You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by vb...@apache.org on 2017/05/12 10:48:15 UTC
[1/6] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Repository: ambari
Updated Branches:
refs/heads/trunk 4e6babdf1 -> 260ee2efc
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json
new file mode 100644
index 0000000..cbe28a3
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json
@@ -0,0 +1,692 @@
+{
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "ranger_audit_settings",
+ "display-name": "Ranger Audit",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-audit-solr",
+ "display-name": "Audit to Solr",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-solr-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-ranger-audit-hdfs",
+ "display-name": "Audit to HDFS",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-hdfs-row1-col2",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_tagsync",
+ "display-name": "Ranger Tagsync",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-tagsync-atlas",
+ "display-name": "Atlas Tag Source",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-tagsync-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-tagsync-atlasrest",
+ "display-name": "AtlasRest Tag Source",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-tagsync-row1-col2",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-tagsync-file",
+ "display-name": "File Tag Source",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-tagsync-row2-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "ranger-env/ranger-atlas-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "ATLAS",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlas",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1"
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.bootstrap.servers",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlas"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.zookeeper.connect",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlas"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.entities.group.id",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlas"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest",
+ "subsection-name": "subsection-ranger-tagsync-row1-col2"
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.endpoint",
+ "subsection-name": "subsection-ranger-tagsync-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlasrest"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlasrest}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.download.interval.millis",
+ "subsection-name": "subsection-ranger-tagsync-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlasrest"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlasrest}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file",
+ "subsection-name": "subsection-ranger-tagsync-row2-col1"
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.check.interval.millis",
+ "subsection-name": "subsection-ranger-tagsync-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.file"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.file}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.filename",
+ "subsection-name": "subsection-ranger-tagsync-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.file"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.file}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.user.searchenabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.search.first.enabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.search.first.enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.search.first.enabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.solr",
+ "subsection-name": "subsection-ranger-solr-row1-col1"
+ },
+ {
+ "config": "ranger-env/is_solrCloud_enabled",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_enabled",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr",
+ "ranger-env/is_solrCloud_enabled"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_kerberos",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr",
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/is_external_solrCloud_enabled"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled} && ${ranger-env/is_external_solrCloud_enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.urls",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/is_solrCloud_enabled} === false && ${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/is_solrCloud_enabled} && ${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.username",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.password",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2"
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.hdfs"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.hdfs}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.check.interval.millis",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.filename",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.download.interval.millis",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.endpoint",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.entities.group.id",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.bootstrap.servers",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.zookeeper.connect",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlas",
+ "widget": {
+ "type": "checkbox"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest",
+ "widget": {
+ "type": "checkbox"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file",
+ "widget": {
+ "type": "checkbox"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-atlas-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.user.searchenabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.search.first.enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.solr",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_solrCloud_enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_kerberos",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.urls",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.username",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "widget": {
+ "type": "text-field"
+ }
+ }
+ ]
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json
new file mode 100644
index 0000000..8068a38
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json
@@ -0,0 +1,48 @@
+{
+ "configuration": {
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.deltasync",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-env/ranger-nifi-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "NIFI",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.deltasync",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-nifi-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
new file mode 100644
index 0000000..c8b3d65
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER</name>
+ <version>0.7.0.3.0</version>
+ <extends>common-services/RANGER/0.7.0.3.0</extends>
+ </service>
+ </services>
+</metainfo>
[6/6] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Posted by vb...@apache.org.
AMBARI-20985. HDP 3.0 TP - create service definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/260ee2ef
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/260ee2ef
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/260ee2ef
Branch: refs/heads/trunk
Commit: 260ee2efc131c8dd0d5e4d9aa960eafb6b3d62ce
Parents: 4e6babd
Author: Vitaly Brodetskyi <vb...@hortonworks.com>
Authored: Fri May 12 13:47:33 2017 +0300
Committer: Vitaly Brodetskyi <vb...@hortonworks.com>
Committed: Fri May 12 13:47:33 2017 +0300
----------------------------------------------------------------------
.../RANGER/0.7.0.3.0/alerts.json | 76 +
.../0.7.0.3.0/configuration/admin-log4j.xml | 132 ++
.../configuration/admin-properties.xml | 163 ++
.../configuration/atlas-tagsync-ssl.xml | 72 +
.../configuration/ranger-admin-site.xml | 785 ++++++++
.../0.7.0.3.0/configuration/ranger-env.xml | 513 +++++
.../0.7.0.3.0/configuration/ranger-site.xml | 30 +
.../configuration/ranger-solr-configuration.xml | 59 +
.../ranger-tagsync-policymgr-ssl.xml | 72 +
.../configuration/ranger-tagsync-site.xml | 206 ++
.../configuration/ranger-ugsync-site.xml | 574 ++++++
.../tagsync-application-properties.xml | 62 +
.../0.7.0.3.0/configuration/tagsync-log4j.xml | 90 +
.../0.7.0.3.0/configuration/usersync-log4j.xml | 89 +
.../configuration/usersync-properties.xml | 32 +
.../RANGER/0.7.0.3.0/kerberos.json | 153 ++
.../RANGER/0.7.0.3.0/metainfo.xml | 189 ++
.../alerts/alert_ranger_admin_passwd_check.py | 195 ++
.../RANGER/0.7.0.3.0/package/scripts/params.py | 448 +++++
.../0.7.0.3.0/package/scripts/ranger_admin.py | 217 ++
.../0.7.0.3.0/package/scripts/ranger_service.py | 69 +
.../0.7.0.3.0/package/scripts/ranger_tagsync.py | 139 ++
.../package/scripts/ranger_usersync.py | 124 ++
.../0.7.0.3.0/package/scripts/service_check.py | 49 +
.../0.7.0.3.0/package/scripts/setup_ranger.py | 153 ++
.../package/scripts/setup_ranger_xml.py | 853 ++++++++
.../0.7.0.3.0/package/scripts/status_params.py | 39 +
.../RANGER/0.7.0.3.0/package/scripts/upgrade.py | 31 +
.../templates/input.config-ranger.json.j2 | 79 +
.../package/templates/ranger_admin_pam.j2 | 22 +
.../package/templates/ranger_remote_pam.j2 | 22 +
.../package/templates/ranger_solr_jaas_conf.j2 | 26 +
.../properties/ranger-solrconfig.xml.j2 | 1874 ++++++++++++++++++
.../RANGER/0.7.0.3.0/quicklinks/quicklinks.json | 41 +
.../RANGER/0.7.0.3.0/role_command_order.json | 9 +
.../0.7.0.3.0/themes/theme_version_1.json | 722 +++++++
.../0.7.0.3.0/themes/theme_version_2.json | 1470 ++++++++++++++
.../0.7.0.3.0/themes/theme_version_3.json | 692 +++++++
.../0.7.0.3.0/themes/theme_version_5.json | 48 +
.../stacks/HDP/3.0/services/RANGER/metainfo.xml | 27 +
40 files changed, 10646 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json
new file mode 100644
index 0000000..ab473a8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json
@@ -0,0 +1,76 @@
+{
+ "RANGER": {
+ "service": [],
+ "RANGER_ADMIN": [
+ {
+ "name": "ranger_admin_process",
+ "label": "Ranger Admin Process",
+ "description": "This host-level alert is triggered if the Ranger Admin Web UI is unreachable.",
+ "interval": 1,
+ "scope": "ANY",
+ "source": {
+ "type": "WEB",
+ "uri": {
+ "http": "{{admin-properties/policymgr_external_url}}/login.jsp",
+ "https": "{{admin-properties/policymgr_external_url}}/login.jsp",
+ "kerberos_keytab": "{{cluster-env/smokeuser_keytab}}",
+ "kerberos_principal": "{{cluster-env/smokeuser_principal_name}}",
+ "https_property": "{{ranger-admin-site/ranger.service.https.attrib.ssl.enabled}}",
+ "https_property_value": "true",
+ "connection_timeout": 5.0
+ },
+ "reporting": {
+ "ok": {
+ "text": "HTTP {0} response in {2:.3f}s"
+ },
+ "warning": {
+ "text": "HTTP {0} response from {1} in {2:.3f}s ({3})"
+ },
+ "critical": {
+ "text": "Connection failed to {1} ({3})"
+ }
+ }
+ }
+ },
+ {
+ "name": "ranger_admin_password_check",
+ "label": "Ranger Admin password check",
+ "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.",
+ "interval": 30,
+ "scope": "ANY",
+ "source": {
+ "type": "SCRIPT",
+ "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py",
+ "parameters": []
+ }
+ }
+ ],
+ "RANGER_USERSYNC": [
+ {
+ "name": "ranger_usersync_process",
+ "label": "Ranger Usersync Process",
+ "description": "This host-level alert is triggered if the Ranger Usersync cannot be determined to be up.",
+ "interval": 1,
+ "scope": "HOST",
+ "source": {
+ "type": "PORT",
+ "uri": "{{ranger-ugsync-site/ranger.usersync.port}}",
+ "default_port": 5151,
+ "reporting": {
+ "ok": {
+ "text": "TCP OK - {0:.3f}s response on port {1}"
+ },
+ "warning": {
+ "text": "TCP OK - {0:.3f}s response on port {1}",
+ "value": 1.5
+ },
+ "critical": {
+ "text": "Connection failed: {0} to {1}:{2}",
+ "value": 5.0
+ }
+ }
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml
new file mode 100644
index 0000000..fbbfac7
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_xa_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_xa_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>admin-log4j template</display-name>
+ <description>admin-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+log4j.rootLogger = warn,xa_log_appender
+
+
+# xa_logger
+log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.xa_log_appender.file=${logdir}/xa_portal.log
+log4j.appender.xa_log_appender.datePattern='.'yyyy-MM-dd
+log4j.appender.xa_log_appender.append=true
+log4j.appender.xa_log_appender.layout=org.apache.log4j.PatternLayout
+log4j.appender.xa_log_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n
+log4j.appender.xa_log_appender.MaxFileSize={{ranger_xa_log_maxfilesize}}MB
+log4j.appender.xa_log_appender.MaxBackupIndex={{ranger_xa_log_maxbackupindex}}
+
+# xa_log_appender : category and additivity
+log4j.category.org.springframework=warn,xa_log_appender
+log4j.additivity.org.springframework=false
+
+log4j.category.org.apache.ranger=info,xa_log_appender
+log4j.additivity.org.apache.ranger=false
+
+log4j.category.xa=info,xa_log_appender
+log4j.additivity.xa=false
+
+# perf_logger
+log4j.appender.perf_appender=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.perf_appender.file=${logdir}/ranger_admin_perf.log
+log4j.appender.perf_appender.datePattern='.'yyyy-MM-dd
+log4j.appender.perf_appender.append=true
+log4j.appender.perf_appender.layout=org.apache.log4j.PatternLayout
+log4j.appender.perf_appender.layout.ConversionPattern=%d [%t] %m%n
+
+
+# sql_appender
+log4j.appender.sql_appender=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.sql_appender.file=${logdir}/xa_portal_sql.log
+log4j.appender.sql_appender.datePattern='.'yyyy-MM-dd
+log4j.appender.sql_appender.append=true
+log4j.appender.sql_appender.layout=org.apache.log4j.PatternLayout
+log4j.appender.sql_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n
+
+# sql_appender : category and additivity
+log4j.category.org.hibernate.SQL=warn,sql_appender
+log4j.additivity.org.hibernate.SQL=false
+
+log4j.category.jdbc.sqlonly=fatal,sql_appender
+log4j.additivity.jdbc.sqlonly=false
+
+log4j.category.jdbc.sqltiming=warn,sql_appender
+log4j.additivity.jdbc.sqltiming=false
+
+log4j.category.jdbc.audit=fatal,sql_appender
+log4j.additivity.jdbc.audit=false
+
+log4j.category.jdbc.resultset=fatal,sql_appender
+log4j.additivity.jdbc.resultset=false
+
+log4j.category.jdbc.connection=fatal,sql_appender
+log4j.additivity.jdbc.connection=false
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml
new file mode 100644
index 0000000..1d73087
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false">
+
+
+ <property>
+ <name>SQL_CONNECTOR_JAR</name>
+ <value>{{driver_curl_target}}</value>
+ <display-name>Location of Sql Connector Jar</display-name>
+ <description>Location of DB client library (please check the location of the jar file)</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false" update="false"/>
+ </property>
+ <property>
+ <name>db_root_user</name>
+ <value>root</value>
+ <display-name>Database Administrator (DBA) username</display-name>
+ <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property require-input="true">
+ <name>db_root_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Database Administrator (DBA) password</display-name>
+ <description>Database password for the database admin username</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_host</name>
+ <value/>
+ <display-name>Ranger DB host</display-name>
+ <description>Database host</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_name</name>
+ <value>ranger</value>
+ <display-name>Ranger DB name</display-name>
+ <description>Database name</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_user</name>
+ <value>rangeradmin</value>
+ <display-name>Ranger DB username</display-name>
+ <description>Database username used for the Ranger schema</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property require-input="true">
+ <name>db_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Ranger DB password</display-name>
+ <description>Database password for the Ranger schema</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>DB_FLAVOR</name>
+ <value>MYSQL</value>
+ <display-name>DB FLAVOR</display-name>
+ <description>The database type to be used (mysql/oracle)</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>MYSQL</value>
+ <label>MYSQL</label>
+ </entry>
+ <entry>
+ <value>ORACLE</value>
+ <label>ORACLE</label>
+ </entry>
+ <entry>
+ <value>POSTGRES</value>
+ <label>POSTGRES</label>
+ </entry>
+ <entry>
+ <value>MSSQL</value>
+ <label>MSSQL</label>
+ </entry>
+ <entry>
+ <value>SQLA</value>
+ <label>SQL Anywhere</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>policymgr_external_url</name>
+ <value/>
+ <display-name>External URL</display-name>
+ <description>Policy Manager external url eg: http://RANGER_HOST:6080</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.service.http.enabled</name>
+ </property>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.service.http.port</name>
+ </property>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.service.https.port</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml
new file mode 100644
index 0000000..d43c010
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <description>password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>java truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml
new file mode 100644
index 0000000..a9153f8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml
@@ -0,0 +1,785 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.service.host</name>
+ <value>{{ranger_host}}</value>
+ <description>Host where ranger service to be installed</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.enabled</name>
+ <value>true</value>
+ <display-name>HTTP enabled</display-name>
+ <description>Enable HTTP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.port</name>
+ <value>6080</value>
+ <description>HTTP port</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>6182</value>
+ <description>HTTPS port (if SSL is enabled)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ <value>false</value>
+ <description>true/false, set to true if using SSL</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.clientAuth</name>
+ <value>want</value>
+ <description>Needs to be set to want for two way SSL</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.keyalias</name>
+ <value>rangeradmin</value>
+ <description>Alias for Ranger Admin key in keystore</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.pass</name>
+ <value>xasecure</value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.https.attrib.keystore.file</name>
+ <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
+ <description>Ranger admin keystore (specify full path)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.externalurl</name>
+ <value>{{ranger_external_url}}</value>
+ <display-name>External URL</display-name>
+ <description>URL to be used by clients to access ranger admin</description>
+ <value-attributes>
+ <visible>false</visible>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.driver</name>
+ <value>com.mysql.jdbc.Driver</value>
+ <display-name>Driver class name for a JDBC Ranger database</display-name>
+ <description>JDBC driver class name. Example: For MySQL / MariaDB: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.url</name>
+ <value>jdbc:mysql://localhost</value>
+ <display-name>JDBC connect string for a Ranger database</display-name>
+ <description>JDBC connect string</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_host</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_name</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.user</name>
+ <value>{{ranger_db_user}}</value>
+ <description>JDBC user</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <description>JDBC password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.credential.alias</name>
+ <value>rangeradmin</value>
+ <description>Alias name for storing JDBC password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.credential.provider.path</name>
+ <value>/etc/ranger/admin/rangeradmin.jceks</value>
+ <description>File for credential store, provide full file path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.source.type</name>
+ <value>solr</value>
+ <description>db or solr, based on the audit destination used</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.urls</name>
+ <value/>
+ <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.authentication.method</name>
+ <value>UNIX</value>
+ <display-name>Authentication method</display-name>
+ <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.source.impl.class</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.url</name>
+ <display-name>​LDAP URL</display-name>
+ <value>{{ranger_ug_ldap_url}}</value>
+ <description>LDAP Server URL, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.dnpattern</name>
+ <value>uid={0},ou=users,dc=xasecure,dc=net</value>
+ <description>LDAP user DN, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchbase</name>
+ <display-name>Group Search Base</display-name>
+ <value>{{ranger_ug_ldap_group_searchbase}}</value>
+ <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchfilter</name>
+ <display-name>Group Search Filter</display-name>
+ <value>{{ranger_ug_ldap_group_searchfilter}}</value>
+ <description>LDAP group search filter, only used if Authentication method is LDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.ldap.group.roleattribute</name>
+ <value>cn</value>
+ <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.dn</name>
+ <display-name>Bind User</display-name>
+ <value>{{ranger_ug_ldap_bind_dn}}</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.password</name>
+ <display-name>​Bind User Password</display-name>
+ <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.domain</name>
+ <display-name>Domain Name (Only for AD)</display-name>
+ <value/>
+ <description>AD domain, only used if Authentication method is AD</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.url</name>
+ <value>{{ranger_ug_ldap_url}}</value>
+ <description>AD URL, only used if Authentication method is AD</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.dn</name>
+ <value>{{ranger_ug_ldap_bind_dn}}</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.password</name>
+ <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+
+
+
+
+ <property>
+ <name>ranger.unixauth.remote.login.enabled</name>
+ <value>true</value>
+ <display-name>Allow remote Login</display-name>
+ <description>Remote login enabled? - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.hostname</name>
+ <value>{{ugsync_host}}</value>
+ <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.port</name>
+ <value>5151</value>
+ <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <type>int</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.dialect</name>
+ <value>{{jdbc_dialect}}</value>
+ <description>JDBC dialect used for policy DB</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+
+ <property>
+ <name>ranger.audit.solr.username</name>
+ <value>ranger_solr</value>
+ <description>Solr username</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.password</name>
+ <value>NONE</value>
+ <property-type>PASSWORD</property-type>
+ <description>Solr password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.providerurl</name>
+ <value/>
+ <display-name>SSO provider url</display-name>
+ <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>gateway-site</type>
+ <name>gateway.port</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.publicKey</name>
+ <value/>
+ <display-name>SSO public key</display-name>
