You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2015/09/14 07:54:34 UTC
ambari git commit: AMBARI-13040. Improve help text description for
Ranger properties in Ambari. (Gautam board via jaimin)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 ffb015f76 -> a9305acb7
AMBARI-13040. Improve help text description for Ranger properties in Ambari. (Gautam board via jaimin)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a9305acb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a9305acb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a9305acb
Branch: refs/heads/branch-2.1
Commit: a9305acb719224186903adb005bc6080940e5fc9
Parents: ffb015f
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Sun Sep 13 22:53:50 2015 -0700
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Sun Sep 13 22:53:50 2015 -0700
----------------------------------------------------------------------
.../ranger-knox-plugin-properties.xml | 4 +-
.../configuration/ranger-kms-audit.xml | 32 +++---
.../ranger-hbase-plugin-properties.xml | 2 +-
.../ranger-hdfs-plugin-properties.xml | 5 +-
.../ranger-hive-plugin-properties.xml | 2 +-
.../ranger-storm-plugin-properties.xml | 2 +-
.../HBASE/configuration/ranger-hbase-audit.xml | 32 +++---
.../ranger-hbase-policymgr-ssl.xml | 6 +-
.../HDFS/configuration/ranger-hdfs-audit.xml | 32 +++---
.../configuration/ranger-hdfs-policymgr-ssl.xml | 6 +-
.../HIVE/configuration/ranger-hive-audit.xml | 32 +++---
.../configuration/ranger-hive-policymgr-ssl.xml | 6 +-
.../HIVE/configuration/ranger-hive-security.xml | 2 +-
.../KAFKA/configuration/ranger-kafka-audit.xml | 32 +++---
.../ranger-kafka-plugin-properties.xml | 2 +-
.../ranger-kafka-policymgr-ssl.xml | 6 +-
.../KNOX/configuration/ranger-knox-audit.xml | 32 +++---
.../configuration/ranger-knox-policymgr-ssl.xml | 6 +-
.../RANGER/configuration/ranger-admin-site.xml | 78 +++++++--------
.../RANGER/configuration/ranger-ugsync-site.xml | 100 +++++++++++--------
.../STORM/configuration/ranger-storm-audit.xml | 32 +++---
.../ranger-storm-policymgr-ssl.xml | 6 +-
.../YARN/configuration/ranger-yarn-audit.xml | 32 +++---
.../ranger-yarn-plugin-properties.xml | 2 +-
.../configuration/ranger-yarn-policymgr-ssl.xml | 6 +-
25 files changed, 258 insertions(+), 239 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
index 8bf1dd3..d2be68e 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
@@ -29,7 +29,7 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin</description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
@@ -54,7 +54,7 @@
<property>
<name>KNOX_HOME</name>
<value>/usr/hdp/current/knox-server</value>
- <description></description>
+ <description>Knox home folder</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
index e5bd75e..4355548 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
@@ -23,97 +23,97 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/ranger/kms/audit/db/spool</value>
- <description></description>
+ <description>/var/log/ranger/kms/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/ranger/kms/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/ranger/kms/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>true</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/ranger/kms/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/ranger/kms/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>false</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
index 30af22c..7b30951 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
@@ -23,7 +23,7 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin</description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
index 32f7c54..f4f8fe7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
@@ -29,14 +29,13 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin
- </description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
<name>ranger-hdfs-plugin-enabled</name>
<value>No</value>
- <description>Enable ranger hdfs plugin ?</description>
+ <description>Enable ranger hdfs plugin?</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
index 1b121bc..6c00a7f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
@@ -35,7 +35,7 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin</description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
index e0c47db..390dc6f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
@@ -29,7 +29,7 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin</description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
index 070b637..e06456e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hbase/audit/db/spool</value>
- <description></description>
+ <description>/var/log/hbase/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hbase/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/hbase/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>false</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hbase/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/hbase/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>true</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
index 20b5e7d..654b7c7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
index 57329e3..5a0813b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hadoop/hdfs/audit/db/spool</value>
- <description></description>
+ <description>/var/log/hadoop/hdfs/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hadoop/hdfs/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/hadoop/hdfs/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>false</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hadoop/hdfs/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/hadoop/hdfs/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>false</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
