You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2016/04/15 00:34:41 UTC
incubator-ranger git commit: RANGER-900 : Remove support for DB based
auditing
Repository: incubator-ranger
Updated Branches:
refs/heads/master 5c648ee90 -> 6b47ac115
RANGER-900 : Remove support for DB based auditing
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/6b47ac11
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/6b47ac11
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/6b47ac11
Branch: refs/heads/master
Commit: 6b47ac115f847d1938a1e00e7288f59e0c724ed5
Parents: 5c648ee
Author: Pradeep Agrawal <pr...@freestoneinfotech.com>
Authored: Thu Apr 14 23:47:21 2016 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Thu Apr 14 18:34:21 2016 -0400
----------------------------------------------------------------------
.../apache/ranger/audit/test/TestEvents.java | 2 +-
agents-common/scripts/enable-agent.sh | 9 ++-
.../plugin/policyengine/TestPolicyEngine.java | 2 +-
hbase-agent/conf/ranger-hbase-audit-changes.cfg | 12 ++--
hbase-agent/scripts/install.properties | 21 -------
hdfs-agent/conf/ranger-hdfs-audit-changes.cfg | 12 ++--
hdfs-agent/scripts/install.properties | 21 -------
hive-agent/conf/ranger-hive-audit-changes.cfg | 12 ++--
hive-agent/scripts/install.properties | 20 -------
kms/scripts/install.properties | 21 -------
knox-agent/conf/ranger-knox-audit-changes.cfg | 12 ++--
knox-agent/scripts/install.properties | 20 -------
.../conf/ranger-kafka-audit-changes.cfg | 12 ++--
plugin-kafka/scripts/install.properties | 21 -------
plugin-kms/conf/ranger-kms-audit-changes.cfg | 12 ++--
plugin-kms/scripts/enable-kms-plugin.sh | 9 ++-
plugin-solr/conf/ranger-solr-audit-changes.cfg | 12 ++--
plugin-solr/scripts/install.properties | 21 -------
plugin-yarn/conf/ranger-yarn-audit-changes.cfg | 12 ++--
plugin-yarn/scripts/install.properties | 20 -------
security-admin/scripts/db_setup.py | 33 ++++++-----
security-admin/scripts/dba_script.py | 59 +++++---------------
security-admin/scripts/install.properties | 20 +------
security-admin/scripts/setup.sh | 45 +++++++++------
.../conf.dist/ranger-admin-default-site.xml | 22 ++++++++
.../resources/conf.dist/ranger-admin-site.xml | 21 -------
storm-agent/conf/ranger-storm-audit-changes.cfg | 12 ++--
storm-agent/scripts/install.properties | 20 -------
28 files changed, 154 insertions(+), 361 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
index 3e89cc4..e84d6fb 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
@@ -65,7 +65,7 @@ public class TestEvents {
auditProperties.setProperty("xasecure.audit.log4j.is.async", "false");
auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000");
- auditProperties.setProperty("xasecure.audit.db.is.enabled", "true");
+ auditProperties.setProperty("xasecure.audit.db.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.db.is.async", "true");
auditProperties.setProperty("xasecure.audit.db.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.db.async.max.flush.interval.ms", "30000");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 3791847..1fa1845 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -392,8 +392,10 @@ then
#
# We need to do the AUDIT JDBC url
#
-
- db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
+db_flavor=''
+#db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
+if [ "${db_flavor}" != "" ]
+then
audit_db_hostname=$(getInstallProperty 'XAAUDIT.DB.HOSTNAME')
audit_db_name=$(getInstallProperty 'XAAUDIT.DB.DATABASE_NAME')
@@ -431,6 +433,7 @@ then
export XAAUDIT_DB_JDBC_URL="jdbc:${db_flavor}://${audit_db_hostname}/${audit_db_name}"
export XAAUDIT_DB_JDBC_DRIVER="com.unknown.driver.${db_flavor}"
fi
+fi
for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg
@@ -578,7 +581,7 @@ then
auditdbCred=$(getInstallProperty 'XAAUDIT.DB.PASSWORD')
- create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
+ #create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index 8ee6bea..6bb7486 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -83,7 +83,7 @@ public class TestPolicyEngine {
auditProperties.setProperty("xasecure.audit.log4j.is.async", "false");
auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000");
- auditProperties.setProperty("xasecure.audit.db.is.enabled", "true");
+ auditProperties.setProperty("xasecure.audit.db.is.enabled", "false");
auditProperties.setProperty("xasecure.audit.db.is.async", "false");
auditProperties.setProperty("xasecure.audit.db.async.max.queue.size", "100000");
auditProperties.setProperty("xasecure.audit.db.async.max.flush.interval.ms", "30000");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hbase-agent/conf/ranger-hbase-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/ranger-hbase-audit-changes.cfg b/hbase-agent/conf/ranger-hbase-audit-changes.cfg