+ <description>Public key for SSO cookie verification</description>
+ <value-attributes>
+ <type>multiLine</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.sso.enabled</name>
+ <value>false</value>
+ <display-name>Enable Ranger SSO</display-name>
+ <description/>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.sso.browser.useragent</name>
+ <value>Mozilla,chrome</value>
+ <display-name>SSO browser useragent</display-name>
+ <description>Comma seperated browser agent</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.binddn.credential.alias</name>
+ <value>ranger.ldap.bind.password</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.binddn.credential.alias</name>
+ <value>ranger.ldap.ad.bind.password</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+
+
+
+
+
+
+
+
+
+
+ <property>
+ <name>ranger.admin.kerberos.token.valid.seconds</name>
+ <value>30</value>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.domain</name>
+ <value>{{ranger_host}}</value>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.path</name>
+ <value>/</value>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.principal</name>
+ <value>*</value>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.file</name>
+ <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
+ <display-name>ranger.truststore.file</display-name>
+ <description>Ranger trust-store file-path</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <display-name>ranger.truststore.password</display-name>
+ <description>Ranger trust-store password</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.zookeepers</name>
+ <value>NONE</value>
+ <description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>infra-solr-env</type>
+ <name>infra_solr_znode</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>is_solrCloud_enabled</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>is_external_solrCloud_enabled</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+
+
+ <property>
+ <name>ranger.ldap.ad.user.searchfilter</name>
+ <value>(sAMAccountName={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.searchfilter</name>
+ <display-name>User Search Filter</display-name>
+ <value>(uid={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hdfs</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hive</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.hdfs.serviceuser</name>
+ <value>hdfs</value>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.hive.serviceuser</name>
+ <value>hive</value>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.hbase.serviceuser</name>
+ <value>hbase</value>
+ <depends-on>
+ <property>
+ <type>hbase-env</type>
+ <name>hbase_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.yarn.serviceuser</name>
+ <value>yarn</value>
+ <depends-on>
+ <property>
+ <type>yarn-env</type>
+ <name>yarn_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.knox.serviceuser</name>
+ <value>knox</value>
+ <depends-on>
+ <property>
+ <type>knox-env</type>
+ <name>knox_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.storm.serviceuser</name>
+ <value>storm</value>
+ <depends-on>
+ <property>
+ <type>storm-env</type>
+ <name>storm_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.kafka.serviceuser</name>
+ <value>kafka</value>
+ <depends-on>
+ <property>
+ <type>kafka-env</type>
+ <name>kafka_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.atlas.serviceuser</name>
+ <value>atlas</value>
+ <depends-on>
+ <property>
+ <type>atlas-env</type>
+ <name>metadata_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.plugins.kms.serviceuser</name>
+ <value>kms</value>
+ <depends-on>
+ <property>
+ <type>kms-env</type>
+ <name>kms_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>ranger.is.solr.kerberised</name>
+ <value>{{ranger_is_solr_kerberised}}</value>
+ <value-attributes>
+ <visible>false</visible>
+ </value-attributes>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+
+
+ <property>
+ <name>ranger.truststore.alias</name>
+ <value>trustStoreAlias</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.credential.alias</name>
+ <value>keyStoreCredentialAlias</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml
new file mode 100644
index 0000000..3e25470
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml
@@ -0,0 +1,513 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true" supports_adding_forbidden="true">
+ <property>
+ <name>ranger_user</name>
+ <value>ranger</value>
+ <property-type>USER</property-type>
+ <display-name>Ranger User</display-name>
+ <description>Ranger username</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_group</name>
+ <value>ranger</value>
+ <property-type>GROUP</property-type>
+ <display-name>Ranger Group</display-name>
+ <description>Ranger group</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_log_dir</name>
+ <value>/var/log/ranger/admin</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_usersync_log_dir</name>
+ <value>/var/log/ranger/usersync</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_username</name>
+ <value>amb_ranger_admin</value>
+ <property-type>TEXT</property-type>
+ <display-name>Ranger Admin username for Ambari</display-name>
+ <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Ranger Admin user's password for Ambari</display-name>
+ <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>admin_username</name>
+ <value>admin</value>
+ <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>admin_password</name>
+ <value>admin</value>
+ <property-type>PASSWORD</property-type>
+ <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+
+ <property>
+ <name>ranger_pid_dir</name>
+ <value>/var/run/ranger</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hdfs-plugin-enabled</name>
+ <value>No</value>
+ <display-name>HDFS Ranger Plugin</display-name>
+ <description>Enable HDFS Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hive-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Hive Ranger Plugin</display-name>
+ <description>Enable Hive Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hbase-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Hbase Ranger Plugin</display-name>
+ <description>Enable HBase Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-storm-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Storm Ranger Plugin</display-name>
+ <description>Enable Storm Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-knox-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Knox Ranger Plugin</display-name>
+ <description>Enable Knox Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+
+ <property>
+ <name>xml_configurations_supported</name>
+ <value>true</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>create_db_dbuser</name>
+ <value>true</value>
+ <display-name>Setup Database and Database User</display-name>
+ <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger_privelege_user_jdbc_url</name>
+ <display-name>JDBC connect string for root user</display-name>
+ <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description>
+ <value>jdbc:mysql://localhost</value>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_host</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-yarn-plugin-enabled</name>
+ <value>No</value>
+ <display-name>YARN Ranger Plugin</display-name>
+ <description>Enable YARN Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-kafka-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Kafka Ranger Plugin</display-name>
+ <description>Enable Kafka Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr</name>
+ <value>true</value>
+ <display-name>Audit to Solr</display-name>
+ <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_solrCloud_enabled</name>
+ <display-name>SolrCloud</display-name>
+ <description>SolrCloud uses zookeeper for distributed search and indexing</description>
+ <value>false</value>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>true</value>
+ <display-name>Audit to HDFS</display-name>
+ <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://localhost:8020</value>
+ <display-name>Destination HDFS Directory</display-name>
+ <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_config_set</name>
+ <value>ranger_audits</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_collection_name</name>
+ <value>ranger_audits</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_shards</name>
+ <value>1</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_replication_factor</name>
+ <value>1</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-atlas-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Atlas Ranger Plugin</display-name>
+ <description>Enable Atlas Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>is_external_solrCloud_enabled</name>
+ <display-name>External SolrCloud</display-name>
+ <value>false</value>
+ <description>Using Externally managed solr cloud ?</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>is_external_solrCloud_kerberos</name>
+ <display-name>External SolrCloud kerberos</display-name>
+ <value>false</value>
+ <description>Is Externally managed solr cloud kerberos ?</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger-nifi-plugin-enabled</name>
+ <value>No</value>
+ <display-name>NIFI Ranger Plugin</display-name>
+ <description>Enable NIFI Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml
new file mode 100644
index 0000000..c70e222
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false">
+
+
+
+
+
+
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml
new file mode 100644
index 0000000..550ce0d
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger_audit_max_retention_days</name>
+ <display-name>Max Retention Days</display-name>
+ <description>Days to retain audit logs in Solr</description>
+ <value>90</value>
+ <value-attributes>
+ <type>int</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_audit_logs_merge_factor</name>
+ <display-name>Merge Factor</display-name>
+ <description>
+ The mergeFactor value tells Lucene how many segments of equal size to build before merging them into a
+ single segment. High value merge factor (e.g. 25) improves indexing speed, but slows down searching. Low value
+ (e.g. 5) improves searching, but slows down indexing.
+ </description>
+ <value>5</value>
+ <value-attributes>
+ <type>int</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>solr-config template</display-name>
+ <description>the jinja template for solrconfig.xml file used for ranger audit logs</description>
+ <value/>
+ <property-type>VALUE_FROM_PROPERTY_FILE</property-type>
+ <value-attributes>
+ <property-file-name>ranger-solrconfig.xml.j2</property-file-name>
+ <property-file-type>xml</property-file-type>
+ </value-attributes>
+ <on-ambari-upgrade add="false" />
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
new file mode 100644
index 0000000..a4c9441
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <description>password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>java truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml
new file mode 100644
index 0000000..5e60c06
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.tagsync.logdir</name>
+ <value>/var/log/ranger/tagsync</value>
+ <description>Ranger Log dir</description>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.endpoint</name>
+ <value>{{ranger_external_url}}</value>
+ <description>Ranger TagAdmin REST URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlas</name>
+ <display-name>Enable Atlas Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.bind.address</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest</name>
+ <display-name>Enable AtlasRest Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.file</name>
+ <display-name>Enable File Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.file.check.interval.millis</name>
+ <display-name>File Source: File update polling interval</display-name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.download.interval.millis</name>
+ <display-name>AtlasREST Source: Atlas source download interval</display-name>
+ <value>60000</value>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.source.file.filename</name>
+ <display-name>File Source: Filename</display-name>
+ <value/>
+ <description>File Source Filename</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.source.atlasrest.endpoint</name>
+ <display-name>AtlasREST Source: Atlas endpoint</display-name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.http.port</name>
+ </property>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.https.port</name>
+ </property>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.enableTLS</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>ranger.tagsync.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.username</name>
+ <value>rangertagsync</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.source.atlasrest.username</name>
+ <value>admin</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.atlas.default.cluster.name</name>
+ <value>{{cluster_name}}</value>
+ <description>Capture cluster name</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.keystore.filename</name>
+ <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value>
+ <description>Keystore file</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.keystore.filename</name>
+ <value>/usr/hdp/current/ranger-tagsync/conf/atlasuser.jceks</value>
+ <description>Tagsync atlasrest keystore file</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
+ <value>{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml</value>
+ <description>Keystore and truststore information used for tagsync, required if tagsync -> ranger admin communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
+ <value>{{stack_root}}/current/ranger-tagsync/conf/atlas-tagsync-ssl.xml</value>
+ <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
[3/6] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Posted by vb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2
new file mode 100644
index 0000000..25dbb7a
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2
@@ -0,0 +1,1874 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!--
+ For more details about configurations options that may appear in
+ this file, see http://wiki.apache.org/solr/SolrConfigXml.
+-->
+<config>
+ <!-- In all configuration below, a prefix of "solr." for class names
+ is an alias that causes solr to search appropriate packages,
+ including org.apache.solr.(search|update|request|core|analysis)
+
+ You may also specify a fully qualified Java classname if you
+ have your own custom plugins.
+ -->
+
+ <!-- Controls what version of Lucene various components of Solr
+ adhere to. Generally, you want to use the latest version to
+ get all bug fixes and improvements. It is highly recommended
+ that you fully re-index after changing this setting as it can
+ affect both how text is indexed and queried.
+ -->
+ <luceneMatchVersion>5.2.0</luceneMatchVersion>
+
+ <!-- <lib/> directives can be used to instruct Solr to load any Jars
+ identified and use them to resolve any "plugins" specified in
+ your solrconfig.xml or schema.xml (ie: Analyzers, Request
+ Handlers, etc...).
+
+ All directories and paths are resolved relative to the
+ instanceDir.
+
+ Please note that <lib/> directives are processed in the order
+ that they appear in your solrconfig.xml file, and are "stacked"
+ on top of each other when building a ClassLoader - so if you have
+ plugin jars with dependencies on other jars, the "lower level"
+ dependency jars should be loaded first.
+
+ If a "./lib" directory exists in your instanceDir, all files
+ found in it are included as if you had used the following
+ syntax...
+
+ <lib dir="./lib" />
+ -->
+
+ <!-- A 'dir' option by itself adds any files found in the directory
+ to the classpath, this is useful for including all jars in a
+ directory.
+
+ When a 'regex' is specified in addition to a 'dir', only the
+ files in that directory which completely match the regex
+ (anchored on both ends) will be included.
+
+ If a 'dir' option (with or without a regex) is used and nothing
+ is found that matches, a warning will be logged.
+
+ The examples below can be used to load some solr-contribs along
+ with their external dependencies.
+ -->
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-dataimporthandler-.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/extraction/lib" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-cell-\d.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/clustering/lib/" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-clustering-\d.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/langid/lib/" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-langid-\d.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/velocity/lib" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-velocity-\d.*\.jar" />
+
+ <!-- an exact 'path' can be used instead of a 'dir' to specify a
+ specific jar file. This will cause a serious error to be logged
+ if it can't be loaded.
+ -->
+ <!--
+ <lib path="../a-jar-that-does-not-exist.jar" />
+ -->
+
+ <!-- Data Directory
+
+ Used to specify an alternate directory to hold all index data
+ other than the default ./data under the Solr home. If
+ replication is in use, this should match the replication
+ configuration.
+ -->
+ <dataDir>${solr.data.dir:}</dataDir>
+
+
+ <!-- The DirectoryFactory to use for indexes.
+
+ solr.StandardDirectoryFactory is filesystem
+ based and tries to pick the best implementation for the current
+ JVM and platform. solr.NRTCachingDirectoryFactory, the default,
+ wraps solr.StandardDirectoryFactory and caches small files in memory
+ for better NRT performance.
+
+ One can force a particular implementation via solr.MMapDirectoryFactory,
+ solr.NIOFSDirectoryFactory, or solr.SimpleFSDirectoryFactory.
+
+ solr.RAMDirectoryFactory is memory based, not
+ persistent, and doesn't work with replication.
+ -->
+ <directoryFactory name="DirectoryFactory"
+ class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}">
+
+
+ <!-- These will be used if you are using the solr.HdfsDirectoryFactory,
+ otherwise they will be ignored. If you don't plan on using hdfs,
+ you can safely remove this section. -->
+ <!-- The root directory that collection data should be written to. -->
+ <str name="solr.hdfs.home">${solr.hdfs.home:}</str>
+ <!-- The hadoop configuration files to use for the hdfs client. -->
+ <str name="solr.hdfs.confdir">${solr.hdfs.confdir:}</str>
+ <!-- Enable/Disable the hdfs cache. -->
+ <str name="solr.hdfs.blockcache.enabled">${solr.hdfs.blockcache.enabled:true}</str>
+ <!-- Enable/Disable using one global cache for all SolrCores.
+ The settings used will be from the first HdfsDirectoryFactory created. -->
+ <str name="solr.hdfs.blockcache.global">${solr.hdfs.blockcache.global:true}</str>
+
+ </directoryFactory>
+
+ <!-- The CodecFactory for defining the format of the inverted index.
+ The default implementation is SchemaCodecFactory, which is the official Lucene
+ index format, but hooks into the schema to provide per-field customization of
+ the postings lists and per-document values in the fieldType element
+ (postingsFormat/docValuesFormat). Note that most of the alternative implementations
+ are experimental, so if you choose to customize the index format, it's a good
+ idea to convert back to the official format e.g. via IndexWriter.addIndexes(IndexReader)
+ before upgrading to a newer version to avoid unnecessary reindexing.
+ -->
+ <codecFactory class="solr.SchemaCodecFactory"/>
+
+ <!-- To enable dynamic schema REST APIs, use the following for <schemaFactory>: -->
+
+ <schemaFactory class="ManagedIndexSchemaFactory">
+ <bool name="mutable">true</bool>
+ <str name="managedSchemaResourceName">managed-schema</str>
+ </schemaFactory>
+<!--
+ When ManagedIndexSchemaFactory is specified, Solr will load the schema from
+ the resource named in 'managedSchemaResourceName', rather than from schema.xml.
+ Note that the managed schema resource CANNOT be named schema.xml. If the managed
+ schema does not exist, Solr will create it after reading schema.xml, then rename
+ 'schema.xml' to 'schema.xml.bak'.
+
+ Do NOT hand edit the managed schema - external modifications will be ignored and
+ overwritten as a result of schema modification REST API calls.
+
+ When ManagedIndexSchemaFactory is specified with mutable = true, schema
+ modification REST API calls will be allowed; otherwise, error responses will be
+ sent back for these requests.
+
+ <schemaFactory class="ClassicIndexSchemaFactory"/>
+ -->
+
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Index Config - These settings control low-level behavior of indexing
+ Most example settings here show the default value, but are commented
+ out, to more easily see where customizations have been made.
+
+ Note: This replaces <indexDefaults> and <mainIndex> from older versions
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <indexConfig>
+ <!-- maxFieldLength was removed in 4.0. To get similar behavior, include a
+ LimitTokenCountFilterFactory in your fieldType definition. E.g.
+ <filter class="solr.LimitTokenCountFilterFactory" maxTokenCount="10000"/>
+ -->
+ <!-- Maximum time to wait for a write lock (ms) for an IndexWriter. Default: 1000 -->
+ <!-- <writeLockTimeout>1000</writeLockTimeout> -->
+
+ <!-- The maximum number of simultaneous threads that may be
+ indexing documents at once in IndexWriter; if more than this
+ many threads arrive they will wait for others to finish.
+ Default in Solr/Lucene is 8. -->
+ <!-- <maxIndexingThreads>8</maxIndexingThreads> -->
+
+ <!-- Expert: Enabling compound file will use less files for the index,
+ using fewer file descriptors on the expense of performance decrease.
+ Default in Lucene is "true". Default in Solr is "false" (since 3.6) -->
+ <!-- <useCompoundFile>false</useCompoundFile> -->
+
+ <!-- ramBufferSizeMB sets the amount of RAM that may be used by Lucene
+ indexing for buffering added documents and deletions before they are
+ flushed to the Directory.
+ maxBufferedDocs sets a limit on the number of documents buffered
+ before flushing.
+ If both ramBufferSizeMB and maxBufferedDocs is set, then
+ Lucene will flush based on whichever limit is hit first.
+ The default is 100 MB. -->
+ <!-- <ramBufferSizeMB>100</ramBufferSizeMB> -->
+ <!-- <maxBufferedDocs>1000</maxBufferedDocs> -->
+
+ <!-- Expert: Merge Policy
+ The Merge Policy in Lucene controls how merging of segments is done.
+ The default since Solr/Lucene 3.3 is TieredMergePolicy.
+ The default since Lucene 2.3 was the LogByteSizeMergePolicy,
+ Even older versions of Lucene used LogDocMergePolicy.
+ -->
+ <!--
+ <mergePolicy class="org.apache.lucene.index.TieredMergePolicy">
+ <int name="maxMergeAtOnce">10</int>
+ <int name="segmentsPerTier">10</int>
+ </mergePolicy>
+ -->
+
+ <!-- Merge Factor
+ The merge factor controls how many segments will get merged at a time.
+ For TieredMergePolicy, mergeFactor is a convenience parameter which
+ will set both MaxMergeAtOnce and SegmentsPerTier at once.
+ For LogByteSizeMergePolicy, mergeFactor decides how many new segments
+ will be allowed before they are merged into one.
+ Default is 10 for both merge policies.
+ -->
+ <!--
+ <mergeFactor>10</mergeFactor>
+ -->
+
+ <!-- Ranger customization. Set to 5 to trigger purging of deleted documents more often -->
+ <mergeFactor>{{ranger_audit_logs_merge_factor}}</mergeFactor>
+
+ <!-- Expert: Merge Scheduler
+ The Merge Scheduler in Lucene controls how merges are
+ performed. The ConcurrentMergeScheduler (Lucene 2.3 default)
+ can perform merges in the background using separate threads.