index 8f48fcf..b51fefb 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
index d5f07a9..2b27f72 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hive/audit/db/spool</value>
- <description></description>
+ <description>/var/log/hive/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hive/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/hive/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>false</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hive/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/hive/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>false</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
index d4a6d45..b8ae6ca 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
index 5407ccf..d5a80c8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
@@ -23,7 +23,7 @@
<property>
<name>ranger.plugin.hive.service.name</name>
<value>{{repo_name}}</value>
- <description>Name of the Ranger service containing policies for this YARN instance</description>
+ <description>Name of the Ranger service containing policies for this Hive instance</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
index 1433d0a..b7ae3de 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/kafka/audit/db/spool</value>
- <description></description>
+ <description>/var/log/kafka/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/kafka/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/kafka/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>true</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/kafka/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/kafka/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>true</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
index 893652d..254fefc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
@@ -35,7 +35,7 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin</description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
index 447320f..993de48 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file/{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file/{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
index ba8710a..fcf3867 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/knox/audit/db/spool</value>
- <description></description>
+ <description>/var/log/knox/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/knox/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/knox/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>false</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/knox/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/knox/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>false</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
index a39ff0b..b9c5da6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
index 57d21dd..18e4cf6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
@@ -21,141 +21,141 @@
<property>
<name>ranger.service.host</name>
<value>{{ranger_host}}</value>
- <description></description>
+ <description>Host where ranger service to be installed</description>
</property>
<property>
<name>ranger.service.http.enabled</name>
<value>true</value>
- <description></description>
+ <description>Enable HTTP</description>
</property>
<property>
<name>ranger.service.http.port</name>
<value>6080</value>
- <description></description>
+ <description>HTTP port</description>
</property>
<property>
<name>ranger.service.https.port</name>
<value>6182</value>
- <description></description>
+ <description>HTTPS port (if SSL is enabled)</description>
</property>
<property>
<name>ranger.service.https.attrib.ssl.enabled</name>
<value>false</value>
- <description></description>
+ <description>true/false, set to true if using SSL</description>
</property>
<property>
<name>ranger.service.https.attrib.clientAuth</name>
<value>want</value>
- <description></description>
+ <description>Needs to be set to want for two way SSL</description>
</property>
<property>
<name>ranger.service.https.attrib.keystore.keyalias</name>
<value>rangeradmin</value>
- <description></description>
+ <description>Alias for Ranger Admin key in keystore</description>
</property>
<property>
<name>ranger.service.https.attrib.keystore.pass</name>
<value>xasecure</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Password for keystore</description>
</property>
<property>
<name>ranger.https.attrib.keystore.file</name>
<value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
- <description></description>
+ <description>Ranger admin keystore (specify full path)</description>
</property>
<property>
<name>ranger.externalurl</name>
<value>{{ranger_external_url}}</value>
- <description></description>
+ <description>URL to be used by clients to access ranger admin</description>
</property>
<property>
<name>ranger.jpa.jdbc.driver</name>
<value>com.mysql.jdbc.Driver</value>
- <description></description>
+ <description>JDBC driver class name</description>
</property>
<property>
<name>ranger.jpa.jdbc.url</name>
<value>jdbc:mysql://localhost</value>
- <description></description>
+ <description>JDBC connect string - auto populated based on other values</description>
</property>
<property>
<name>ranger.jpa.jdbc.user</name>
<value>{{ranger_db_user}}</value>
- <description></description>
+ <description>JDBC user</description>
</property>
<property>
<name>ranger.jpa.jdbc.password</name>
<value>_</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>JDBC password</description>
</property>
<property>
<name>ranger.jpa.jdbc.credential.alias</name>
<value>rangeradmin</value>
- <description></description>
+ <description>Alias name for storing JDBC password</description>
</property>
<property>