index e29ccd5..719c7cd 100644
--- a/hbase-agent/conf/ranger-hbase-audit-changes.cfg
+++ b/hbase-agent/conf/ranger-hbase-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hbase-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties
index 795ea3e..aca57bb 100644
--- a/hbase-agent/scripts/install.properties
+++ b/hbase-agent/scripts/install.properties
@@ -81,27 +81,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
-#
# Audit to HDFS Configuration
#
# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg
index 9c88450..e34d154 100644
--- a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg
+++ b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hdfs-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties
index b4dda13..148d2ba 100644
--- a/hdfs-agent/scripts/install.properties
+++ b/hdfs-agent/scripts/install.properties
@@ -77,27 +77,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
-#
# Audit to HDFS Configuration
#
# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hive-agent/conf/ranger-hive-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/ranger-hive-audit-changes.cfg b/hive-agent/conf/ranger-hive-audit-changes.cfg
index 4e61c7d..3fd7e14 100644
--- a/hive-agent/conf/ranger-hive-audit-changes.cfg
+++ b/hive-agent/conf/ranger-hive-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hive-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties
index 6b71a85..9f88524 100644
--- a/hive-agent/scripts/install.properties
+++ b/hive-agent/scripts/install.properties
@@ -77,26 +77,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
-#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
#
# Audit to HDFS Configuration
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/kms/scripts/install.properties
----------------------------------------------------------------------
diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties
index 7762948..fceae8f 100755
--- a/kms/scripts/install.properties
+++ b/kms/scripts/install.properties
@@ -143,27 +143,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=true
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
-#
# Audit to HDFS Configuration
#
# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/knox-agent/conf/ranger-knox-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/knox-agent/conf/ranger-knox-audit-changes.cfg b/knox-agent/conf/ranger-knox-audit-changes.cfg
index f722e53..f0571e7 100644
--- a/knox-agent/conf/ranger-knox-audit-changes.cfg
+++ b/knox-agent/conf/ranger-knox-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/knox-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties
index 1febd49..dbf1e11 100644
--- a/knox-agent/scripts/install.properties
+++ b/knox-agent/scripts/install.properties
@@ -81,26 +81,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
#
# Audit to HDFS Configuration
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kafka/conf/ranger-kafka-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg
index 46ee29a..661b498 100644
--- a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg
+++ b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kafka/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties
index 79ea6db..e5cf664 100644
--- a/plugin-kafka/scripts/install.properties
+++ b/plugin-kafka/scripts/install.properties
@@ -84,27 +84,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
-#
# Audit to HDFS Configuration
#
# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kms/conf/ranger-kms-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-kms/conf/ranger-kms-audit-changes.cfg b/plugin-kms/conf/ranger-kms-audit-changes.cfg
index 5a51455..69849d6 100644
--- a/plugin-kms/conf/ranger-kms-audit-changes.cfg
+++ b/plugin-kms/conf/ranger-kms-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kms/scripts/enable-kms-plugin.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh
index 7bf6c62..1661a61 100755
--- a/plugin-kms/scripts/enable-kms-plugin.sh
+++ b/plugin-kms/scripts/enable-kms-plugin.sh
@@ -360,8 +360,10 @@ then
#
# We need to do the AUDIT JDBC url
#
-
- db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
+db_flavor=''
+#db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'`
+if [ "${db_flavor}" != "" ]
+then
audit_db_hostname=$(getInstallProperty 'XAAUDIT.DB.HOSTNAME')
audit_db_name=$(getInstallProperty 'XAAUDIT.DB.DATABASE_NAME')
@@ -395,6 +397,7 @@ then
export XAAUDIT_DB_JDBC_URL="jdbc:${db_flavor}://${audit_db_hostname}/${audit_db_name}"
export XAAUDIT_DB_JDBC_DRIVER="com.unknown.driver.${db_flavor}"
fi
+fi
for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg
@@ -525,7 +528,7 @@ then
auditdbCred=$(getInstallProperty 'XAAUDIT.DB.PASSWORD')