+ The SerialMergeScheduler (Lucene 2.2 default) does not.
+ -->
+ <!--
+ <mergeScheduler class="org.apache.lucene.index.ConcurrentMergeScheduler"/>
+ -->
+
+ <!-- LockFactory
+
+ This option specifies which Lucene LockFactory implementation
+ to use.
+
+ single = SingleInstanceLockFactory - suggested for a
+ read-only index or when there is no possibility of
+ another process trying to modify the index.
+ native = NativeFSLockFactory - uses OS native file locking.
+ Do not use when multiple solr webapps in the same
+ JVM are attempting to share a single index.
+ simple = SimpleFSLockFactory - uses a plain file for locking
+
+ Defaults: 'native' is default for Solr3.6 and later, otherwise
+ 'simple' is the default
+
+ More details on the nuances of each LockFactory...
+ http://wiki.apache.org/lucene-java/AvailableLockFactories
+ -->
+ <lockType>${solr.lock.type:native}</lockType>
+
+ <!-- Unlock On Startup
+
+ If true, unlock any held write or commit locks on startup.
+ This defeats the locking mechanism that allows multiple
+ processes to safely access a lucene index, and should be used
+ with care. Default is "false".
+
+ This is not needed if lock type is 'single'
+ -->
+ <!--
+ <unlockOnStartup>false</unlockOnStartup>
+ -->
+
+ <!-- Commit Deletion Policy
+ Custom deletion policies can be specified here. The class must
+ implement org.apache.lucene.index.IndexDeletionPolicy.
+
+ The default Solr IndexDeletionPolicy implementation supports
+ deleting index commit points on number of commits, age of
+ commit point and optimized status.
+
+ The latest commit point should always be preserved regardless
+ of the criteria.
+ -->
+ <!--
+ <deletionPolicy class="solr.SolrDeletionPolicy">
+ -->
+ <!-- The number of commit points to be kept -->
+ <!-- <str name="maxCommitsToKeep">1</str> -->
+ <!-- The number of optimized commit points to be kept -->
+ <!-- <str name="maxOptimizedCommitsToKeep">0</str> -->
+ <!--
+ Delete all commit points once they have reached the given age.
+ Supports DateMathParser syntax e.g.
+ -->
+ <!--
+ <str name="maxCommitAge">30MINUTES</str>
+ <str name="maxCommitAge">1DAY</str>
+ -->
+ <!--
+ </deletionPolicy>
+ -->
+
+ <!-- Lucene Infostream
+
+ To aid in advanced debugging, Lucene provides an "InfoStream"
+ of detailed information when indexing.
+
+ Setting the value to true will instruct the underlying Lucene
+ IndexWriter to write its info stream to solr's log. By default,
+ this is enabled here, and controlled through log4j.properties.
+ -->
+ <infoStream>true</infoStream>
+ </indexConfig>
+
+
+ <!-- JMX
+
+ This example enables JMX if and only if an existing MBeanServer
+ is found, use this if you want to configure JMX through JVM
+ parameters. Remove this to disable exposing Solr configuration
+ and statistics to JMX.
+
+ For more details see http://wiki.apache.org/solr/SolrJmx
+ -->
+ <jmx />
+ <!-- If you want to connect to a particular server, specify the
+ agentId
+ -->
+ <!-- <jmx agentId="myAgent" /> -->
+ <!-- If you want to start a new MBeanServer, specify the serviceUrl -->
+ <!-- <jmx serviceUrl="service:jmx:rmi:///jndi/rmi://localhost:9999/solr"/>
+ -->
+
+ <!-- The default high-performance update handler -->
+ <updateHandler class="solr.DirectUpdateHandler2">
+
+ <!-- Enables a transaction log, used for real-time get, durability, and
+ and solr cloud replica recovery. The log can grow as big as
+ uncommitted changes to the index, so use of a hard autoCommit
+ is recommended (see below).
+ "dir" - the target directory for transaction logs, defaults to the
+ solr data directory. -->
+ <updateLog>
+ <str name="dir">${solr.ulog.dir:}</str>
+ </updateLog>
+
+ <!-- AutoCommit
+
+ Perform a hard commit automatically under certain conditions.
+ Instead of enabling autoCommit, consider using "commitWithin"
+ when adding documents.
+
+ http://wiki.apache.org/solr/UpdateXmlMessages
+
+ maxDocs - Maximum number of documents to add since the last
+ commit before automatically triggering a new commit.
+
+ maxTime - Maximum amount of time in ms that is allowed to pass
+ since a document was added before automatically
+ triggering a new commit.
+ openSearcher - if false, the commit causes recent index changes
+ to be flushed to stable storage, but does not cause a new
+ searcher to be opened to make those changes visible.
+
+ If the updateLog is enabled, then it's highly recommended to
+ have some sort of hard autoCommit to limit the log size.
+ -->
+ <autoCommit>
+ <maxTime>${solr.autoCommit.maxTime:15000}</maxTime>
+ <openSearcher>false</openSearcher>
+ </autoCommit>
+
+ <!-- softAutoCommit is like autoCommit except it causes a
+ 'soft' commit which only ensures that changes are visible
+ but does not ensure that data is synced to disk. This is
+ faster and more near-realtime friendly than a hard commit.
+ -->
+
+ <autoSoftCommit>
+ <maxTime>${solr.autoSoftCommit.maxTime:5000}</maxTime>
+ </autoSoftCommit>
+
+ <!-- Update Related Event Listeners
+
+ Various IndexWriter related events can trigger Listeners to
+ take actions.
+
+ postCommit - fired after every commit or optimize command
+ postOptimize - fired after every optimize command
+ -->
+ <!-- The RunExecutableListener executes an external command from a
+ hook such as postCommit or postOptimize.
+
+ exe - the name of the executable to run
+ dir - dir to use as the current working directory. (default=".")
+ wait - the calling thread waits until the executable returns.
+ (default="true")
+ args - the arguments to pass to the program. (default is none)
+ env - environment variables to set. (default is none)
+ -->
+ <!-- This example shows how RunExecutableListener could be used
+ with the script based replication...
+ http://wiki.apache.org/solr/CollectionDistribution
+ -->
+ <!--
+ <listener event="postCommit" class="solr.RunExecutableListener">
+ <str name="exe">solr/bin/snapshooter</str>
+ <str name="dir">.</str>
+ <bool name="wait">true</bool>
+ <arr name="args"> <str>arg1</str> <str>arg2</str> </arr>
+ <arr name="env"> <str>MYVAR=val1</str> </arr>
+ </listener>
+ -->
+
+ </updateHandler>
+
+ <!-- IndexReaderFactory
+
+ Use the following format to specify a custom IndexReaderFactory,
+ which allows for alternate IndexReader implementations.
+
+ ** Experimental Feature **
+
+ Please note - Using a custom IndexReaderFactory may prevent
+ certain other features from working. The API to
+ IndexReaderFactory may change without warning or may even be
+ removed from future releases if the problems cannot be
+ resolved.
+
+
+ ** Features that may not work with custom IndexReaderFactory **
+
+ The ReplicationHandler assumes a disk-resident index. Using a
+ custom IndexReader implementation may cause incompatibility
+ with ReplicationHandler and may cause replication to not work
+ correctly. See SOLR-1366 for details.
+
+ -->
+ <!--
+ <indexReaderFactory name="IndexReaderFactory" class="package.class">
+ <str name="someArg">Some Value</str>
+ </indexReaderFactory >
+ -->
+
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Query section - these settings control query time things like caches
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <query>
+ <!-- Max Boolean Clauses
+
+ Maximum number of clauses in each BooleanQuery, an exception
+ is thrown if exceeded.
+
+ ** WARNING **
+
+ This option actually modifies a global Lucene property that
+ will affect all SolrCores. If multiple solrconfig.xml files
+ disagree on this property, the value at any given moment will
+ be based on the last SolrCore to be initialized.
+
+ -->
+ <maxBooleanClauses>1024</maxBooleanClauses>
+
+
+ <!-- Solr Internal Query Caches
+
+ There are two implementations of cache available for Solr,
+ LRUCache, based on a synchronized LinkedHashMap, and
+ FastLRUCache, based on a ConcurrentHashMap.
+
+ FastLRUCache has faster gets and slower puts in single
+ threaded operation and thus is generally faster than LRUCache
+ when the hit ratio of the cache is high (> 75%), and may be
+ faster under other scenarios on multi-cpu systems.
+ -->
+
+ <!-- Filter Cache
+
+ Cache used by SolrIndexSearcher for filters (DocSets),
+ unordered sets of *all* documents that match a query. When a
+ new searcher is opened, its caches may be prepopulated or
+ "autowarmed" using data from caches in the old searcher.
+ autowarmCount is the number of items to prepopulate. For
+ LRUCache, the autowarmed items will be the most recently
+ accessed items.
+
+ Parameters:
+ class - the SolrCache implementation LRUCache or
+ (LRUCache or FastLRUCache)
+ size - the maximum number of entries in the cache
+ initialSize - the initial capacity (number of entries) of
+ the cache. (see java.util.HashMap)
+ autowarmCount - the number of entries to prepopulate from
+ and old cache.
+ -->
+ <filterCache class="solr.FastLRUCache"
+ size="512"
+ initialSize="512"
+ autowarmCount="0"/>
+
+ <!-- Query Result Cache
+
+ Caches results of searches - ordered lists of document ids
+ (DocList) based on a query, a sort, and the range of documents requested.
+ -->
+ <queryResultCache class="solr.LRUCache"
+ size="512"
+ initialSize="512"
+ autowarmCount="0"/>
+
+ <!-- Document Cache
+
+ Caches Lucene Document objects (the stored fields for each
+ document). Since Lucene internal document ids are transient,
+ this cache will not be autowarmed.
+ -->
+ <documentCache class="solr.LRUCache"
+ size="512"
+ initialSize="512"
+ autowarmCount="0"/>
+
+ <!-- custom cache currently used by block join -->
+ <cache name="perSegFilter"
+ class="solr.search.LRUCache"
+ size="10"
+ initialSize="0"
+ autowarmCount="10"
+ regenerator="solr.NoOpRegenerator" />
+
+ <!-- Field Value Cache
+
+ Cache used to hold field values that are quickly accessible
+ by document id. The fieldValueCache is created by default
+ even if not configured here.
+ -->
+ <!--
+ <fieldValueCache class="solr.FastLRUCache"
+ size="512"
+ autowarmCount="128"
+ showItems="32" />
+ -->
+
+ <!-- Custom Cache
+
+ Example of a generic cache. These caches may be accessed by
+ name through SolrIndexSearcher.getCache(),cacheLookup(), and
+ cacheInsert(). The purpose is to enable easy caching of
+ user/application level data. The regenerator argument should
+ be specified as an implementation of solr.CacheRegenerator
+ if autowarming is desired.
+ -->
+ <!--
+ <cache name="myUserCache"
+ class="solr.LRUCache"
+ size="4096"
+ initialSize="1024"
+ autowarmCount="1024"
+ regenerator="com.mycompany.MyRegenerator"
+ />
+ -->
+
+
+ <!-- Lazy Field Loading
+
+ If true, stored fields that are not requested will be loaded
+ lazily. This can result in a significant speed improvement
+ if the usual case is to not load all stored fields,
+ especially if the skipped fields are large compressed text
+ fields.
+ -->
+ <enableLazyFieldLoading>true</enableLazyFieldLoading>
+
+ <!-- Use Filter For Sorted Query
+
+ A possible optimization that attempts to use a filter to
+ satisfy a search. If the requested sort does not include
+ score, then the filterCache will be checked for a filter
+ matching the query. If found, the filter will be used as the
+ source of document ids, and then the sort will be applied to
+ that.
+
+ For most situations, this will not be useful unless you
+ frequently get the same search repeatedly with different sort
+ options, and none of them ever use "score"
+ -->
+ <!--
+ <useFilterForSortedQuery>true</useFilterForSortedQuery>
+ -->
+
+ <!-- Result Window Size
+
+ An optimization for use with the queryResultCache. When a search
+ is requested, a superset of the requested number of document ids
+ are collected. For example, if a search for a particular query
+ requests matching documents 10 through 19, and queryWindowSize is 50,
+ then documents 0 through 49 will be collected and cached. Any further
+ requests in that range can be satisfied via the cache.
+ -->
+ <queryResultWindowSize>20</queryResultWindowSize>
+
+ <!-- Maximum number of documents to cache for any entry in the
+ queryResultCache.
+ -->
+ <queryResultMaxDocsCached>200</queryResultMaxDocsCached>
+
+ <!-- Query Related Event Listeners
+
+ Various IndexSearcher related events can trigger Listeners to
+ take actions.
+
+ newSearcher - fired whenever a new searcher is being prepared
+ and there is a current searcher handling requests (aka
+ registered). It can be used to prime certain caches to
+ prevent long request times for certain requests.
+
+ firstSearcher - fired whenever a new searcher is being
+ prepared but there is no current registered searcher to handle
+ requests or to gain autowarming data from.
+
+
+ -->
+ <!-- QuerySenderListener takes an array of NamedList and executes a
+ local query request for each NamedList in sequence.
+ -->
+ <listener event="newSearcher" class="solr.QuerySenderListener">
+ <arr name="queries">
+ <!--
+ <lst><str name="q">solr</str><str name="sort">price asc</str></lst>
+ <lst><str name="q">rocks</str><str name="sort">weight asc</str></lst>
+ -->
+ </arr>
+ </listener>
+ <listener event="firstSearcher" class="solr.QuerySenderListener">
+ <arr name="queries">
+ <lst>
+ <str name="q">static firstSearcher warming in solrconfig.xml</str>
+ </lst>
+ </arr>
+ </listener>
+
+ <!-- Use Cold Searcher
+
+ If a search request comes in and there is no current
+ registered searcher, then immediately register the still
+ warming searcher and use it. If "false" then all requests
+ will block until the first searcher is done warming.
+ -->
+ <useColdSearcher>true</useColdSearcher>
+
+ <!-- Max Warming Searchers
+
+ Maximum number of searchers that may be warming in the
+ background concurrently. An error is returned if this limit
+ is exceeded.
+
+ Recommend values of 1-2 for read-only slaves, higher for
+ masters w/o cache warming.
+ -->
+ <maxWarmingSearchers>2</maxWarmingSearchers>
+
+ </query>
+
+
+ <!-- Request Dispatcher
+
+ This section contains instructions for how the SolrDispatchFilter
+ should behave when processing requests for this SolrCore.
+
+ handleSelect is a legacy option that affects the behavior of requests
+ such as /select?qt=XXX
+
+ handleSelect="true" will cause the SolrDispatchFilter to process
+ the request and dispatch the query to a handler specified by the
+ "qt" param, assuming "/select" isn't already registered.
+
+ handleSelect="false" will cause the SolrDispatchFilter to
+ ignore "/select" requests, resulting in a 404 unless a handler
+ is explicitly registered with the name "/select"
+
+ handleSelect="true" is not recommended for new users, but is the default
+ for backwards compatibility
+ -->
+ <requestDispatcher handleSelect="false" >
+ <!-- Request Parsing
+
+ These settings indicate how Solr Requests may be parsed, and
+ what restrictions may be placed on the ContentStreams from
+ those requests
+
+ enableRemoteStreaming - enables use of the stream.file
+ and stream.url parameters for specifying remote streams.
+
+ multipartUploadLimitInKB - specifies the max size (in KiB) of
+ Multipart File Uploads that Solr will allow in a Request.
+
+ formdataUploadLimitInKB - specifies the max size (in KiB) of
+ form data (application/x-www-form-urlencoded) sent via
+ POST. You can use POST to pass request parameters not
+ fitting into the URL.
+
+ addHttpRequestToContext - if set to true, it will instruct
+ the requestParsers to include the original HttpServletRequest
+ object in the context map of the SolrQueryRequest under the
+ key "httpRequest". It will not be used by any of the existing
+ Solr components, but may be useful when developing custom
+ plugins.
+
+ *** WARNING ***
+ The settings below authorize Solr to fetch remote files, You
+ should make sure your system has some authentication before
+ using enableRemoteStreaming="true"
+
+ -->
+ <requestParsers enableRemoteStreaming="true"
+ multipartUploadLimitInKB="2048000"
+ formdataUploadLimitInKB="2048"
+ addHttpRequestToContext="false"/>
+
+ <!-- HTTP Caching
+
+ Set HTTP caching related parameters (for proxy caches and clients).
+
+ The options below instruct Solr not to output any HTTP Caching
+ related headers
+ -->
+ <httpCaching never304="true" />
+ <!-- If you include a <cacheControl> directive, it will be used to
+ generate a Cache-Control header (as well as an Expires header
+ if the value contains "max-age=")
+
+ By default, no Cache-Control header is generated.
+
+ You can use the <cacheControl> option even if you have set
+ never304="true"
+ -->
+ <!--
+ <httpCaching never304="true" >
+ <cacheControl>max-age=30, public</cacheControl>
+ </httpCaching>
+ -->
+ <!-- To enable Solr to respond with automatically generated HTTP
+ Caching headers, and to response to Cache Validation requests
+ correctly, set the value of never304="false"
+
+ This will cause Solr to generate Last-Modified and ETag
+ headers based on the properties of the Index.
+
+ The following options can also be specified to affect the
+ values of these headers...
+
+ lastModFrom - the default value is "openTime" which means the
+ Last-Modified value (and validation against If-Modified-Since
+ requests) will all be relative to when the current Searcher
+ was opened. You can change it to lastModFrom="dirLastMod" if
+ you want the value to exactly correspond to when the physical
+ index was last modified.
+
+ etagSeed="..." is an option you can change to force the ETag
+ header (and validation against If-None-Match requests) to be
+ different even if the index has not changed (ie: when making
+ significant changes to your config file)
+
+ (lastModifiedFrom and etagSeed are both ignored if you use
+ the never304="true" option)
+ -->
+ <!--
+ <httpCaching lastModifiedFrom="openTime"
+ etagSeed="Solr">
+ <cacheControl>max-age=30, public</cacheControl>
+ </httpCaching>
+ -->
+ </requestDispatcher>
+
+ <!-- Request Handlers
+
+ http://wiki.apache.org/solr/SolrRequestHandler
+
+ Incoming queries will be dispatched to a specific handler by name
+ based on the path specified in the request.
+
+ Legacy behavior: If the request path uses "/select" but no Request
+ Handler has that name, and if handleSelect="true" has been specified in
+ the requestDispatcher, then the Request Handler is dispatched based on
+ the qt parameter. Handlers without a leading '/' are accessed this way
+ like so: http://host/app/[core/]select?qt=name If no qt is
+ given, then the requestHandler that declares default="true" will be
+ used or the one named "standard".