<name>ranger.credential.provider.path</name>
<value>/etc/ranger/admin/rangeradmin.jceks</value>
- <description></description>
+ <description>File for credential store, provide full file path</description>
</property>
<property>
<name>ranger.audit.source.type</name>
<value>solr</value>
- <description></description>
+ <description>db or solr, based on the audit destination used</description>
</property>
<property>
<name>ranger.audit.solr.urls</name>
<value>http://solr_host:6083/solr/ranger_audits</value>
- <description></description>
+ <description>Solr url for audit</description>
</property>
<property>
<name>ranger.authentication.method</name>
<value>UNIX</value>
- <description></description>
+ <description>Ranger admin Authentication - UNIX/LDAP/AD/NONE</description>
</property>
<property>
<name>ranger.ldap.url</name>
<value>ldap://71.127.43.33:389</value>
- <description></description>
+ <description>LDAP Server URL, only used if Authentication method is LDAP</description>
</property>
<property>
<name>ranger.ldap.user.dnpattern</name>
<value>uid={0},ou=users,dc=xasecure,dc=net</value>
- <description></description>
+ <description>LDAP user DN, only used if Authentication method is LDAP</description>
</property>
<property>
<name>ranger.ldap.group.searchbase</name>
<value>ou=groups,dc=xasecure,dc=net</value>
- <description></description>
+ <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
</property>
<property>
<name>ranger.ldap.group.searchfilter</name>
<value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value>
- <description></description>
+ <description>LDAP group search filter, only used if Authentication method is LDAP</description>
</property>
<property>
@@ -167,7 +167,7 @@
<property>
<name>ranger.ldap.group.roleattribute</name>
<value>cn</value>
- <description></description>
+ <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
</property>
<property>
@@ -198,13 +198,13 @@
<property>
<name>ranger.ldap.ad.domain</name>
<value>localhost</value>
- <description></description>
+ <description>AD domain, only used if Authentication method is AD</description>
</property>
<property>
<name>ranger.ldap.ad.url</name>
<value>ldap://ad.xasecure.net:389</value>
- <description></description>
+ <description>AD URL, only used if Authentication method is AD</description>
</property>
<property>
@@ -241,81 +241,81 @@
<property>
<name>ranger.jpa.audit.jdbc.driver</name>
<value>{{ranger_jdbc_driver}}</value>
- <description></description>
+ <description>JDBC driver class name - for audit DB</description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>JDBC connect string - auto populated based on other values</description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.user</name>
<value>{{ranger_audit_db_user}}</value>
- <description></description>
+ <description>JDBC user - audit</description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.password</name>
<value>_</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>JDBC password - audit</description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.credential.alias</name>
<value>rangeraudit</value>
- <description></description>
+ <description>Alias name for storing JDBC password - for audit user</description>
</property>
<property>
<name>ranger.unixauth.remote.login.enabled</name>
<value>true</value>
- <description></description>
+ <description>Remote login enabled? - only used if Authentication method is UNIX</description>
</property>
<property>
<name>ranger.unixauth.service.hostname</name>
<value>localhost</value>
- <description></description>
+ <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
</property>
<property>
<name>ranger.unixauth.service.port</name>
<value>5151</value>
- <description></description>
+ <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
</property>
<property>
<name>ranger.jpa.jdbc.dialect</name>
<value>{{jdbc_dialect}}</value>
- <description></description>
+ <description>JDBC dialect used for policy DB</description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.dialect</name>
<value>{{jdbc_dialect}}</value>
- <description></description>
+ <description>JDBC dialect used for audit DB</description>
</property>
<property>
<name>ranger.audit.solr.zookeepers</name>
<value>NONE</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>ranger.audit.solr.username</name>
<value>ranger_solr</value>
- <description></description>
+ <description>Solr username</description>
</property>
<property>
<name>ranger.audit.solr.password</name>
<value>NONE</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Solr password</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
index d7dce19..3d31ccb 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -21,87 +21,87 @@
<property>
<name>ranger.usersync.port</name>
<value>5151</value>
- <description></description>
+ <description>Port for unix authentication service, run within usersync</description>
</property>
<property>
<name>ranger.usersync.ssl</name>
<value>true</value>
- <description></description>
+ <description>SSL enabled? (ranger admin -> usersync communication)</description>
</property>
<property>
<name>ranger.usersync.keystore.file</name>
<value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
- <description></description>
+ <description>Keystore file used for usersync</description>
</property>
<property>
<name>ranger.usersync.keystore.password</name>
<value>UnIx529p</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Keystore password</description>
</property>
<property>
<name>ranger.usersync.truststore.file</name>
<value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
- <description></description>
+ <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description>