- create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
+ #create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}"
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-solr/conf/ranger-solr-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg
index 2742bc1..622052e 100644
--- a/plugin-solr/conf/ranger-solr-audit-changes.cfg
+++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-solr/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties
index a3d9887..9073e8e 100644
--- a/plugin-solr/scripts/install.properties
+++ b/plugin-solr/scripts/install.properties
@@ -84,27 +84,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
-#
# Audit to HDFS Configuration
#
# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-yarn/conf/ranger-yarn-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg
index b650be1..8071e7b 100644
--- a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg
+++ b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-yarn/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties
index 3780068..3825125 100644
--- a/plugin-yarn/scripts/install.properties
+++ b/plugin-yarn/scripts/install.properties
@@ -75,26 +75,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
-#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
#
# Audit to HDFS Configuration
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 3d20fcd..595f810 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -2106,9 +2106,9 @@ def main(argv):
xa_access_audit = 'xa_access_audit'
x_user = 'x_portal_user'
- audit_db_name = globalDict['audit_db_name']
- audit_db_user = globalDict['audit_db_user']
- audit_db_password = globalDict['audit_db_password']
+ #audit_db_name = globalDict['db_name']
+ #audit_db_user = globalDict['db_user']
+ #audit_db_password = globalDict['db_password']
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
@@ -2171,8 +2171,8 @@ def main(argv):
audit_db_file = os.path.join(RANGER_ADMIN_HOME , oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
- audit_db_user=audit_db_user.lower()
- audit_db_name=audit_db_name.lower()
+ #audit_db_user=audit_db_user.lower()
+ #audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , postgres_audit_file)
@@ -2199,8 +2199,11 @@ def main(argv):
audit_store = None
if audit_store is None or audit_store == "":
- audit_store = "db"
+ audit_store = "solr"
audit_store=audit_store.lower()
+ if not audit_store =='solr':
+ log("[E] Only 'Solr' audit store is supported from current version!","error")
+ sys.exit(1)
if len(argv)==1:
log("[I] --------- Verifying Ranger DB tables ---------","info")
@@ -2209,10 +2212,10 @@ def main(argv):
else:
log("[I] --------- Importing Ranger Core DB Schema ---------","info")
xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file)
- if XA_DB_FLAVOR == "ORACLE":
- if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
- if db_user != audit_db_user:
- xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
+ #if XA_DB_FLAVOR == "ORACLE":
+ #if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
+ #if db_user != audit_db_user:
+ #xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
log("[I] --------- Verifying upgrade history table ---------","info")
output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
if output == False:
@@ -2220,11 +2223,11 @@ def main(argv):
xa_sqlObj.upgrade_db(db_name, db_user, db_password, xa_db_version_file)
log("[I] --------- Applying Ranger DB patches ---------","info")
xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
- if audit_store == "db":
- log("[I] --------- Starting Audit Operation ---------","info")
- audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
- log("[I] --------- Applying Audit DB patches ---------","info")
- audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
+ #if audit_store == "db":
+ #log("[I] --------- Starting Audit Operation ---------","info")
+ #audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
+ #log("[I] --------- Applying Audit DB patches ---------","info")
+ #audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
if len(argv)>1:
for i in range(len(argv)):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 0ebd90b..5f3fd42 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -1540,39 +1540,6 @@ def main(argv):
log("Enter db user password:","info")
db_password = getpass.getpass("Enter db user password:")
- if (quiteMode):
- audit_db_name = globalDict['audit_db_name']
- else:
- if (dryMode):
- audit_db_name='ranger_audit_db'
- else:
- audit_db_name=''
- while audit_db_name == "":
- log("Enter audit db name:","info")
- audit_db_name = raw_input()
-
- if (quiteMode):
- audit_db_user = globalDict['audit_db_user']
- else:
- if (dryMode):
- audit_db_user='ranger_logger_user'