+
+ If a Request Handler is declared with startup="lazy", then it will
+ not be initialized until the first request that uses it.
+
+ -->
+
+ <requestHandler name="/dataimport" class="solr.DataImportHandler">
+ <lst name="defaults">
+ <str name="config">solr-data-config.xml</str>
+ </lst>
+ </requestHandler>
+
+ <!-- SearchHandler
+
+ http://wiki.apache.org/solr/SearchHandler
+
+ For processing Search Queries, the primary Request Handler
+ provided with Solr is "SearchHandler" It delegates to a sequent
+ of SearchComponents (see below) and supports distributed
+ queries across multiple shards
+ -->
+ <requestHandler name="/select" class="solr.SearchHandler">
+ <!-- default values for query parameters can be specified, these
+ will be overridden by parameters in the request
+ -->
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <int name="rows">10</int>
+ <str name="df">text</str>
+ </lst>
+ <!-- In addition to defaults, "appends" params can be specified
+ to identify values which should be appended to the list of
+ multi-val params from the query (or the existing "defaults").
+ -->
+ <!-- In this example, the param "fq=instock:true" would be appended to
+ any query time fq params the user may specify, as a mechanism for
+ partitioning the index, independent of any user selected filtering
+ that may also be desired (perhaps as a result of faceted searching).
+
+ NOTE: there is *absolutely* nothing a client can do to prevent these
+ "appends" values from being used, so don't use this mechanism
+ unless you are sure you always want it.
+ -->
+ <!--
+ <lst name="appends">
+ <str name="fq">inStock:true</str>
+ </lst>
+ -->
+ <!-- "invariants" are a way of letting the Solr maintainer lock down
+ the options available to Solr clients. Any params values
+ specified here are used regardless of what values may be specified
+ in either the query, the "defaults", or the "appends" params.
+
+ In this example, the facet.field and facet.query params would
+ be fixed, limiting the facets clients can use. Faceting is
+ not turned on by default - but if the client does specify
+ facet=true in the request, these are the only facets they
+ will be able to see counts for; regardless of what other
+ facet.field or facet.query params they may specify.
+
+ NOTE: there is *absolutely* nothing a client can do to prevent these
+ "invariants" values from being used, so don't use this mechanism
+ unless you are sure you always want it.
+ -->
+ <!--
+ <lst name="invariants">
+ <str name="facet.field">cat</str>
+ <str name="facet.field">manu_exact</str>
+ <str name="facet.query">price:[* TO 500]</str>
+ <str name="facet.query">price:[500 TO *]</str>
+ </lst>
+ -->
+ <!-- If the default list of SearchComponents is not desired, that
+ list can either be overridden completely, or components can be
+ prepended or appended to the default list. (see below)
+ -->
+ <!--
+ <arr name="components">
+ <str>nameOfCustomComponent1</str>
+ <str>nameOfCustomComponent2</str>
+ </arr>
+ -->
+ </requestHandler>
+
+ <!-- A request handler that returns indented JSON by default -->
+ <requestHandler name="/query" class="solr.SearchHandler">
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <str name="wt">json</str>
+ <str name="indent">true</str>
+ <str name="df">text</str>
+ </lst>
+ </requestHandler>
+
+
+ <!-- realtime get handler, guaranteed to return the latest stored fields of
+ any document, without the need to commit or open a new searcher. The
+ current implementation relies on the updateLog feature being enabled.
+
+ ** WARNING **
+ Do NOT disable the realtime get handler at /get if you are using
+ SolrCloud otherwise any leader election will cause a full sync in ALL
+ replicas for the shard in question. Similarly, a replica recovery will
+ also always fetch the complete index from the leader because a partial
+ sync will not be possible in the absence of this handler.
+ -->
+ <requestHandler name="/get" class="solr.RealTimeGetHandler">
+ <lst name="defaults">
+ <str name="omitHeader">true</str>
+ <str name="wt">json</str>
+ <str name="indent">true</str>
+ </lst>
+ </requestHandler>
+
+
+ <!-- A Robust Example
+
+ This example SearchHandler declaration shows off usage of the
+ SearchHandler with many defaults declared
+
+ Note that multiple instances of the same Request Handler
+ (SearchHandler) can be registered multiple times with different
+ names (and different init parameters)
+ -->
+ <requestHandler name="/browse" class="solr.SearchHandler">
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+
+ <!-- VelocityResponseWriter settings -->
+ <str name="wt">velocity</str>
+ <str name="v.template">browse</str>
+ <str name="v.layout">layout</str>
+
+ <!-- Query settings -->
+ <str name="defType">edismax</str>
+ <str name="q.alt">*:*</str>
+ <str name="rows">10</str>
+ <str name="fl">*,score</str>
+
+ <!-- Faceting defaults -->
+ <str name="facet">on</str>
+ <str name="facet.mincount">1</str>
+ </lst>
+ </requestHandler>
+
+
+ <initParams path="/update/**,/query,/select,/tvrh,/elevate,/spell,/browse">
+ <lst name="defaults">
+ <str name="df">text</str>
+ <str name="update.chain">add-unknown-fields-to-the-schema</str>
+ </lst>
+ </initParams>
+
+ <!-- Update Request Handler.
+
+ http://wiki.apache.org/solr/UpdateXmlMessages
+
+ The canonical Request Handler for Modifying the Index through
+ commands specified using XML, JSON, CSV, or JAVABIN
+
+ Note: Since solr1.1 requestHandlers requires a valid content
+ type header if posted in the body. For example, curl now
+ requires: -H 'Content-type:text/xml; charset=utf-8'
+
+ To override the request content type and force a specific
+ Content-type, use the request parameter:
+ ?update.contentType=text/csv
+
+ This handler will pick a response format to match the input
+ if the 'wt' parameter is not explicit
+ -->
+ <requestHandler name="/update" class="solr.UpdateRequestHandler">
+ <!-- See below for information on defining
+ updateRequestProcessorChains that can be used by name
+ on each Update Request
+ -->
+ <!--
+ <lst name="defaults">
+ <str name="update.chain">dedupe</str>
+ </lst>
+ -->
+ </requestHandler>
+
+ <!-- Solr Cell Update Request Handler
+
+ http://wiki.apache.org/solr/ExtractingRequestHandler
+
+ -->
+ <requestHandler name="/update/extract"
+ startup="lazy"
+ class="solr.extraction.ExtractingRequestHandler" >
+ <lst name="defaults">
+ <str name="lowernames">true</str>
+ <str name="uprefix">ignored_</str>
+
+ <!-- capture link hrefs but ignore div attributes -->
+ <str name="captureAttr">true</str>
+ <str name="fmap.a">links</str>
+ <str name="fmap.div">ignored_</str>
+ </lst>
+ </requestHandler>
+
+
+ <!-- Field Analysis Request Handler
+
+ RequestHandler that provides much the same functionality as
+ analysis.jsp. Provides the ability to specify multiple field
+ types and field names in the same request and outputs
+ index-time and query-time analysis for each of them.
+
+ Request parameters are:
+ analysis.fieldname - field name whose analyzers are to be used
+
+ analysis.fieldtype - field type whose analyzers are to be used
+ analysis.fieldvalue - text for index-time analysis
+ q (or analysis.q) - text for query time analysis
+ analysis.showmatch (true|false) - When set to true and when
+ query analysis is performed, the produced tokens of the
+ field value analysis will be marked as "matched" for every
+ token that is produces by the query analysis
+ -->
+ <requestHandler name="/analysis/field"
+ startup="lazy"
+ class="solr.FieldAnalysisRequestHandler" />
+
+
+ <!-- Document Analysis Handler
+
+ http://wiki.apache.org/solr/AnalysisRequestHandler
+
+ An analysis handler that provides a breakdown of the analysis
+ process of provided documents. This handler expects a (single)
+ content stream with the following format:
+
+ <docs>
+ <doc>
+ <field name="id">1</field>
+ <field name="name">The Name</field>
+ <field name="text">The Text Value</field>
+ </doc>
+ <doc>...</doc>
+ <doc>...</doc>
+ ...
+ </docs>
+
+ Note: Each document must contain a field which serves as the
+ unique key. This key is used in the returned response to associate
+ an analysis breakdown to the analyzed document.
+
+ Like the FieldAnalysisRequestHandler, this handler also supports
+ query analysis by sending either an "analysis.query" or "q"
+ request parameter that holds the query text to be analyzed. It
+ also supports the "analysis.showmatch" parameter which when set to
+ true, all field tokens that match the query tokens will be marked
+ as a "match".
+ -->
+ <requestHandler name="/analysis/document"
+ class="solr.DocumentAnalysisRequestHandler"
+ startup="lazy" />
+
+ <!-- This single handler is equivalent to the following... -->
+ <!--
+ <requestHandler name="/admin/luke" class="solr.admin.LukeRequestHandler" />
+ <requestHandler name="/admin/system" class="solr.admin.SystemInfoHandler" />
+ <requestHandler name="/admin/plugins" class="solr.admin.PluginInfoHandler" />
+ <requestHandler name="/admin/threads" class="solr.admin.ThreadDumpHandler" />
+ <requestHandler name="/admin/properties" class="solr.admin.PropertiesRequestHandler" />
+ <requestHandler name="/admin/file" class="solr.admin.ShowFileRequestHandler" >
+ -->
+ <!-- If you wish to hide files under ${solr.home}/conf, explicitly
+ register the ShowFileRequestHandler using the definition below.
+ NOTE: The glob pattern ('*') is the only pattern supported at present, *.xml will
+ not exclude all files ending in '.xml'. Use it to exclude _all_ updates
+ -->
+ <!--
+ <requestHandler name="/admin/file"
+ class="solr.admin.ShowFileRequestHandler" >
+ <lst name="invariants">
+ <str name="hidden">synonyms.txt</str>
+ <str name="hidden">anotherfile.txt</str>
+ <str name="hidden">*</str>
+ </lst>
+ </requestHandler>
+ -->
+
+ <!--
+ Enabling this request handler (which is NOT a default part of the admin handler) will allow the Solr UI to edit
+ all the config files. This is intended for secure/development use ONLY! Leaving available and publically
+ accessible is a security vulnerability and should be done with extreme caution!
+ -->
+ <!--
+ <requestHandler name="/admin/fileedit" class="solr.admin.EditFileRequestHandler" >
+ <lst name="invariants">
+ <str name="hidden">synonyms.txt</str>
+ <str name="hidden">anotherfile.txt</str>
+ </lst>
+ </requestHandler>
+ -->
+ <!-- ping/healthcheck -->
+ <requestHandler name="/admin/ping" class="solr.PingRequestHandler">
+ <lst name="invariants">
+ <str name="q">solrpingquery</str>
+ </lst>
+ <lst name="defaults">
+ <str name="echoParams">all</str>
+ </lst>
+ <!-- An optional feature of the PingRequestHandler is to configure the
+ handler with a "healthcheckFile" which can be used to enable/disable
+ the PingRequestHandler.
+ relative paths are resolved against the data dir
+ -->
+ <!-- <str name="healthcheckFile">server-enabled.txt</str> -->
+ </requestHandler>
+
+ <!-- Echo the request contents back to the client -->
+ <requestHandler name="/debug/dump" class="solr.DumpRequestHandler" >
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <str name="echoHandler">true</str>
+ </lst>
+ </requestHandler>
+
+ <!-- Solr Replication
+
+ The SolrReplicationHandler supports replicating indexes from a
+ "master" used for indexing and "slaves" used for queries.
+
+ http://wiki.apache.org/solr/SolrReplication
+
+ It is also necessary for SolrCloud to function (in Cloud mode, the
+ replication handler is used to bulk transfer segments when nodes
+ are added or need to recover).
+
+ https://wiki.apache.org/solr/SolrCloud/
+ -->
+ <requestHandler name="/replication" class="solr.ReplicationHandler" >
+ <!--
+ To enable simple master/slave replication, uncomment one of the
+ sections below, depending on whether this solr instance should be
+ the "master" or a "slave". If this instance is a "slave" you will
+ also need to fill in the masterUrl to point to a real machine.
+ -->
+ <!--
+ <lst name="master">
+ <str name="replicateAfter">commit</str>
+ <str name="replicateAfter">startup</str>
+ <str name="confFiles">schema.xml,stopwords.txt</str>
+ </lst>
+ -->
+ <!--
+ <lst name="slave">
+ <str name="masterUrl">http://your-master-hostname:8983/solr</str>
+ <str name="pollInterval">00:00:60</str>
+ </lst>
+ -->
+ </requestHandler>
+
+ <!-- Search Components
+
+ Search components are registered to SolrCore and used by
+ instances of SearchHandler (which can access them by name)
+
+ By default, the following components are available:
+
+ <searchComponent name="query" class="solr.QueryComponent" />
+ <searchComponent name="facet" class="solr.FacetComponent" />
+ <searchComponent name="mlt" class="solr.MoreLikeThisComponent" />
+ <searchComponent name="highlight" class="solr.HighlightComponent" />
+ <searchComponent name="stats" class="solr.StatsComponent" />
+ <searchComponent name="debug" class="solr.DebugComponent" />
+
+ Default configuration in a requestHandler would look like:
+
+ <arr name="components">
+ <str>query</str>
+ <str>facet</str>
+ <str>mlt</str>
+ <str>highlight</str>
+ <str>stats</str>
+ <str>debug</str>
+ </arr>
+
+ If you register a searchComponent to one of the standard names,
+ that will be used instead of the default.
+
+ To insert components before or after the 'standard' components, use:
+
+ <arr name="first-components">
+ <str>myFirstComponentName</str>
+ </arr>
+
+ <arr name="last-components">
+ <str>myLastComponentName</str>
+ </arr>
+
+ NOTE: The component registered with the name "debug" will
+ always be executed after the "last-components"
+
+ -->
+
+ <!-- Spell Check
+
+ The spell check component can return a list of alternative spelling
+ suggestions.
+
+ http://wiki.apache.org/solr/SpellCheckComponent
+ -->
+ <searchComponent name="spellcheck" class="solr.SpellCheckComponent">
+
+ <str name="queryAnalyzerFieldType">text_general</str>
+
+ <!-- Multiple "Spell Checkers" can be declared and used by this
+ component
+ -->
+
+ <!-- a spellchecker built from a field of the main index -->
+ <lst name="spellchecker">
+ <str name="name">default</str>
+ <str name="field">text</str>
+ <str name="classname">solr.DirectSolrSpellChecker</str>
+ <!-- the spellcheck distance measure used, the default is the internal levenshtein -->
+ <str name="distanceMeasure">internal</str>
+ <!-- minimum accuracy needed to be considered a valid spellcheck suggestion -->
+ <float name="accuracy">0.5</float>
+ <!-- the maximum #edits we consider when enumerating terms: can be 1 or 2 -->
+ <int name="maxEdits">2</int>
+ <!-- the minimum shared prefix when enumerating terms -->
+ <int name="minPrefix">1</int>
+ <!-- maximum number of inspections per result. -->
+ <int name="maxInspections">5</int>
+ <!-- minimum length of a query term to be considered for correction -->
+ <int name="minQueryLength">4</int>
+ <!-- maximum threshold of documents a query term can appear to be considered for correction -->
+ <float name="maxQueryFrequency">0.01</float>
+ <!-- uncomment this to require suggestions to occur in 1% of the documents
+ <float name="thresholdTokenFrequency">.01</float>
+ -->
+ </lst>
+
+ <!-- a spellchecker that can break or combine words. See "/spell" handler below for usage -->
+ <lst name="spellchecker">
+ <str name="name">wordbreak</str>
+ <str name="classname">solr.WordBreakSolrSpellChecker</str>
+ <str name="field">name</str>
+ <str name="combineWords">true</str>
+ <str name="breakWords">true</str>
+ <int name="maxChanges">10</int>
+ </lst>
+
+ <!-- a spellchecker that uses a different distance measure -->
+ <!--
+ <lst name="spellchecker">
+ <str name="name">jarowinkler</str>
+ <str name="field">spell</str>
+ <str name="classname">solr.DirectSolrSpellChecker</str>
+ <str name="distanceMeasure">
+ org.apache.lucene.search.spell.JaroWinklerDistance
+ </str>
+ </lst>
+ -->
+
+ <!-- a spellchecker that use an alternate comparator
+
+ comparatorClass be one of:
+ 1. score (default)
+ 2. freq (Frequency first, then score)
+ 3. A fully qualified class name
+ -->
+ <!--
+ <lst name="spellchecker">
+ <str name="name">freq</str>
+ <str name="field">lowerfilt</str>
+ <str name="classname">solr.DirectSolrSpellChecker</str>
+ <str name="comparatorClass">freq</str>
+ -->
+
+ <!-- A spellchecker that reads the list of words from a file -->
+ <!--
+ <lst name="spellchecker">
+ <str name="classname">solr.FileBasedSpellChecker</str>
+ <str name="name">file</str>
+ <str name="sourceLocation">spellings.txt</str>
+ <str name="characterEncoding">UTF-8</str>
+ <str name="spellcheckIndexDir">spellcheckerFile</str>
+ </lst>
+ -->
+ </searchComponent>
+
+ <!-- A request handler for demonstrating the spellcheck component.
+
+ NOTE: This is purely as an example. The whole purpose of the
+ SpellCheckComponent is to hook it into the request handler that
+ handles your normal user queries so that a separate request is
+ not needed to get suggestions.
+
+ IN OTHER WORDS, THERE IS REALLY GOOD CHANCE THE SETUP BELOW IS
+ NOT WHAT YOU WANT FOR YOUR PRODUCTION SYSTEM!
+
+ See http://wiki.apache.org/solr/SpellCheckComponent for details
+ on the request parameters.
+ -->
+ <requestHandler name="/spell" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="df">text</str>
+ <!-- Solr will use suggestions from both the 'default' spellchecker
+ and from the 'wordbreak' spellchecker and combine them.
