ews/webapp/lib/')
files = os.listdir(kms_lib_path)
@@ -121,6 +124,12 @@ def kms():
if params.has_ranger_admin:
+ Directory(params.kms_conf_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ recursive = True
+ )
+
File(params.downloaded_connector_path,
content = DownloadSource(params.driver_source),
mode = 0644
@@ -149,6 +158,11 @@ def kms():
Execute(('chown','-R',format('{kms_user}:{kms_group}'), format('{kms_home}/')), sudo=True)
+ Directory(params.kms_log_dir,
+ owner = params.kms_user,
+ group = params.kms_group
+ )
+
Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms'),
not_if=format('ls /usr/bin/ranger-kms'),
only_if=format('ls {kms_home}/ranger-kms'),
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index 9d895f4..1dbf3b1 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -38,7 +38,7 @@ if stack_is_hdp23_or_further:
kms_home = '/usr/hdp/current/ranger-kms'
kms_conf_dir = '/usr/hdp/current/ranger-kms/conf'
-kms_log_dir = config['configurations']['kms-env']['kms_log_dir']
+kms_log_dir = default("/configurations/kms-env/kms_log_dir", "/var/log/ranger/kms")
java_home = config['hostLevelParams']['java_home']
kms_user = default("/configurations/kms-env/kms_user", "kms")
kms_group = default("/configurations/kms-env/kms_group", "kms")
http://git-wip-us.apache.org/repos/asf/ambari/blob/7852bc43/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index f3914f3..9857d03 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -357,7 +357,7 @@ if has_ranger_admin:
downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
- driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+ driver_curl_target = format("{hadoop_yarn_home}/lib/{jdbc_jar_name}")
ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None