- else:
- audit_db_user=''
- while audit_db_user == "":
- log("Enter audit user name:","info")
- audit_db_user = raw_input()
-
- if (quiteMode):
- audit_db_password = globalDict['audit_db_password']
- else:
- if (dryMode):
- audit_db_password='*****'
- else:
- audit_db_password=''
- while audit_db_password == "":
- log("Enter audit db user password:","info")
- audit_db_password = getpass.getpass("Enter audit db user password:")
-
audit_db_root_user = xa_db_root_user
audit_db_root_password = xa_db_root_password
@@ -1666,8 +1633,8 @@ def main(argv):
audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
- audit_db_user=audit_db_user.lower()
- audit_db_name=audit_db_name.lower()
+ #audit_db_user=audit_db_user.lower()
+ #audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
@@ -1691,19 +1658,23 @@ def main(argv):
audit_store = None
if audit_store is None or audit_store == "":
- audit_store = "db"
+ audit_store = "solr"
audit_store=audit_store.lower()
+ if not audit_store =='solr':
+ log("[E] Only 'Solr' audit store is supported from current version!","error")
+ sys.exit(1)
+
if not dryMode:
- log("[I] ---------- Verifing DB root password ---------- ","info")
+ log("[I] ---------- Verifying DB root password ---------- ","info")
password_validation(xa_db_root_password,"DBA root");
- log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info")
+ log("[I] ---------- Verifying Ranger Admin db user password ---------- ","info")
password_validation(db_password,"admin");
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
logFile("===============================================\n")
- xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name)
+ xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, db_user, db_password, db_name)
logFile("===============================================\n")
if (dryMode==False):
log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
@@ -1714,10 +1685,10 @@ def main(argv):
if not XA_DB_FLAVOR == "SQLA":
xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
# Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
- if audit_store == "db":
- log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
- password_validation(audit_db_password,"audit");
- log("[I] ---------- Verifying/Creating audit user --------- ","info")
- audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ #if audit_store == "db":
+ #log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
+ #password_validation(audit_db_password,"audit");
+ #log("[I] ---------- Verifying/Creating audit user --------- ","info")
+ #audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info")
main(sys.argv)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 1d9d207..4070259 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -60,9 +60,9 @@ db_name=ranger
db_user=rangeradmin
db_password=
-#Source for Audit DB
-# * audit_db is solr or db
-audit_store=db
+#Source for Audit Store
+# * audit_store is solr
+audit_store=solr
# * audit_solr_url URL to Solr. E.g. http://<solr_host>:6083/solr/ranger_audits
audit_solr_urls=
@@ -70,20 +70,6 @@ audit_solr_user=
audit_solr_password=
audit_solr_zookeepers=
-
-#
-# DB UserId for storing auditlog infromation
-#
-# * audit_db can be same as the Ranger schema db
-# * audit_db must exists in the same ${db_host} as Ranger database ${db_name}
-# * audit_user must be a different user than db_user (as audit user has access to only audit tables)
-#
-audit_db_name=ranger_audit
-audit_db_user=rangerlogger
-audit_db_password=
-
-
-
#------------------------- DB CONFIG - END ----------------------------------
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index bf29ed6..832932c 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -63,9 +63,9 @@ audit_solr_urls=$(get_prop 'audit_solr_urls' $PROPFILE)
audit_solr_user=$(get_prop 'audit_solr_user' $PROPFILE)
audit_solr_password=$(get_prop 'audit_solr_password' $PROPFILE)
audit_solr_zookeepers=$(get_prop 'audit_solr_zookeepers' $PROPFILE)
-audit_db_name=$(get_prop 'audit_db_name' $PROPFILE)
-audit_db_user=$(get_prop 'audit_db_user' $PROPFILE)
-audit_db_password=$(get_prop 'audit_db_password' $PROPFILE)
+audit_db_name=''
+audit_db_user=''
+audit_db_password=''
policymgr_external_url=$(get_prop 'policymgr_external_url' $PROPFILE)
policymgr_http_enabled=$(get_prop 'policymgr_http_enabled' $PROPFILE)
unix_user=$(get_prop 'unix_user' $PROPFILE)
@@ -204,6 +204,17 @@ init_variables(){
DB_FLAVOR="MYSQL"
fi
log "[I] DB_FLAVOR=${DB_FLAVOR}"
+ audit_store=`echo $audit_store | tr '[:upper:]' '[:lower:]'`
+ if [ "${audit_store}" == "solr" ] ;then
+ log "[I] Audit source=${DB_FLAVOR}"
+ if [ "${audit_solr_urls}" == "" ] ;then
+ log "[I] Please provide valid URL for 'solr' audit store!"