+ collations (re-written queries) can include a combination of
+ corrections from both spellcheckers -->
+ <str name="spellcheck.dictionary">default</str>
+ <str name="spellcheck.dictionary">wordbreak</str>
+ <str name="spellcheck">on</str>
+ <str name="spellcheck.extendedResults">true</str>
+ <str name="spellcheck.count">10</str>
+ <str name="spellcheck.alternativeTermCount">5</str>
+ <str name="spellcheck.maxResultsForSuggest">5</str>
+ <str name="spellcheck.collate">true</str>
+ <str name="spellcheck.collateExtendedResults">true</str>
+ <str name="spellcheck.maxCollationTries">10</str>
+ <str name="spellcheck.maxCollations">5</str>
+ </lst>
+ <arr name="last-components">
+ <str>spellcheck</str>
+ </arr>
+ </requestHandler>
+
+ <searchComponent name="suggest" class="solr.SuggestComponent">
+ <lst name="suggester">
+ <str name="name">mySuggester</str>
+ <str name="lookupImpl">FuzzyLookupFactory</str> <!-- org.apache.solr.spelling.suggest.fst -->
+ <str name="dictionaryImpl">DocumentDictionaryFactory</str> <!-- org.apache.solr.spelling.suggest.HighFrequencyDictionaryFactory -->
+ <str name="field">cat</str>
+ <str name="weightField">price</str>
+ <str name="suggestAnalyzerFieldType">string</str>
+ </lst>
+ </searchComponent>
+
+ <requestHandler name="/suggest" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="suggest">true</str>
+ <str name="suggest.count">10</str>
+ </lst>
+ <arr name="components">
+ <str>suggest</str>
+ </arr>
+ </requestHandler>
+ <!-- Term Vector Component
+
+ http://wiki.apache.org/solr/TermVectorComponent
+ -->
+ <searchComponent name="tvComponent" class="solr.TermVectorComponent"/>
+
+ <!-- A request handler for demonstrating the term vector component
+
+ This is purely as an example.
+
+ In reality you will likely want to add the component to your
+ already specified request handlers.
+ -->
+ <requestHandler name="/tvrh" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="df">text</str>
+ <bool name="tv">true</bool>
+ </lst>
+ <arr name="last-components">
+ <str>tvComponent</str>
+ </arr>
+ </requestHandler>
+
+ <!-- Clustering Component
+
+ You'll need to set the solr.clustering.enabled system property
+ when running solr to run with clustering enabled:
+
+ java -Dsolr.clustering.enabled=true -jar start.jar
+
+ http://wiki.apache.org/solr/ClusteringComponent
+ http://carrot2.github.io/solr-integration-strategies/
+ -->
+ <searchComponent name="clustering"
+ enable="${solr.clustering.enabled:false}"
+ class="solr.clustering.ClusteringComponent" >
+ <lst name="engine">
+ <str name="name">lingo</str>
+
+ <!-- Class name of a clustering algorithm compatible with the Carrot2 framework.
+
+ Currently available open source algorithms are:
+ * org.carrot2.clustering.lingo.LingoClusteringAlgorithm
+ * org.carrot2.clustering.stc.STCClusteringAlgorithm
+ * org.carrot2.clustering.kmeans.BisectingKMeansClusteringAlgorithm
+
+ See http://project.carrot2.org/algorithms.html for more information.
+
+ A commercial algorithm Lingo3G (needs to be installed separately) is defined as:
+ * com.carrotsearch.lingo3g.Lingo3GClusteringAlgorithm
+ -->
+ <str name="carrot.algorithm">org.carrot2.clustering.lingo.LingoClusteringAlgorithm</str>
+
+ <!-- Override location of the clustering algorithm's resources
+ (attribute definitions and lexical resources).
+
+ A directory from which to load algorithm-specific stop words,
+ stop labels and attribute definition XMLs.
+
+ For an overview of Carrot2 lexical resources, see:
+ http://download.carrot2.org/head/manual/#chapter.lexical-resources
+
+ For an overview of Lingo3G lexical resources, see:
+ http://download.carrotsearch.com/lingo3g/manual/#chapter.lexical-resources
+ -->
+ <str name="carrot.resourcesDir">clustering/carrot2</str>
+ </lst>
+
+ <!-- An example definition for the STC clustering algorithm. -->
+ <lst name="engine">
+ <str name="name">stc</str>
+ <str name="carrot.algorithm">org.carrot2.clustering.stc.STCClusteringAlgorithm</str>
+ </lst>
+
+ <!-- An example definition for the bisecting kmeans clustering algorithm. -->
+ <lst name="engine">
+ <str name="name">kmeans</str>
+ <str name="carrot.algorithm">org.carrot2.clustering.kmeans.BisectingKMeansClusteringAlgorithm</str>
+ </lst>
+ </searchComponent>
+
+ <!-- A request handler for demonstrating the clustering component
+
+ This is purely as an example.
+
+ In reality you will likely want to add the component to your
+ already specified request handlers.
+ -->
+ <requestHandler name="/clustering"
+ startup="lazy"
+ enable="${solr.clustering.enabled:false}"
+ class="solr.SearchHandler">
+ <lst name="defaults">
+ <bool name="clustering">true</bool>
+ <bool name="clustering.results">true</bool>
+ <!-- Field name with the logical "title" of a each document (optional) -->
+ <str name="carrot.title">name</str>
+ <!-- Field name with the logical "URL" of a each document (optional) -->
+ <str name="carrot.url">id</str>
+ <!-- Field name with the logical "content" of a each document (optional) -->
+ <str name="carrot.snippet">features</str>
+ <!-- Apply highlighter to the title/ content and use this for clustering. -->
+ <bool name="carrot.produceSummary">true</bool>
+ <!-- the maximum number of labels per cluster -->
+ <!--<int name="carrot.numDescriptions">5</int>-->
+ <!-- produce sub clusters -->
+ <bool name="carrot.outputSubClusters">false</bool>
+
+ <!-- Configure the remaining request handler parameters. -->
+ <str name="defType">edismax</str>
+ <str name="qf">
+ text^0.5 features^1.0 name^1.2 sku^1.5 id^10.0 manu^1.1 cat^1.4
+ </str>
+ <str name="q.alt">*:*</str>
+ <str name="rows">10</str>
+ <str name="fl">*,score</str>
+ </lst>
+ <arr name="last-components">
+ <str>clustering</str>
+ </arr>
+ </requestHandler>
+
+ <!-- Terms Component
+
+ http://wiki.apache.org/solr/TermsComponent
+
+ A component to return terms and document frequency of those
+ terms
+ -->
+ <searchComponent name="terms" class="solr.TermsComponent"/>
+
+ <!-- A request handler for demonstrating the terms component -->
+ <requestHandler name="/terms" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <bool name="terms">true</bool>
+ <bool name="distrib">false</bool>
+ </lst>
+ <arr name="components">
+ <str>terms</str>
+ </arr>
+ </requestHandler>
+
+
+ <!-- Query Elevation Component
+
+ http://wiki.apache.org/solr/QueryElevationComponent
+
+ a search component that enables you to configure the top
+ results for a given query regardless of the normal lucene
+ scoring.
+ -->
+ <searchComponent name="elevator" class="solr.QueryElevationComponent" >
+ <!-- pick a fieldType to analyze queries -->
+ <str name="queryFieldType">string</str>
+ <str name="config-file">elevate.xml</str>
+ </searchComponent>
+
+ <!-- A request handler for demonstrating the elevator component -->
+ <requestHandler name="/elevate" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <str name="df">text</str>
+ </lst>
+ <arr name="last-components">
+ <str>elevator</str>
+ </arr>
+ </requestHandler>
+
+ <!-- Highlighting Component
+
+ http://wiki.apache.org/solr/HighlightingParameters
+ -->
+ <searchComponent class="solr.HighlightComponent" name="highlight">
+ <highlighting>
+ <!-- Configure the standard fragmenter -->
+ <!-- This could most likely be commented out in the "default" case -->
+ <fragmenter name="gap"
+ default="true"
+ class="solr.highlight.GapFragmenter">
+ <lst name="defaults">
+ <int name="hl.fragsize">100</int>
+ </lst>
+ </fragmenter>
+
+ <!-- A regular-expression-based fragmenter
+ (for sentence extraction)
+ -->
+ <fragmenter name="regex"
+ class="solr.highlight.RegexFragmenter">
+ <lst name="defaults">
+ <!-- slightly smaller fragsizes work better because of slop -->
+ <int name="hl.fragsize">70</int>
+ <!-- allow 50% slop on fragment sizes -->
+ <float name="hl.regex.slop">0.5</float>
+ <!-- a basic sentence pattern -->
+ <str name="hl.regex.pattern">[-\w ,/\n\"']{20,200}</str>
+ </lst>
+ </fragmenter>
+
+ <!-- Configure the standard formatter -->
+ <formatter name="html"
+ default="true"
+ class="solr.highlight.HtmlFormatter">
+ <lst name="defaults">
+ <str name="hl.simple.pre"><![CDATA[<em>]]></str>
+ <str name="hl.simple.post"><![CDATA[</em>]]></str>
+ </lst>
+ </formatter>
+
+ <!-- Configure the standard encoder -->
+ <encoder name="html"
+ class="solr.highlight.HtmlEncoder" />
+
+ <!-- Configure the standard fragListBuilder -->
+ <fragListBuilder name="simple"
+ class="solr.highlight.SimpleFragListBuilder"/>
+
+ <!-- Configure the single fragListBuilder -->
+ <fragListBuilder name="single"
+ class="solr.highlight.SingleFragListBuilder"/>
+
+ <!-- Configure the weighted fragListBuilder -->
+ <fragListBuilder name="weighted"
+ default="true"
+ class="solr.highlight.WeightedFragListBuilder"/>
+
+ <!-- default tag FragmentsBuilder -->
+ <fragmentsBuilder name="default"
+ default="true"
+ class="solr.highlight.ScoreOrderFragmentsBuilder">
+ <!--
+ <lst name="defaults">
+ <str name="hl.multiValuedSeparatorChar">/</str>
+ </lst>
+ -->
+ </fragmentsBuilder>
+
+ <!-- multi-colored tag FragmentsBuilder -->
+ <fragmentsBuilder name="colored"
+ class="solr.highlight.ScoreOrderFragmentsBuilder">
+ <lst name="defaults">
+ <str name="hl.tag.pre"><![CDATA[
+ <b style="background:yellow">,<b style="background:lawgreen">,
+ <b style="background:aquamarine">,<b style="background:magenta">,
+ <b style="background:palegreen">,<b style="background:coral">,
+ <b style="background:wheat">,<b style="background:khaki">,
+ <b style="background:lime">,<b style="background:deepskyblue">]]></str>
+ <str name="hl.tag.post"><![CDATA[</b>]]></str>
+ </lst>
+ </fragmentsBuilder>
+
+ <boundaryScanner name="default"
+ default="true"
+ class="solr.highlight.SimpleBoundaryScanner">
+ <lst name="defaults">
+ <str name="hl.bs.maxScan">10</str>
+ <str name="hl.bs.chars">.,!? 	 </str>
+ </lst>
+ </boundaryScanner>
+
+ <boundaryScanner name="breakIterator"
+ class="solr.highlight.BreakIteratorBoundaryScanner">
+ <lst name="defaults">
+ <!-- type should be one of CHARACTER, WORD(default), LINE and SENTENCE -->
+ <str name="hl.bs.type">WORD</str>
+ <!-- language and country are used when constructing Locale object. -->
+ <!-- And the Locale object will be used when getting instance of BreakIterator -->
+ <str name="hl.bs.language">en</str>
+ <str name="hl.bs.country">US</str>
+ </lst>
+ </boundaryScanner>
+ </highlighting>
+ </searchComponent>
+
+ <!-- Update Processors
+
+ Chains of Update Processor Factories for dealing with Update
+ Requests can be declared, and then used by name in Update
+ Request Processors
+
+ http://wiki.apache.org/solr/UpdateRequestProcessor
+
+ -->
+
+ <!-- Add unknown fields to the schema
+
+ An example field type guessing update processor that will
+ attempt to parse string-typed field values as Booleans, Longs,
+ Doubles, or Dates, and then add schema fields with the guessed
+ field types.
+
+ This requires that the schema is both managed and mutable, by
+ declaring schemaFactory as ManagedIndexSchemaFactory, with
+ mutable specified as true.
+
+ See http://wiki.apache.org/solr/GuessingFieldTypes
+ -->
+ <updateRequestProcessorChain name="add-unknown-fields-to-the-schema">
+ <processor class="solr.DefaultValueUpdateProcessorFactory">
+ <str name="fieldName">_ttl_</str>
+ <str name="value">+{{ranger_audit_max_retention_days}}DAYS</str>
+ </processor>
+ <processor class="solr.processor.DocExpirationUpdateProcessorFactory">
+ <int name="autoDeletePeriodSeconds">86400</int>
+ <str name="ttlFieldName">_ttl_</str>
+ <str name="expirationFieldName">_expire_at_</str>
+ </processor>
+ <processor class="solr.FirstFieldValueUpdateProcessorFactory">
+ <str name="fieldName">_expire_at_</str>
+ </processor>
+
+ <processor class="solr.RemoveBlankFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseBooleanFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseLongFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseDoubleFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseDateFieldUpdateProcessorFactory">
+ <arr name="format">
+ <str>yyyy-MM-dd'T'HH:mm:ss.SSSZ</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss,SSSZ</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss.SSS</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss,SSS</str>
+ <str>yyyy-MM-dd'T'HH:mm:ssZ</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss</str>
+ <str>yyyy-MM-dd'T'HH:mmZ</str>
+ <str>yyyy-MM-dd'T'HH:mm</str>
+ <str>yyyy-MM-dd HH:mm:ss.SSSZ</str>
+ <str>yyyy-MM-dd HH:mm:ss,SSSZ</str>
+ <str>yyyy-MM-dd HH:mm:ss.SSS</str>
+ <str>yyyy-MM-dd HH:mm:ss,SSS</str>
+ <str>yyyy-MM-dd HH:mm:ssZ</str>
+ <str>yyyy-MM-dd HH:mm:ss</str>
+ <str>yyyy-MM-dd HH:mmZ</str>
+ <str>yyyy-MM-dd HH:mm</str>
+ <str>yyyy-MM-dd</str>
+ </arr>
+ </processor>
+ <processor class="solr.AddSchemaFieldsUpdateProcessorFactory">
+ <str name="defaultFieldType">key_lower_case</str>
+ <lst name="typeMapping">
+ <str name="valueClass">java.lang.Boolean</str>
+ <str name="fieldType">boolean</str>
+ </lst>
+ <lst name="typeMapping">
+ <str name="valueClass">java.util.Date</str>
+ <str name="fieldType">tdate</str>
+ </lst>
+ <lst name="typeMapping">
+ <str name="valueClass">java.lang.Long</str>
+ <str name="valueClass">java.lang.Integer</str>
+ <str name="fieldType">tlong</str>
+ </lst>
+ <lst name="typeMapping">
+ <str name="valueClass">java.lang.Number</str>
+ <str name="fieldType">tdouble</str>
+ </lst>
+ </processor>
+ <processor class="solr.LogUpdateProcessorFactory"/>
+ <processor class="solr.RunUpdateProcessorFactory"/>
+ </updateRequestProcessorChain>
+
+
+ <!-- Deduplication
+
+ An example dedup update processor that creates the "id" field
+ on the fly based on the hash code of some other fields. This
+ example has overwriteDupes set to false since we are using the
+ id field as the signatureField and Solr will maintain
+ uniqueness based on that anyway.
+
+ -->
+ <!--
+ <updateRequestProcessorChain name="dedupe">
+ <processor class="solr.processor.SignatureUpdateProcessorFactory">
+ <bool name="enabled">true</bool>
+ <str name="signatureField">id</str>
+ <bool name="overwriteDupes">false</bool>
+ <str name="fields">name,features,cat</str>
+ <str name="signatureClass">solr.processor.Lookup3Signature</str>
+ </processor>
+ <processor class="solr.LogUpdateProcessorFactory" />
+ <processor class="solr.RunUpdateProcessorFactory" />
+ </updateRequestProcessorChain>
+ -->
+
+ <!-- Language identification
+
+ This example update chain identifies the language of the incoming
+ documents using the langid contrib. The detected language is
+ written to field language_s. No field name mapping is done.
+ The fields used for detection are text, title, subject and description,
+ making this example suitable for detecting languages form full-text
+ rich documents injected via ExtractingRequestHandler.
+ See more about langId at http://wiki.apache.org/solr/LanguageDetection
+ -->
+ <!--
+ <updateRequestProcessorChain name="langid">
+ <processor class="org.apache.solr.update.processor.TikaLanguageIdentifierUpdateProcessorFactory">
+ <str name="langid.fl">text,title,subject,description</str>
+ <str name="langid.langField">language_s</str>
+ <str name="langid.fallback">en</str>
+ </processor>
+ <processor class="solr.LogUpdateProcessorFactory" />
+ <processor class="solr.RunUpdateProcessorFactory" />
+ </updateRequestProcessorChain>
+ -->
+
+ <!-- Script update processor
+
+ This example hooks in an update processor implemented using JavaScript.
+
+ See more about the script update processor at http://wiki.apache.org/solr/ScriptUpdateProcessor
+ -->
+ <!--
+ <updateRequestProcessorChain name="script">
+ <processor class="solr.StatelessScriptUpdateProcessorFactory">
+ <str name="script">update-script.js</str>
+ <lst name="params">
+ <str name="config_param">example config parameter</str>
+ </lst>
+ </processor>
+ <processor class="solr.RunUpdateProcessorFactory" />
+ </updateRequestProcessorChain>
+ -->
+
+ <!-- Response Writers
+
+ http://wiki.apache.org/solr/QueryResponseWriter
+
+ Request responses will be written using the writer specified by
+ the 'wt' request parameter matching the name of a registered
+ writer.
+
+ The "default" writer is the default and will be used if 'wt' is
+ not specified in the request.
+ -->
+ <!-- The following response writers are implicitly configured unless
+ overridden...
+ -->
+ <!--
+ <queryResponseWriter name="xml"
+ default="true"
+ class="solr.XMLResponseWriter" />
+ <queryResponseWriter name="json" class="solr.JSONResponseWriter"/>
+ <queryResponseWriter name="python" class="solr.PythonResponseWriter"/>
+ <queryResponseWriter name="ruby" class="solr.RubyResponseWriter"/>
+ <queryResponseWriter name="php" class="solr.PHPResponseWriter"/>
+ <queryResponseWriter name="phps" class="solr.PHPSerializedResponseWriter"/>
+ <queryResponseWriter name="csv" class="solr.CSVResponseWriter"/>
+ <queryResponseWriter name="schema.xml" class="solr.SchemaXmlResponseWriter"/>
+ -->
+
+ <queryResponseWriter name="json" class="solr.JSONResponseWriter">
+ <!-- For the purposes of the tutorial, JSON responses are written as
+ plain text so that they are easy to read in *any* browser.
+ If you expect a MIME type of "application/json" just remove this override.
+ -->
+ <str name="content-type">text/plain; charset=UTF-8</str>
+ </queryResponseWriter>
+
+ <!--
+ Custom response writers can be declared as needed...
+ -->
+ <queryResponseWriter name="velocity" class="solr.VelocityResponseWriter" startup="lazy">
+ <str name="template.base.dir">${velocity.template.base.dir:}</str>
+ </queryResponseWriter>
+
+ <!-- XSLT response writer transforms the XML output by any xslt file found
+ in Solr's conf/xslt directory. Changes to xslt files are checked for
+ every xsltCacheLifetimeSeconds.