</property>
<property>
<name>ranger.usersync.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Truststore password</description>
</property>
<property>
<name>ranger.usersync.passwordvalidator.path</name>
<value>./native/credValidator.uexe</value>
- <description></description>
+ <description>Native program for password validation</description>
</property>
<property>
<name>ranger.usersync.enabled</name>
<value>true</value>
- <description></description>
+ <description>Usersync enabled?</description>
</property>
<property>
<name>ranger.usersync.sink.impl.class</name>
<value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
- <description></description>
+ <description>Class to be used as sink (to sync users into ranger admin)</description>
</property>
<property>
<name>ranger.usersync.policymanager.baseURL</name>
<value>{{ranger_external_url}}</value>
- <description></description>
+ <description>URL to be used by clients to access ranger admin, use FQDN</description>
</property>
<property>
<name>ranger.usersync.policymanager.maxrecordsperapicall</name>
<value>1000</value>
- <description></description>
+ <description>How many records to be returned per API call</description>
</property>
<property>
<name>ranger.usersync.policymanager.mockrun</name>
<value>false</value>
- <description></description>
+ <description>Is user sync doing mock run?</description>
</property>
<property>
<name>ranger.usersync.unix.minUserId</name>
<value>500</value>
- <description></description>
+ <description>Only sync users above this user id (applicable for UNIX)</description>
</property>
<property>
<name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
<value>5</value>
- <description></description>
+ <description>Sleeptime interval in milliseconds, if < 1000 then default to 30 sec</description>
</property>
<property>
@@ -119,74 +119,82 @@
<property>
<name>ranger.usersync.filesource.text.delimiter</name>
<value>,</value>
- <description></description>
+ <description>Delimiter used in file, if File based user sync is used</description>
</property>
<property>
<name>ranger.usersync.ldap.url</name>
<value>ldap://localhost:389</value>
- <description></description>
+ <description>LDAP server URL</description>
</property>
<property>
<name>ranger.usersync.ldap.binddn</name>
<value>cn=admin,dc=xasecure,dc=net</value>
- <description></description>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
</property>
<property>
<name>ranger.usersync.ldap.ldapbindpassword</name>
<value></value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Password for the account that can search for users.</description>
</property>
<property>
<name>ranger.usersync.ldap.bindalias</name>
<value>testldapalias</value>
- <description></description>
+ <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
</property>
<property>
<name>ranger.usersync.ldap.bindkeystore</name>
<value></value>
- <description></description>
+ <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
</property>
<property>
<name>ranger.usersync.ldap.searchBase</name>
<value>dc=hadoop,dc=apache,dc=org</value>
- <description></description>
+ <description>"# search base for users and groups
+# sample value would be dc=hadoop,dc=apache,dc=org"</description>
</property>
<property>
<name>ranger.usersync.ldap.user.searchbase</name>
<value>ou=users,dc=xasecure,dc=net</value>
- <description></description>
+ <description>"# search base for users
+# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase"</description>
</property>
<property>
<name>ranger.usersync.ldap.user.searchscope</name>
<value>sub</value>
- <description></description>
+ <description>"# search scope for the users, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
</property>
<property>
<name>ranger.usersync.ldap.user.objectclass</name>
<value>person</value>
- <description></description>
+ <description>LDAP User Object Class</description>
</property>
<property>
<name>ranger.usersync.ldap.user.searchfilter</name>
<value>empty</value>
- <description></description>
+ <description>"optional additional filter constraining the users selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
</property>
<property>
<name>ranger.usersync.ldap.user.nameattribute</name>
<value>cn</value>
- <description></description>
+ <description>LDAP user name attribute</description>
</property>
<property>
@@ -198,49 +206,58 @@
<property>
<name>ranger.usersync.ldap.user.groupnameattribute</name>
<value>memberof, ismemberof</value>
- <description></description>
+ <description>LDAP user group name attribute</description>
</property>
<property>
<name>ranger.usersync.ldap.username.caseconversion</name>
<value>lower</value>
- <description></description>
+ <description>User name case conversion</description>
</property>
<property>
<name>ranger.usersync.ldap.groupname.caseconversion</name>
<value>lower</value>
- <description></description>
+ <description>Group name case conversion</description>
</property>
<property>
<name>ranger.usersync.logdir</name>
<value>/var/log/ranger/usersync</value>
- <description></description>
+ <description>User sync log directory</description>
</property>
<property>
<name>ranger.usersync.group.searchenabled</name>
<value>false</value>
- <description></description>
+ <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+# valid values: true, false
+# any value other than true would be treated as false
+# default value: false"</description>
</property>
<property>
<name>ranger.usersync.group.usermapsyncenabled</name>
<value>false</value>
- <description></description>
+ <description>User map sync enabled?</description>
</property>
<property>
<name>ranger.usersync.group.searchbase</name>
<value> </value>
- <description></description>