+ exit 1
+ fi
+ else
+ log "[I] Only 'solr' audit store is supported from current version, found : $audit_store"
+ exit 1
+ fi
}
check_python_command() {
@@ -355,7 +366,7 @@ update_properties() {
then
propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
propertyName=ranger.jpa.jdbc.dialect
@@ -372,7 +383,7 @@ update_properties() {
propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
if [ "${DB_FLAVOR}" == "ORACLE" ]
then
@@ -391,7 +402,7 @@ update_properties() {
if [ "${audit_store}" == "db" ]
then
propertyName=ranger.jpa.audit.jdbc.url
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
propertyName=ranger.jpa.jdbc.dialect
@@ -408,7 +419,7 @@ update_properties() {
propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
if [ "${DB_FLAVOR}" == "POSTGRES" ]
then
@@ -425,7 +436,7 @@ update_properties() {
then
propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:postgresql://${DB_HOST}/${audit_db_name}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
propertyName=ranger.jpa.jdbc.dialect
@@ -442,7 +453,7 @@ update_properties() {
propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="org.postgresql.Driver"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
if [ "${DB_FLAVOR}" == "MSSQL" ]
@@ -455,7 +466,7 @@ update_properties() {
then
propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${audit_db_name}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
propertyName=ranger.jpa.jdbc.dialect
@@ -472,7 +483,7 @@ update_properties() {
propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
if [ "${DB_FLAVOR}" == "SQLA" ]
@@ -485,7 +496,7 @@ update_properties() {
then
propertyName=ranger.jpa.audit.jdbc.url
newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
propertyName=ranger.jpa.jdbc.dialect
@@ -502,7 +513,7 @@ update_properties() {
propertyName=ranger.jpa.audit.jdbc.driver
newPropertyValue="sap.jdbc4.sqlanywhere.IDriver"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
if [ "${audit_store}" == "solr" ]
@@ -532,7 +543,7 @@ update_properties() {
then
propertyName=ranger.jpa.audit.jdbc.user
newPropertyValue="${audit_db_user}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
##########
@@ -594,11 +605,11 @@ update_properties() {
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="_"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
else
propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="${audit_db_password}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
if test -f $keystore; then
@@ -608,7 +619,7 @@ update_properties() {
#echo "$keystore not found. so use clear text password"
propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="${audit_db_password}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
fi
fi
if [ "${audit_store}" == "solr" ]
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 3333827..8305f07 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -441,4 +441,26 @@
<value>true</value>
<description></description>
</property>
+ <!-- # DB Info for audit_DB -->
+
+ <property>
+ <name>ranger.jpa.audit.jdbc.driver</name>
+ <value>net.sf.log4jdbc.DriverSpy</value>
+ <description></description>
+ </property>
+ <property>
+ <name>ranger.jpa.audit.jdbc.url</name>
+ <value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value>
+ <description></description>
+ </property>
+ <property>
+ <name>ranger.jpa.audit.jdbc.user</name>
+ <value>rangerlogger</value>
+ <description></description>
+ </property>
+ <property>
+ <name>ranger.jpa.audit.jdbc.password</name>
+ <value>rangerlogger</value>
+ <description></description>
+ </property>
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 6ee48f4..b2ec9de 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -55,29 +55,8 @@
<value>db</value>
<description></description>
</property>
-<!-- # DB Info for audit_DB -->
<property>
- <name>ranger.jpa.audit.jdbc.driver</name>
- <value>net.sf.log4jdbc.DriverSpy</value>
- <description></description>
- </property>
- <property>
- <name>ranger.jpa.audit.jdbc.url</name>
- <value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value>
- <description></description>
- </property>
- <property>
- <name>ranger.jpa.audit.jdbc.user</name>
- <value>rangerlogger</value>
- <description></description>
- </property>
- <property>
- <name>ranger.jpa.audit.jdbc.password</name>
- <value>rangerlogger</value>
- <description></description>
- </property>
- <property>
<name>ranger.service.http.enabled</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/storm-agent/conf/ranger-storm-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/storm-agent/conf/ranger-storm-audit-changes.cfg b/storm-agent/conf/ranger-storm-audit-changes.cfg
index b650be1..8071e7b 100644
--- a/storm-agent/conf/ranger-storm-audit-changes.cfg
+++ b/storm-agent/conf/ranger-storm-audit-changes.cfg
@@ -12,12 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
+#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists
xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/storm-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties
index f2aa5c4..f3a0693 100644
--- a/storm-agent/scripts/install.properties
+++ b/storm-agent/scripts/install.properties
@@ -77,26 +77,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
# End of V3 properties
-#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
#
# Audit to HDFS Configuration