+ -->
+ <queryResponseWriter name="xslt" class="solr.XSLTResponseWriter">
+ <int name="xsltCacheLifetimeSeconds">5</int>
+ </queryResponseWriter>
+
+ <!-- Query Parsers
+
+ http://wiki.apache.org/solr/SolrQuerySyntax
+
+ Multiple QParserPlugins can be registered by name, and then
+ used in either the "defType" param for the QueryComponent (used
+ by SearchHandler) or in LocalParams
+ -->
+ <!-- example of registering a query parser -->
+ <!--
+ <queryParser name="myparser" class="com.mycompany.MyQParserPlugin"/>
+ -->
+
+ <!-- Function Parsers
+
+ http://wiki.apache.org/solr/FunctionQuery
+
+ Multiple ValueSourceParsers can be registered by name, and then
+ used as function names when using the "func" QParser.
+ -->
+ <!-- example of registering a custom function parser -->
+ <!--
+ <valueSourceParser name="myfunc"
+ class="com.mycompany.MyValueSourceParser" />
+ -->
+
+
+ <!-- Document Transformers
+ http://wiki.apache.org/solr/DocTransformers
+ -->
+ <!--
+ Could be something like:
+ <transformer name="db" class="com.mycompany.LoadFromDatabaseTransformer" >
+ <int name="connection">jdbc://....</int>
+ </transformer>
+
+ To add a constant value to all docs, use:
+ <transformer name="mytrans2" class="org.apache.solr.response.transform.ValueAugmenterFactory" >
+ <int name="value">5</int>
+ </transformer>
+
+ If you want the user to still be able to change it with _value:something_ use this:
+ <transformer name="mytrans3" class="org.apache.solr.response.transform.ValueAugmenterFactory" >
+ <double name="defaultValue">5</double>
+ </transformer>
+
+ If you are using the QueryElevationComponent, you may wish to mark documents that get boosted. The
+ EditorialMarkerFactory will do exactly that:
+ <transformer name="qecBooster" class="org.apache.solr.response.transform.EditorialMarkerFactory" />
+ -->
+
+
+ <!-- Legacy config for the admin interface -->
+ <admin>
+ <defaultQuery>*:*</defaultQuery>
+ </admin>
+
+</config>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json
new file mode 100644
index 0000000..d75d5f1
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json
@@ -0,0 +1,41 @@
+{
+ "name": "default",
+ "description": "default quick links configuration",
+ "configuration": {
+ "protocol":
+ {
+ "type":"https",
+ "checks":[
+ {
+ "property":"ranger.service.https.attrib.ssl.enabled",
+ "desired":"true",
+ "site":"ranger-admin-site"
+ },
+ {
+ "property":"ranger.service.http.enabled",
+ "desired":"false",
+ "site":"ranger-admin-site"
+ }
+ ]
+ },
+
+ "links": [
+ {
+ "name": "ranger_admin_ui",
+ "label": "Ranger Admin UI",
+ "component_name" : "RANGER_ADMIN",
+ "requires_user_name": "false",
+ "url": "%@://%@:%@",
+ "attributes": ["authenticated", "sso"],
+ "port":{
+ "http_property": "ranger.service.http.port",
+ "http_default_port": "6080",
+ "https_property": "ranger.service.https.port",
+ "https_default_port": "6182",
+ "regex": "(\\d*)+",
+ "site": "ranger-admin-site"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json
new file mode 100644
index 0000000..557e9ac
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json
@@ -0,0 +1,9 @@
+{
+ "general_deps" : {
+ "_comment" : "dependencies for RANGER",
+ "RANGER_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_ADMIN-START"],
+ "RANGER_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_USERSYNC-START"],
+ "RANGER_USERSYNC-START" : ["RANGER_ADMIN-START"],
+ "RANGER_ADMIN-START": ["ZOOKEEPER_SERVER-START", "INFRA_SOLR-START"]
+ }
+}
[4/6] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Posted by vb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
new file mode 100644
index 0000000..b849d58
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
@@ -0,0 +1,217 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import setup_ranger_audit_solr, setup_ranger_admin_passwd_change
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+import upgrade
+import os, errno
+
+class RangerAdmin(Script):
+
+ def get_component_name(self):
+ return "ranger-admin"
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+ # call config and setup db only in case of HDP version < 2.6
+ if not params.stack_supports_ranger_setup_db_on_start:
+ self.configure(env, setup_db=True)
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_rolling_upgrade and not params.stack_supports_config_versioning and os.path.isfile(format('{ranger_home}/ews/stop-ranger-admin.sh')):
+ File(format('{ranger_home}/ews/stop-ranger-admin.sh'),
+ owner=params.unix_user,
+ group = params.unix_group
+ )
+
+ Execute(format('{params.ranger_stop}'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ if params.stack_supports_pid:
+ File(params.ranger_admin_pid_file,
+ action = "delete"
+ )
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ upgrade.prestart(env, "ranger-admin")
+
+ self.set_ru_rangeradmin_in_progress(params.upgrade_marker_file)
+
+ def post_upgrade_restart(self,env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if os.path.isfile(params.upgrade_marker_file):
+ os.remove(params.upgrade_marker_file)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ # setup db only if in case HDP version is > 2.6
+ self.configure(env, upgrade_type=upgrade_type, setup_db=params.stack_supports_ranger_setup_db_on_start)
+
+ if params.stack_supports_infra_client and params.audit_solr_enabled and params.is_solrCloud_enabled:
+ solr_cloud_util.setup_solr_client(params.config, custom_log4j = params.custom_log4j)
+ setup_ranger_audit_solr()
+
+ ranger_service('ranger_admin')
+
+
+ def status(self, env):
+ import status_params
+
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_admin_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ if self.is_ru_rangeradmin_in_progress(status_params.upgrade_marker_file):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Logger.debug('Ranger admin process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def configure(self, env, upgrade_type=None, setup_db=False):
+ import params
+ env.set_params(params)
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import ranger
+ else:
+ from setup_ranger import ranger
+
+ # set up db if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db()
+
+ ranger('ranger_admin', upgrade_type=upgrade_type)
+
+ # set up java patches if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch()
+
+ if params.stack_supports_ranger_admin_password_change:
+ setup_ranger_admin_passwd_change()
+
+ def set_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ config_dir = os.path.dirname(upgrade_marker_file)
+ try:
+ msg = "Starting Upgrade"
+ if (not os.path.exists(config_dir)):
+ os.makedirs(config_dir)
+ ofp = open(upgrade_marker_file, 'w')
+ ofp.write(msg)
+ ofp.close()
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(config_dir):
+ pass
+ else:
+ raise
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+ def setup_ranger_database(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.xml_configurations_supported and params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Setting Ranger database schema, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db(stack_version=stack_version)
+
+ def setup_ranger_java_patches(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.xml_configurations_supported and params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Applying Ranger java patches, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch(stack_version=stack_version)
+
+ def set_pre_start(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-admin", stack_version)
+ conf_select.select(stack_name, "ranger-admin", stack_version)
+
+ def get_log_folder(self):
+ import params
+ return params.admin_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerAdmin().execute()
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
new file mode 100644
index 0000000..0355049
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.show_logs import show_logs
+from resource_management.core.resources.system import Execute
+
+def ranger_service(name, action=None):
+ import params
+
+ env_dict = {'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_lib_path}
+
+ if name == 'ranger_admin':
+ no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
+ try:
+ Execute(params.ranger_start, environment=env_dict, user=params.unix_user, not_if=no_op_test)
+ except:
+ show_logs(params.admin_log_dir, params.unix_user)
+ raise
+ elif name == 'ranger_usersync':
+ no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
+ if params.stack_supports_usersync_non_root:
+ try:
+ Execute(params.usersync_start,
+ environment=env_dict,
+ not_if=no_op_test,
+ user=params.unix_user
+ )
+ except:
+ show_logs(params.usersync_log_dir, params.unix_user)
+ raise
+ else:
+ # Usersync requires to be run as root for 2.2
+ Execute((params.usersync_start,),
+ environment={'JAVA_HOME': params.java_home},
+ not_if=no_op_test,
+ sudo=True
+ )
+ elif name == 'ranger_tagsync' and params.stack_supports_ranger_tagsync:
+ no_op_test = format('ps -ef | grep proc_rangertagsync | grep -v grep')
+ cmd = format('{tagsync_services_file} start')
+ try:
+ Execute(cmd,
+ environment=env_dict,
+ user=params.unix_user,
+ not_if=no_op_test
+ )
+ except:
+ show_logs(params.tagsync_log_dir, params.unix_user)
+ raise
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
new file mode 100644
index 0000000..008fb99
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
@@ -0,0 +1,139 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.core.resources.system import Execute, File
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import ranger, ranger_credential_helper
+from resource_management.core.exceptions import Fail
+import upgrade
+
+class RangerTagsync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'tagadmin.user.password', 'rangertagsync', params.tagsync_jceks_path)
+ File(params.tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ ranger('ranger_tagsync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_tagsync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ Execute(format('{tagsync_services_file} stop'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ File(params.tagsync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ check_process_status(status_params.tagsync_pid_file)
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_ranger_tagsync:
+ Logger.info("Executing Ranger Tagsync Stack Upgrade pre-restart")
+ conf_select.select(params.stack_name, "ranger-tagsync", params.version)
+ stack_select.select("ranger-tagsync", params.version)
+
+ def get_component_name(self):
+ return "ranger-tagsync"
+
+ def get_log_folder(self):
+ import params
+ return params.tagsync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+ def get_pid_files(self):
+ import status_params
+ return [status_params.tagsync_pid_file]
+
+ def configure_atlas_user_for_tagsync(self, env):
+ Logger.info("Configuring Atlas user for Tagsync service.")
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-tagsync", stack_version)
+ conf_select.select(stack_name, "ranger-tagsync", stack_version)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Upgrading Tagsync, stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Upgrading Tagsync, stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ Logger.info("Configuring Atlas user for Tagsync service done.")
+
+ def create_atlas_user_keystore(self,env):
+ import params
+ env.set_params(params)
+ ranger_credential_helper(params.tagsync_cred_lib, 'atlas.user.password', 'admin', params.atlas_tagsync_jceks_path)
+ File(params.atlas_tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+if __name__ == "__main__":
+ RangerTagsync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
new file mode 100644
index 0000000..b9366f6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
@@ -0,0 +1,124 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+import upgrade
+import os
+
+class RangerUsersync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_usersync_passwd:
+ from setup_ranger_xml import ranger_credential_helper
+ ranger_credential_helper(params.ugsync_cred_lib, params.ugsync_policymgr_alias, 'rangerusersync', params.ugsync_policymgr_keystore)
+
+ File(params.ugsync_policymgr_keystore,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import ranger
+ else:
+ from setup_ranger import ranger
+
+ ranger('ranger_usersync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_usersync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_usersync_non_root and os.path.isfile(params.usersync_services_file):
+ File(params.usersync_services_file,
+ mode = 0755
+ )
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True
+ )
+
+ Execute((params.usersync_stop,), environment={'JAVA_HOME': params.java_home}, sudo=True)
+ if params.stack_supports_pid:
+ File(params.ranger_usersync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_usersync_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ Logger.debug('Ranger usersync process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ upgrade.prestart(env, "ranger-usersync")
+
+ def get_component_name(self):
+ return "ranger-usersync"
+
+ def get_log_folder(self):
+ import params
+ return params.usersync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerUsersync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
new file mode 100644
index 0000000..fb6af95
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
@@ -0,0 +1,49 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+import os
+
+
+class RangerServiceCheck(Script):
+
+ def service_check(self, env):
+ import params
+
+ env.set_params(params)
+ self.check_ranger_admin_service(params.ranger_external_url, params.upgrade_marker_file)
+
+ def check_ranger_admin_service(self, ranger_external_url, upgrade_marker_file):
+ if (self.is_ru_rangeradmin_in_progress(upgrade_marker_file)):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp | grep 200"),
+ tries = 10,
+ try_sleep=3,
+ logoutput=True)
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+if __name__ == "__main__":
+ RangerServiceCheck().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
new file mode 100644
index 0000000..b0e8bad
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
@@ -0,0 +1,153 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import sys
+import fileinput
+import os
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.resources.properties_file import PropertiesFile
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.core.source import DownloadSource
+from resource_management.core.logger import Logger
+from resource_management.core.shell import as_sudo
+from resource_management.core.exceptions import Fail
+from resource_management.core.resources.system import Directory, Execute, File
+
+
+def ranger(name=None, upgrade_type=None):
+ if name == 'ranger_admin':
+ setup_ranger_admin(upgrade_type=upgrade_type)
+
+ if name == 'ranger_usersync':
+ setup_usersync(upgrade_type=upgrade_type)
+
+def setup_ranger_admin(upgrade_type=None):
+ import params
+
+ check_db_connnection()
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(params.driver_curl_target, mode=0644)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = params.config['configurations']['admin-properties']
+ )
+
+ custom_config = dict()
+ custom_config['unix_user'] = params.unix_user
+ custom_config['unix_group'] = params.unix_group
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties=custom_config
+ )
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')}
+ )
+
+ ##if db flavor == oracle - set oracle home env variable
+ if params.db_flavor.lower() == 'oracle' and params.oracle_home:
+ env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
+ else:
+ env_dict = {'JAVA_HOME': params.java_home}
+
+ setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
+ Execute(setup_sh,
+ environment=env_dict,
+ logoutput=True,
+ )
+
+ ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"),
+ properties = params.config['configurations']['ranger-site'],
+ )
+
+ ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"),
+ properties = params.config['configurations']['ranger-site'],
+ mode=0744
+ )
+
+ Directory(params.admin_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+def setup_usersync(upgrade_type=None):
+ import params
+
+ PropertiesFile(format("{usersync_home}/install.properties"),
+ properties = params.config['configurations']['usersync-properties'],
+ )
+
+ custom_config = dict()
+ custom_config['unix_user'] = params.unix_user
+ custom_config['unix_group'] = params.unix_group
+
+ ModifyPropertiesFile(format("{usersync_home}/install.properties"),
+ properties=custom_config
+ )
+
+ cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')])
+ Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+
+ File([params.usersync_start, params.usersync_stop],
+ owner = params.unix_user
+ )
+ File(params.usersync_services_file,
+ mode = 0755,
+ )
+
+ Directory(params.usersync_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+def check_db_connnection():
+ import params
+
+ Logger.info('Checking DB connection')
+ env_dict = {}
+ if params.db_flavor.lower() == 'mysql':
+ cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password!p} -h {db_host} -s -e "select version();"')
+ elif params.db_flavor.lower() == 'oracle':
+ cmd = format("{sql_command_invoker} '{db_root_user}/\"{db_root_password}\"@{db_host}' AS SYSDBA")
+ env_dict = {'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
+ elif params.db_flavor.lower() == 'postgres':
+ cmd = 'true'
+ elif params.db_flavor.lower() == 'mssql':
+ cmd = 'true'
+
+ try:
+ Execute(cmd,
+ environment=env_dict,
+ logoutput=True)
+ except Fail as ex:
+ Logger.error(str(ex))
+ raise Fail('Ranger Database connection check failed')
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
new file mode 100644
index 0000000..26e6578
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
@@ -0,0 +1,853 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+import re
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.default import default
+from resource_management.core.logger import Logger
+from resource_management.core.resources.system import File, Directory, Execute, Link
+from resource_management.core.source import DownloadSource, InlineTemplate, Template
+from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.libraries.resources.properties_file import PropertiesFile
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.decorator import retry
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.core.utils import PasswordString
+from resource_management.core.shell import as_sudo
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.core.exceptions import ExecutionFailed
+
+# This file contains functions used for setup/configure of Ranger Admin and Ranger Usersync.
+# The design is to mimic what is done by the setup.sh script bundled by Ranger component currently.
+
+def ranger(name=None, upgrade_type=None):
+ """
+ parameter name: name of ranger service component
+ """
+ if name == 'ranger_admin':
+ setup_ranger_admin(upgrade_type=upgrade_type)
+
+ if name == 'ranger_usersync':
+ setup_usersync(upgrade_type=upgrade_type)
+
+ if name == 'ranger_tagsync':
+ setup_tagsync(upgrade_type=upgrade_type)
+
+def setup_ranger_admin(upgrade_type=None):
+ import params
+
+ if upgrade_type is None:
+ upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
+
+ ranger_home = params.ranger_home
+ ranger_conf = params.ranger_conf
+
+ Directory(ranger_conf,
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True
+ )
+
+ copy_jdbc_connector()
+
+ File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
+ content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
+ mode = 0644,
+ )
+
+ cp = format("{check_db_connection_jar}")
+ if params.db_flavor.lower() == 'sqla':
+ cp = cp + os.pathsep + format("{ranger_home}/ews/lib/sajdbc4.jar")
+ else:
+ cp = cp + os.pathsep + format("{driver_curl_target}")
+ cp = cp + os.pathsep + format("{ranger_home}/ews/lib/*")
+
+ db_connection_check_command = format(
+ "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_jdbc_connection_url}' {ranger_db_user} {ranger_db_password!p} {ranger_jdbc_driver}")
+
+ env_dict = {}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
+
+ Execute(('ln','-sf', format('{ranger_home}/ews/webapp/WEB-INF/classes/conf'), format('{ranger_home}/conf')),
+ not_if=format("ls {ranger_home}/conf"),
+ only_if=format("ls {ranger_home}/ews/webapp/WEB-INF/classes/conf"),
+ sudo=True)
+
+ if upgrade_type is not None:
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+ dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+ dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ Directory(format('{ranger_home}/'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ recursive_ownership = True,
+ )
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_conf}/ranger-admin-env-piddir.sh'),
+ content = format("export RANGER_PID_DIR_PATH={ranger_pid_dir}\nexport RANGER_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.admin_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True,
+ cd_access='a',
+ mode=0755
+ )
+
+ File(format('{ranger_conf}/ranger-admin-env-logdir.sh'),
+ content = format("export RANGER_ADMIN_LOG_DIR={admin_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ if os.path.isfile(params.ranger_admin_default_file):
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+ else:
+ Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.ranger_admin_default_file, ranger_conf))
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+ dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.security_app_context_file):
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+ else:
+ Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.security_app_context_file, ranger_conf))
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+ dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+
+ if upgrade_type is not None and params.stack_supports_config_versioning:
+ if os.path.islink('/usr/bin/ranger-admin'):
+ Link('/usr/bin/ranger-admin', action="delete")
+
+ Link('/usr/bin/ranger-admin',
+ to=format('{ranger_home}/ews/ranger-admin-services.sh'))
+
+ if default("/configurations/ranger-admin-site/ranger.authentication.method", "") == 'PAM':
+ d = '/etc/pam.d'
+ if os.path.isdir(d):
+ if os.path.isfile(os.path.join(d, 'ranger-admin')):
+ Logger.info('ranger-admin PAM file already exists.')