+ <description>"# search base for groups
+# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase
+# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase
+# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description>
</property>
<property>
<name>ranger.usersync.group.searchscope</name>
<value> </value>
- <description></description>
+ <description>"# search scope for the groups, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
</property>
<property>
@@ -252,37 +269,40 @@
<property>
<name>ranger.usersync.group.searchfilter</name>
<value> </value>
- <description></description>
+ <description>"# optional additional filter constraining the groups selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
</property>
<property>
<name>ranger.usersync.group.nameattribute</name>
<value> </value>
- <description></description>
+ <description>LDAP group name attribute</description>
</property>
<property>
<name>ranger.usersync.group.memberattributename</name>
<value> </value>
- <description></description>
+ <description>LDAP group member attribute name</description>
</property>
<property>
<name>ranger.usersync.pagedresultsenabled</name>
<value>true</value>
- <description></description>
+ <description>Results can be paged?</description>
</property>
<property>
<name>ranger.usersync.pagedresultssize</name>
<value>500</value>
- <description></description>
+ <description>Page size</description>
</property>
<property>
<name>ranger.usersync.credstore.filename</name>
<value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
- <description></description>
+ <description>Credential store file name for user sync, specify full path</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
index 3687e88..b6dd4dc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Passwords</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/storm/audit/db/spool</value>
- <description></description>
+ <description>/var/log/storm/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/storm/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/storm/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>false</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/storm/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/storm/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>false</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
index 4fc6452..6aac72d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
index 044f8ec..bb2bed6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
@@ -23,98 +23,98 @@
<property>
<name>xasecure.audit.is.enabled</name>
<value>true</value>
- <description></description>
+ <description>Is Audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db</name>
<value>false</value>
- <description></description>
+ <description>Is Audit to DB enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
- <description></description>
+ <description>Audit DB JDBC URL</description>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
- <description></description>
+ <description>Audit DB JDBC User</description>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
<value>crypted</value>
<property-type>PASSWORD</property-type>
- <description></description>
+ <description>Audit DB JDBC Password</description>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
- <description></description>
+ <description>Audit DB JDBC Driver</description>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
- <description></description>
+ <description>Credential file store</description>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/db/spool</value>
- <description></description>
+ <description>/var/log/hadoop/yarn/audit/db/spool</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
- <description></description>
+ <description>Is Audit to HDFS enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description></description>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/hdfs/spool</value>
- <description></description>
+ <description>/var/log/hadoop/yarn/audit/hdfs/spool</description>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
<value>false</value>
- <description></description>
+ <description>Is Solr audit enabled?</description>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>{{ranger_audit_solr_urls}}</value>
- <description></description>
+ <description>Solr URL</description>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>none</value>
- <description></description>
+ <description>Solr Zookeeper string</description>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/solr/spool</value>
- <description></description>
+ <description>/var/log/hadoop/yarn/audit/solr/spool</description>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
<value>false</value>
- <description></description>
+ <description>Enable Summary audit?</description>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
index db456da..65c385f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
@@ -35,7 +35,7 @@
<property>
<name>common.name.for.certificate</name>
<value></value>
- <description>Used for repository creation on ranger admin</description>
+ <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
index ffb06d9..0489679 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
@@ -43,19 +43,19 @@
<name>xasecure.policymgr.clientssl.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
- <description>java truststore password</description>
+ <description>java truststore password</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
+ <description>java keystore credential file</description>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
+ <description>java truststore credential file</description>
</property>
</configuration>