+ else:
+ File(format('{d}/ranger-admin'),
+ content=Template('ranger_admin_pam.j2'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0644
+ )
+ if os.path.isfile(os.path.join(d, 'ranger-remote')):
+ Logger.info('ranger-remote PAM file already exists.')
+ else:
+ File(format('{d}/ranger-remote'),
+ content=Template('ranger_remote_pam.j2'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0644
+ )
+ else:
+ Logger.error("Unable to use PAM authentication, /etc/pam.d/ directory does not exist.")
+
+ Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
+ not_if=format("ls /usr/bin/ranger-admin"),
+ only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
+ sudo=True)
+
+ # remove plain-text password from xml configs
+
+ ranger_admin_site_copy = {}
+ ranger_admin_site_copy.update(params.config['configurations']['ranger-admin-site'])
+ for prop in params.ranger_admin_password_properties:
+ if prop in ranger_admin_site_copy:
+ ranger_admin_site_copy[prop] = "_"
+
+ XmlConfig("ranger-admin-site.xml",
+ conf_dir=ranger_conf,
+ configurations=ranger_admin_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-admin-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ Directory(os.path.join(ranger_conf,'ranger_jaas'),
+ mode=0700,
+ owner=params.unix_user,
+ group=params.unix_group,
+ )
+
+ if params.stack_supports_ranger_log4j:
+ File(format('{ranger_home}/ews/webapp/WEB-INF/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.admin_log4j),
+ mode=0644
+ )
+
+ do_keystore_setup(upgrade_type=upgrade_type)
+
+ create_core_site_xml(ranger_conf)
+
+ if params.stack_supports_ranger_kerberos and params.security_enabled:
+ if params.is_hbase_ha_enabled and params.ranger_hbase_plugin_enabled:
+ XmlConfig("hbase-site.xml",
+ conf_dir=ranger_conf,
+ configurations=params.config['configurations']['hbase-site'],
+ configuration_attributes=params.config['configuration_attributes']['hbase-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+ if params.is_namenode_ha_enabled and params.ranger_hdfs_plugin_enabled:
+ XmlConfig("hdfs-site.xml",
+ conf_dir=ranger_conf,
+ configurations=params.config['configurations']['hdfs-site'],
+ configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+def setup_ranger_db(stack_version=None):
+ import params
+
+ ranger_home = params.ranger_home
+ version = params.version
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+ version = stack_version
+
+ copy_jdbc_connector(stack_version=version)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'audit_store': params.ranger_audit_source_type},
+ owner = params.unix_user,
+ )
+
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ # User wants us to setup the DB user and DB?
+ if params.create_db_dbuser:
+ Logger.info('Setting up Ranger DB and DB User')
+ dba_setup = format('ambari-python-wrap {ranger_home}/dba_script.py -q')
+ Execute(dba_setup,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+ else:
+ Logger.info('Separate DBA property not set. Assuming Ranger DB and DB User exists!')
+
+ db_setup = format('ambari-python-wrap {ranger_home}/db_setup.py')
+ Execute(db_setup,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+
+
+def setup_java_patch(stack_version=None):
+ import params
+
+ ranger_home = params.ranger_home
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ setup_java_patch = format('ambari-python-wrap {ranger_home}/db_setup.py -javapatch')
+ Execute(setup_java_patch,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+
+
+def do_keystore_setup(upgrade_type=None):
+ import params
+
+ ranger_home = params.ranger_home
+ cred_lib_path = params.cred_lib_path
+
+ if not is_empty(params.ranger_credential_provider_path):
+ ranger_credential_helper(cred_lib_path, params.ranger_jpa_jdbc_credential_alias, params.ranger_ambari_db_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
+ ranger_credential_helper(cred_lib_path, params.ranger_jpa_audit_jdbc_credential_alias, params.ranger_ambari_audit_db_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.ranger_auth_method.upper() == "LDAP":
+ ranger_credential_helper(params.cred_lib_path, params.ranger_ldap_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.ranger_auth_method.upper() == "ACTIVE_DIRECTORY":
+ ranger_credential_helper(params.cred_lib_path, params.ranger_ad_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.stack_supports_secure_ssl_password:
+ ranger_credential_helper(params.cred_lib_path, params.ranger_truststore_alias, params.truststore_password, params.ranger_credential_provider_path)
+
+ if params.https_enabled and not params.http_enabled:
+ ranger_credential_helper(params.cred_lib_path, params.ranger_https_keystore_alias, params.https_keystore_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+def password_validation(password):
+ import params
+ if password.strip() == "":
+ raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+ if re.search("[\\\`'\"]",password):
+ raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `")
+ else:
+ Logger.info("password validated")
+
+def copy_jdbc_connector(stack_version=None):
+ import params
+
+ if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
+ error_message = format("{db_flavor} jdbc driver cannot be downloaded from {jdk_location}\nPlease run 'ambari-server setup --jdbc-db={db_flavor} --jdbc-driver={{path_to_jdbc}}' on ambari-server host.")
+ raise Fail(error_message)
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ ranger_home = params.ranger_home
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+
+ driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+
+ if params.db_flavor.lower() == 'sqla':
+ Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
+
+ Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(ranger_home, 'ews', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(ranger_home, 'ews', 'lib', 'sajdbc4.jar'), mode=0644)
+
+ Directory(params.jdbc_libs_dir,
+ cd_access="a",
+ create_parents=True)
+
+ Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
+ path=["/bin", "/usr/bin/"])
+ else:
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(ranger_home, 'ews', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(ranger_home, 'ews', 'lib',params.jdbc_jar_name), mode=0644)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = params.config['configurations']['admin-properties'],
+ owner = params.unix_user,
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{ranger_home}/ews/lib/sajdbc4.jar')},
+ owner = params.unix_user,
+ )
+ else:
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
+ owner = params.unix_user,
+ )
+
+def setup_usersync(upgrade_type=None):
+ import params
+
+ usersync_home = params.usersync_home
+ ranger_home = params.ranger_home
+ ranger_ugsync_conf = params.ranger_ugsync_conf
+
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_ugsync_conf}/ranger-usersync-env-piddir.sh'),
+ content = format("export USERSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_USERSYNC_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.usersync_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group,
+ cd_access = 'a',
+ create_parents=True,
+ mode=0755,
+ recursive_ownership = True
+ )
+
+ File(format('{ranger_ugsync_conf}/ranger-usersync-env-logdir.sh'),
+ content = format("export logdir={usersync_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(format("{ranger_ugsync_conf}/"),
+ owner = params.unix_user
+ )
+
+ if upgrade_type is not None:
+ src_file = format('{usersync_home}/conf.dist/ranger-ugsync-default.xml')
+ dst_file = format('{usersync_home}/conf/ranger-ugsync-default.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ if params.stack_supports_ranger_log4j:
+ File(format('{usersync_home}/conf/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.usersync_log4j),
+ mode=0644
+ )
+ elif upgrade_type is not None and not params.stack_supports_ranger_log4j:
+ src_file = format('{usersync_home}/conf.dist/log4j.xml')
+ dst_file = format('{usersync_home}/conf/log4j.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ # remove plain-text password from xml configs
+ ranger_ugsync_site_copy = {}
+ ranger_ugsync_site_copy.update(params.config['configurations']['ranger-ugsync-site'])
+ for prop in params.ranger_usersync_password_properties:
+ if prop in ranger_ugsync_site_copy:
+ ranger_ugsync_site_copy[prop] = "_"
+
+ XmlConfig("ranger-ugsync-site.xml",
+ conf_dir=ranger_ugsync_conf,
+ configurations=ranger_ugsync_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-ugsync-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ if os.path.isfile(params.ranger_ugsync_default_file):
+ File(params.ranger_ugsync_default_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.usgsync_log4j_file):
+ File(params.usgsync_log4j_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.cred_validator_file):
+ File(params.cred_validator_file, group=params.unix_group, mode=04555)
+
+ ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.key.password', params.ranger_usersync_keystore_password, params.ugsync_jceks_path)
+
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ ranger_credential_helper(params.ugsync_cred_lib, 'ranger.usersync.ldap.bindalias', params.ranger_usersync_ldap_ldapbindpassword, params.ugsync_jceks_path)
+
+ ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.truststore.password', params.ranger_usersync_truststore_password, params.ugsync_jceks_path)
+
+ File(params.ugsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ File([params.usersync_start, params.usersync_stop],
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+ File(params.usersync_services_file,
+ mode = 0755,
+ )
+
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True)
+
+ if not os.path.isfile(params.ranger_usersync_keystore_file):
+ cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass {ranger_usersync_keystore_password!p} -storepass {ranger_usersync_keystore_password!p} -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
+
+ Execute(cmd, logoutput=True, user = params.unix_user)
+
+ File(params.ranger_usersync_keystore_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ create_core_site_xml(ranger_ugsync_conf)
+
+def setup_tagsync(upgrade_type=None):
+ import params
+
+ ranger_tagsync_home = params.ranger_tagsync_home
+ ranger_home = params.ranger_home
+ ranger_tagsync_conf = params.ranger_tagsync_conf
+
+ Directory(format("{ranger_tagsync_conf}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True
+ )
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ create_parents=True,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_tagsync_conf}/ranger-tagsync-env-piddir.sh'),
+ content = format("export TAGSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_TAGSYNC_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.tagsync_log_dir,
+ create_parents = True,
+ owner = params.unix_user,
+ group = params.unix_group,
+ cd_access = "a",
+ mode=0755
+ )
+
+ File(format('{ranger_tagsync_conf}/ranger-tagsync-env-logdir.sh'),
+ content = format("export RANGER_TAGSYNC_LOG_DIR={tagsync_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ XmlConfig("ranger-tagsync-site.xml",
+ conf_dir=ranger_tagsync_conf,
+ configurations=params.config['configurations']['ranger-tagsync-site'],
+ configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack supports tagsync-ssl configurations, performing the same.")
+ setup_tagsync_ssl_configs()
+ else:
+ Logger.info("Stack doesnt support tagsync-ssl configurations, skipping the same.")
+
+ PropertiesFile(format('{ranger_tagsync_conf}/atlas-application.properties'),
+ properties = params.tagsync_application_properties,
+ mode=0755,
+ owner=params.unix_user,
+ group=params.unix_group
+ )
+
+ File(format('{ranger_tagsync_conf}/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.tagsync_log4j),
+ mode=0644
+ )
+
+ File(params.tagsync_services_file,
+ mode = 0755,
+ )
+
+ Execute(('ln','-sf', format('{tagsync_services_file}'),'/usr/bin/ranger-tagsync'),
+ not_if=format("ls /usr/bin/ranger-tagsync"),
+ only_if=format("ls {tagsync_services_file}"),
+ sudo=True)
+
+ create_core_site_xml(ranger_tagsync_conf)
+
+def ranger_credential_helper(lib_path, alias_key, alias_value, file_path):
+ import params
+
+ java_bin = format('{java_home}/bin/java')
+ file_path = format('jceks://file{file_path}')
+ cmd = (java_bin, '-cp', lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', alias_key, '-value', PasswordString(alias_value), '-provider', file_path)
+ Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+def create_core_site_xml(conf_dir):
+ import params
+
+ if params.stack_supports_ranger_kerberos:
+ if params.has_namenode:
+ XmlConfig("core-site.xml",
+ conf_dir=conf_dir,
+ configurations=params.config['configurations']['core-site'],
+ configuration_attributes=params.config['configuration_attributes']['core-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+ else:
+ Logger.warning('HDFS service not installed. Creating core-site.xml file.')
+ XmlConfig("core-site.xml",
+ conf_dir=conf_dir,
+ configurations=params.core_site_property,
+ configuration_attributes={},
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+def setup_ranger_audit_solr():
+ import params
+
+ if params.security_enabled and params.stack_supports_ranger_kerberos:
+
+ if params.solr_jaas_file is not None:
+ File(format("{solr_jaas_file}"),
+ content=Template("ranger_solr_jaas_conf.j2"),
+ owner=params.unix_user
+ )
+ try:
+ check_znode()
+
+ if params.stack_supports_ranger_solr_configs:
+ Logger.info('Solr configrations supported,creating solr-configurations.')
+ File(format("{ranger_solr_conf}/solrconfig.xml"),
+ content=InlineTemplate(params.ranger_solr_config_content),
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+ solr_cloud_util.upload_configuration_to_zk(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ config_set = params.ranger_solr_config_set,
+ config_set_dir = params.ranger_solr_conf,
+ tmp_dir = params.tmp_dir,
+ java64_home = params.java_home,
+ solrconfig_content = InlineTemplate(params.ranger_solr_config_content),
+ jaas_file=params.solr_jaas_file,
+ retry=30, interval=5
+ )
+
+ else:
+ Logger.info('Solr configrations not supported, skipping solr-configurations.')
+ solr_cloud_util.upload_configuration_to_zk(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ config_set = params.ranger_solr_config_set,
+ config_set_dir = params.ranger_solr_conf,
+ tmp_dir = params.tmp_dir,
+ java64_home = params.java_home,
+ jaas_file=params.solr_jaas_file,
+ retry=30, interval=5)
+
+ if params.security_enabled and params.has_infra_solr \
+ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
+
+ solr_cloud_util.add_solr_roles(params.config,
+ roles = [params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
+ new_service_principals = [params.ranger_admin_jaas_principal])
+ service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'),
+ ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')]
+ service_principals = get_ranger_plugin_principals(service_default_principals_map)
+ solr_cloud_util.add_solr_roles(params.config,
+ roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
+ new_service_principals = service_principals)
+
+
+ solr_cloud_util.create_collection(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ collection = params.ranger_solr_collection_name,
+ config_set = params.ranger_solr_config_set,
+ java64_home = params.java_home,
+ shards = params.ranger_solr_shards,
+ replication_factor = int(params.replication_factor),
+ jaas_file = params.solr_jaas_file)
+
+ if params.security_enabled and params.has_infra_solr \
+ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
+ secure_znode(format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file)
+ secure_znode(format('{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file)
+ except ExecutionFailed as execution_exception:
+ Logger.error('Error when configuring Solr for Ranger, Kindly check Solr/Zookeeper services to be up and running:\n {0}'.format(execution_exception))
+
+def setup_ranger_admin_passwd_change():
+ import params
+
+ if params.admin_password != params.default_admin_password:
+ cmd = format('ambari-python-wrap {ranger_home}/db_setup.py -changepassword {admin_username} {default_admin_password!p} {admin_password!p}')
+ Logger.info('Updating admin password')
+ Execute(cmd, environment={'JAVA_HOME': params.java_home, 'RANGER_ADMIN_HOME': params.ranger_home}, user=params.unix_user)
+
+@retry(times=10, sleep_time=5, err_class=Fail)
+def check_znode():
+ import params
+ solr_cloud_util.check_znode(
+ zookeeper_quorum=params.zookeeper_quorum,
+ solr_znode=params.solr_znode,
+ java64_home=params.java_home)
+
+def secure_znode(znode, jaasFile):
+ import params
+ solr_cloud_util.secure_znode(config=params.config, zookeeper_quorum=params.zookeeper_quorum,
+ solr_znode=znode,
+ jaas_file=jaasFile,
+ java64_home=params.java_home, sasl_users=[params.ranger_admin_jaas_principal])
+
+def get_ranger_plugin_principals(services_defaults_tuple_list):
+ """
+ Get ranger plugin user principals from service-default value maps using ranger-*-audit configurations
+ """
+ import params
+ user_principals = []
+ if len(services_defaults_tuple_list) < 1:
+ raise Exception("Services - defaults map parameter is missing.")
+
+ for (service, default_value) in services_defaults_tuple_list:
+ user_principal = default(format("configurations/ranger-{service}-audit/xasecure.audit.jaas.Client.option.principal"), default_value)
+ user_principals.append(user_principal)
+ return user_principals
+
+
+def setup_tagsync_ssl_configs():
+ import params
+ Directory(params.security_store_path,
+ cd_access="a",
+ create_parents=True)
+
+ Directory(params.tagsync_etc_path,
+ cd_access="a",
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0775,
+ create_parents=True)
+
+ # remove plain-text password from xml configs
+ ranger_tagsync_policymgr_ssl_copy = {}
+ ranger_tagsync_policymgr_ssl_copy.update(params.config['configurations']['ranger-tagsync-policymgr-ssl'])
+ for prop in params.ranger_tagsync_password_properties:
+ if prop in ranger_tagsync_policymgr_ssl_copy:
+ ranger_tagsync_policymgr_ssl_copy[prop] = "_"
+
+ XmlConfig("ranger-policymgr-ssl.xml",
+ conf_dir=params.ranger_tagsync_conf,
+ configurations=ranger_tagsync_policymgr_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-policymgr-ssl'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.ranger_tagsync_keystore_password, params.ranger_tagsync_credential_file)
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.ranger_tagsync_truststore_password, params.ranger_tagsync_credential_file)
+
+ File(params.ranger_tagsync_credential_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ # remove plain-text password from xml configs
+ atlas_tagsync_ssl_copy = {}
+ atlas_tagsync_ssl_copy.update(params.config['configurations']['atlas-tagsync-ssl'])
+ for prop in params.ranger_tagsync_password_properties:
+ if prop in atlas_tagsync_ssl_copy:
+ atlas_tagsync_ssl_copy[prop] = "_"
+
+ XmlConfig("atlas-tagsync-ssl.xml",
+ conf_dir=params.ranger_tagsync_conf,
+ configurations=atlas_tagsync_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['atlas-tagsync-ssl'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.atlas_tagsync_keystore_password, params.atlas_tagsync_credential_file)
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.atlas_tagsync_truststore_password, params.atlas_tagsync_credential_file)
+
+ File(params.atlas_tagsync_credential_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ Logger.info("Configuring tagsync-ssl configurations done successfully.")
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
new file mode 100644
index 0000000..842430b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
+ranger_pid_dir = config['configurations']['ranger-env']['ranger_pid_dir']
+tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
+stack_name = default("/hostLevelParams/stack_name", None)
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
+ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
+stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_PID_SUPPORT, stack_version_formatted)
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
new file mode 100644
index 0000000..a07a1fd
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
@@ -0,0 +1,31 @@
+
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions.format import format
+
+def prestart(env, stack_component):
+ import params
+
+ if params.version and params.stack_supports_rolling_upgrade:
+ conf_select.select(params.stack_name, stack_component, params.version)
+ stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
new file mode 100644
index 0000000..6c5bb1f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
@@ -0,0 +1,79 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+{
+ "input":[
+ {
+ "type":"ranger_admin",
+ "rowtype":"service",
+ "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/xa_portal.log"
+ },
+ {
+ "type":"ranger_dbpatch",
+ "is_enabled":"true",
+ "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/ranger_db_patch.log"
+ },
+ {
+ "type":"ranger_usersync",
+ "rowtype":"service",
+ "path":"{{default('/configurations/ranger-env/ranger_usersync_log_dir', '/var/log/ranger/usersync')}}/usersync.log"
+ }
+ ],
+ "filter":[
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_admin",
+ "ranger_dbpatch"
+ ]
+ }
+ },
+ "log4j_format":"%d [%t] %-5p %C{6} (%F:%L) - %m%n",
+ "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
+ "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\(%{JAVAFILE:file}:%{INT:line_number}\\)%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
+ }
+ }
+ }
+ },
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_usersync"
+ ]
+ }
+ },
+ "log4j_format":"%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n",
+ "multiline_pattern":"^(%{USER_SYNC_DATE:logtime})",
+ "message_pattern":"(?m)^%{USER_SYNC_DATE:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"dd MMM yyyy HH:mm:ss"
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth sufficient pam_sss.so
+account sufficient pam_unix.so
+account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth sufficient pam_sss.so
+account sufficient pam_unix.so
+account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
new file mode 100644
index 0000000..a456688
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
@@ -0,0 +1,26 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ useTicketCache=false
+ keyTab="{{solr_kerberos_keytab}}"
+ principal="{{solr_kerberos_principal}}";
+};
\ No newline at end of file
[2/6] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Posted by vb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json
new file mode 100644
index 0000000..e6724cd
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json
@@ -0,0 +1,722 @@
+{
+ "name": "default",
+ "description": "Default theme for Ranger service",
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "ranger_admin_settings",
+ "display-name": "Ranger Admin",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-admin",
+ "display-name": "Ranger Admin",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "3",
+ "column-span": "2",
+ "section-columns": "2",
+ "section-rows": "3",
+ "subsections": [
+ {
+ "name": "subsection-ranger-db-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-root-user-col1",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-root-user-col2",
+ "row-index": "1",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_user_info",
+ "display-name": "Ranger User Info",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-user-info",
+ "display-name": "Ranger User Info",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "2",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "2",
+ "subsections": [
+ {
+ "name": "subsection-ranger-user-row2-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "subsection-tabs": [
+ {
+ "name": "ldap-common-configs",
+ "display-name": "Common Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "usersync-properties/SYNC_SOURCE"
+ ],
+ "if": "${usersync-properties/SYNC_SOURCE} === ldap",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "ldap-user-configs",
+ "display-name": "User Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "usersync-properties/SYNC_SOURCE"
+ ],
+ "if": "${usersync-properties/SYNC_SOURCE} === ldap",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_plugin",
+ "display-name": "Ranger Plugin",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-ranger-plugin",
+ "display-name": "Ranger Plugin",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "3",
+ "section-columns": "3",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "section-ranger-plugin-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "section-ranger-plugin-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "section-ranger-plugin-row1-col3",
+ "row-index": "0",
+ "column-index": "2",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_audit_settings",
+ "display-name": "Ranger Audit",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-audit-hdfs",
+ "display-name": "Audit to HDFS",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-hdfs-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-ranger-audit-db",
+ "display-name": "Audit to DB",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-audit-db-row2-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-audit-db-row2-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "admin-properties/DB_FLAVOR",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_name",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_user",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_host",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "admin-properties/db_password",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "admin-properties/db_root_user",
+ "subsection-name": "subsection-ranger-db-root-user-col1"
+ },
+ {
+ "config": "admin-properties/db_root_password",
+ "subsection-name": "subsection-ranger-db-root-user-col2"
+ },
+ {
+ "config": "usersync-properties/SYNC_SOURCE",
+ "subsection-name": "subsection-ranger-user-row2-col1"
+ },
+
+ {
+ "config": "usersync-properties/MIN_UNIX_USER_ID_TO_SYNC",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "usersync-properties/SYNC_SOURCE"
+ ],
+ "if": "${usersync-properties/SYNC_SOURCE} === unix",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_URL",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-env/bind_anonymous",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_BIND_DN",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/bind_anonymous"
+ ],
+ "if": "${ranger-env/bind_anonymous}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_BIND_PASSWORD",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/bind_anonymous"
+ ],
+ "if": "${ranger-env/bind_anonymous}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_BASE",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-env/ranger-hdfs-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HDFS",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hive-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HIVE",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hbase-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HBASE",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-storm-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "STORM",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-knox-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col3",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "KNOX",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "subsection-name": "subsection-ranger-hdfs-row1-col1"
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "subsection-name": "subsection-ranger-hdfs-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.hdfs"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.hdfs}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.db",
+ "subsection-name": "subsection-ranger-audit-db-row2-col1"
+ },
+ {
+ "config": "admin-properties/audit_db_user",
+ "subsection-name": "subsection-ranger-audit-db-row2-col1"
+ },
+ {
+ "config": "admin-properties/audit_db_name",
+ "subsection-name": "subsection-ranger-audit-db-row2-col2"
+ },
+ {
+ "config": "admin-properties/audit_db_password",
+ "subsection-name": "subsection-ranger-audit-db-row2-col2"
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "admin-properties/DB_FLAVOR",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "admin-properties/db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_host",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "admin-properties/db_root_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_root_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_SOURCE",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "usersync-properties/MIN_UNIX_USER_ID_TO_SYNC",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_URL",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-env/bind_anonymous",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_BIND_DN",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_BIND_PASSWORD",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_BASE",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hdfs-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hive-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hbase-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-knox-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-storm-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.db",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "admin-properties/audit_db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/audit_db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/audit_db_password",
+ "widget": {
+ "type": "password"
+ }
+ }
+ ]
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json
new file mode 100644
index 0000000..cbd27e4
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json
@@ -0,0 +1,1470 @@
+{
+ "name": "default",
+ "description": "Default theme for Ranger service",
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "ranger_admin_settings",
+ "display-name": "Ranger Admin",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-admin",
+ "display-name": "Ranger Admin",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "3",
+ "column-span": "2",
+ "section-columns": "2",
+ "section-rows": "3",
+ "subsections": [
+ {
+ "name": "subsection-ranger-db-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-row2",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2"
+ },
+ {
+ "name": "subsection-ranger-db-root-user-col1",
+ "row-index": "2",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/create_db_dbuser"
+ ],
+ "if": "${ranger-env/create_db_dbuser}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "subsection-ranger-db-root-user-col2",
+ "row-index": "2",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/create_db_dbuser"
+ ],
+ "if": "${ranger-env/create_db_dbuser}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_user_info",
+ "display-name": "Ranger User Info",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-user-info",
+ "display-name": "Ranger User Info",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "2",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "2",
+ "subsections": [
+ {
+ "name": "subsection-ranger-user-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-user-row2-col1",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "subsection-tabs": [
+ {
+ "name": "ldap-common-configs",
+ "display-name": "Common Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "ldap-user-configs",
+ "display-name": "User Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "ldap-group-configs",
+ "display-name": "Group Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.enabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_plugin",
+ "display-name": "Ranger Plugin",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-ranger-plugin",
+ "display-name": "Ranger Plugin",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "3",
+ "section-columns": "3",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "section-ranger-plugin-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "section-ranger-plugin-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "section-ranger-plugin-row1-col3",
+ "row-index": "0",
+ "column-index": "2",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_audit_settings",
+ "display-name": "Ranger Audit",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-audit-solr",
+ "display-name": "Audit to Solr",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-solr-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-ranger-audit-hdfs",
+ "display-name": "Audit to HDFS",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-hdfs-row1-col2",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-ranger-audit-db",
+ "display-name": "Audit to DB",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2",
+ "section-columns": "2",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-audit-db-row2-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-audit-db-row2-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "admin-properties/DB_FLAVOR",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_name",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_user",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_host",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "admin-properties/db_password",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "ranger-env/test_db_connection",
+ "subsection-name": "subsection-ranger-db-row2",
+ "property_value_attributes": {
+ "ui_only_property": true
+ },
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/create_db_dbuser"
+ ],
+ "if": "${ranger-env/create_db_dbuser}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/create_db_dbuser",
+ "subsection-name": "subsection-ranger-db-row2"
+ },
+ {
+ "config": "admin-properties/db_root_user",
+ "subsection-name": "subsection-ranger-db-root-user-col1"
+ },
+ {
+ "config": "ranger-env/ranger_privelege_user_jdbc_url",
+ "subsection-name": "subsection-ranger-db-root-user-col1"
+ },
+ {
+ "config": "admin-properties/db_root_password",
+ "subsection-name": "subsection-ranger-db-root-user-col2"
+ },
+ {
+ "config": "ranger-env/test_root_db_connection",
+ "subsection-name": "subsection-ranger-db-root-user-col1",
+ "property_value_attributes": {
+ "ui_only_property": true
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.enabled",
+ "subsection-name": "subsection-ranger-user-row1-col1"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.source.impl.class",
+ "subsection-name": "subsection-ranger-user-row2-col1"
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.minUserId",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.password.file",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.group.file",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.file",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.text.delimiter",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.url",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-env/bind_anonymous",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/bind_anonymous"
+ ],
+ "if": "${ranger-env/bind_anonymous}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/bind_anonymous"
+ ],
+ "if": "${ranger-env/bind_anonymous}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.nameattribute",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.objectclass",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchbase",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchfilter",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchscope",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.groupnameattribute",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.usermapsyncenabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchenabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.memberattributename",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.nameattribute",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.objectclass",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchbase",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchfilter",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hdfs-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HDFS",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-yarn-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "YARN",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hive-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HIVE",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hbase-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HBASE",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-storm-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "STORM",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-knox-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col3",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "KNOX",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-kafka-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col3",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "KAFKA",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.db",
+ "subsection-name": "subsection-ranger-audit-db-row2-col1"
+ },
+ {
+ "config": "admin-properties/audit_db_user",
+ "subsection-name": "subsection-ranger-audit-db-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.db"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.db}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "admin-properties/audit_db_name",
+ "subsection-name": "subsection-ranger-audit-db-row2-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.db"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.db}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "admin-properties/audit_db_password",
+ "subsection-name": "subsection-ranger-audit-db-row2-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.db"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.db}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.solr",
+ "subsection-name": "subsection-ranger-solr-row1-col1"
+ },
+ {
+ "config": "ranger-env/is_solrCloud_enabled",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.urls",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/is_solrCloud_enabled} === false && ${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/is_solrCloud_enabled} && ${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.username",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.password",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2"
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.hdfs"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.hdfs}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "admin-properties/DB_FLAVOR",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "admin-properties/db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_host",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/test_db_connection",
+ "widget": {
+ "type": "test-db-connection",
+ "display-name": "Test Connection",
+ "required-properties": {
+ "jdbc.driver.class": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "jdbc.driver.url": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "db.connection.source.host": "ranger-site/ranger_admin_hosts",
+ "db.type": "admin-properties/DB_FLAVOR",
+ "db.connection.destination.host": "admin-properties/db_host",
+ "db.connection.user": "admin-properties/db_user",
+ "db.connection.password": "admin-properties/db_password"
+ }
+ }
+ },
+ {
+ "config": "ranger-env/create_db_dbuser",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger_privelege_user_jdbc_url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_root_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_root_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/test_root_db_connection",
+ "widget": {
+ "type": "test-db-connection",
+ "display-name": "Test Connection",
+ "required-properties": {
+ "jdbc.driver.class": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "jdbc.driver.url": "ranger-env/ranger_privelege_user_jdbc_url",
+ "db.connection.source.host": "ranger-site/ranger_admin_hosts",
+ "db.type": "admin-properties/DB_FLAVOR",
+ "db.connection.destination.host": "admin-properties/db_host",
+ "db.connection.user": "admin-properties/db_root_user",
+ "db.connection.password": "admin-properties/db_root_password"
+ }
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.source.impl.class",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-env/bind_anonymous",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
+ "widget": {
+ "type": "password"
+ }
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.usermapsyncenabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.nameattribute",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.objectclass",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchbase",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchfilter",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchscope",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.groupnameattribute",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchenabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.memberattributename",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.nameattribute",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.objectclass",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchbase",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchfilter",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.minUserId",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.password.file",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.group.file",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.file",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.text.delimiter",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hdfs-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hive-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hbase-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-kafka-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-knox-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-storm-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-yarn-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.db",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "admin-properties/audit_db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/audit_db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/audit_db_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.solr",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_solrCloud_enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.urls",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.username",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "widget": {
+ "type": "text-field"
+ }
+ }
+ ]
+ }
+}
+
[5/6] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Posted by vb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml
new file mode 100644
index 0000000..2c62851
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml
@@ -0,0 +1,574 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.usersync.port</name>
+ <value>5151</value>
+ <description>Port for unix authentication service, run within usersync</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ssl</name>
+ <value>true</value>
+ <description>SSL enabled? (ranger admin -> usersync communication)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.keystore.password</name>
+ <value>UnIx529p</value>
+ <property-type>PASSWORD</property-type>
+ <description>Keystore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>Truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.passwordvalidator.path</name>
+ <value>./native/credValidator.uexe</value>
+ <description>Native program for password validation</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.enabled</name>
+ <display-name>Enable User Sync</display-name>
+ <value>true</value>
+ <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.sink.impl.class</name>
+ <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
+ <description>Class to be used as sink (to sync users into ranger admin)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.baseURL</name>
+ <value>{{ranger_external_url}}</value>
+ <description>URL to be used by clients to access ranger admin, use FQDN</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
+ <value>1000</value>
+ <description>How many records to be returned per API call</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.mockrun</name>
+ <value>false</value>
+ <description>Is user sync doing mock run?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.minUserId</name>
+ <display-name>Minimum User ID</display-name>
+ <value>500</value>
+ <description>Only sync users above this user id (applicable for UNIX)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.group.file</name>
+ <display-name>Group File</display-name>
+ <value>/etc/group</value>
+ <description>Location of the groups file on the linux server</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.password.file</name>
+ <display-name>Password File</display-name>
+ <value>/etc/passwd</value>
+ <description>Location of the password file on the linux server</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
+ <value>60000</value>
+ <description>Sleeptime interval in milliseconds, if < 6000 then default to 1 min</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.source.impl.class</name>
+ <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+ <display-name>Sync Source</display-name>
+ <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
+ <value-attributes>
+ <type>value-list</type>
+ <empty-value-valid>true</empty-value-valid>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+ <label>UNIX</label>
+ </entry>
+ <entry>
+ <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value>
+ <label>FILE</label>
+ </entry>
+ <entry>
+ <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
+ <label>LDAP/AD</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.filesource.file</name>
+ <display-name>File Name</display-name>
+ <value>/tmp/usergroup.txt</value>
+ <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.filesource.text.delimiter</name>
+ <display-name>Delimiter</display-name>
+ <value>,</value>
+ <description>Delimiter used in file, if File based user sync is used</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.url</name>
+ <display-name>LDAP/AD URL</display-name>
+ <value/>
+ <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.binddn</name>
+ <display-name>​Bind User</display-name>
+ <value/>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.ldapbindpassword</name>
+ <display-name>Bind User Password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the LDAP bind user used for searching users.</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.bindalias</name>
+ <value>testldapalias</value>
+ <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.ldap.searchBase</name>
+ <value>dc=hadoop,dc=apache,dc=org</value>
+ <description>"# search base for users and groups
+# sample value would be dc=hadoop,dc=apache,dc=org
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchbase</name>
+ <display-name>User Search Base</display-name>
+ <value/>
+ <description>"# search base for users
+# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: cn=users,dc=example,dc=com;ou=example1,ou=example2"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchscope</name>
+ <display-name>User Search Scope</display-name>
+ <value>sub</value>
+ <description>"# search scope for the users, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.objectclass</name>
+ <display-name>User Object Class​</display-name>
+ <value>person</value>
+ <description>LDAP User Object Class. Example: person or user</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchfilter</name>
+ <display-name>​User Search Filter</display-name>
+ <value/>
+ <description>"optional additional filter constraining the users selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.nameattribute</name>
+ <display-name>Username Attribute</display-name>
+ <value/>
+ <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.groupnameattribute</name>
+ <display-name>User Group Name Attribute</display-name>
+ <value>memberof, ismemberof</value>
+ <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.username.caseconversion</name>
+ <value>none</value>
+ <description>User name case conversion</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.groupname.caseconversion</name>
+ <value>none</value>
+ <description>Group name case conversion</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.logdir</name>
+ <value>{{usersync_log_dir}}</value>
+ <description>User sync log directory</description>
+ <value-attributes>
+ <visible>false</visible>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.group.usermapsyncenabled</name>
+ <value>true</value>
+ <display-name>Group User Map Sync</display-name>
+ <description>Sync specific groups for users?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchbase</name>
+ <display-name>Group Search Base</display-name>
+ <value/>
+ <description>"# search base for groups
+# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase
+# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase
+# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: ou=groups,DC=example,DC=com;ou=group1,ou=group2"
+</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchscope</name>
+ <value/>
+ <description>"# search scope for the groups, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.objectclass</name>
+ <display-name>Group Object Class</display-name>
+ <value/>
+ <description>LDAP Group object class. Example: group</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchfilter</name>
+ <value/>
+ <display-name>Group Search Filter</display-name>
+ <description>"# optional additional filter constraining the groups selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.nameattribute</name>
+ <display-name>Group Name Attribute</display-name>
+ <value/>
+ <description>LDAP group name attribute. Example: cn</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.memberattributename</name>
+ <display-name>Group Member Attribute</display-name>
+ <value/>
+ <description>LDAP group member attribute name. Example: member</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.pagedresultsenabled</name>
+ <value>true</value>
+ <description>Results can be paged?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.pagedresultssize</name>
+ <value>500</value>
+ <description>Page size</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.username</name>
+ <value>rangerusersync</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.alias</name>
+ <value>ranger.usersync.policymgr.password</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.group.search.first.enabled</name>
+ <display-name>Enable Group Search First</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.user.searchenabled</name>
+ <display-name>Enable User Search</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.deltasync</name>
+ <display-name>Incremental Sync</display-name>
+ <value>true</value>
+ <description>Enable Incremental Sync</description>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.group.searchenabled</name>
+ <display-name>Enable Group Sync</display-name>
+ <value>false</value>
+ <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+ # valid values: true, false
+ # any value other than true would be treated as false
+ # default value: false"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.ldap.deltasync</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.keystore.file</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
+ <description>Keystore file used for usersync</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.truststore.file</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
+ <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.bindkeystore</name>
+ <value/>
+ <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.credstore.filename</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+ <description>Credential store file name for user sync, specify full path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.keystore</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml
new file mode 100644
index 0000000..f616324
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>atlas.kafka.entities.group.id</name>
+ <display-name>Atlas Source: Kafka consumer group</display-name>
+ <value>ranger_entities_consumer</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>atlas.kafka.bootstrap.servers</name>
+ <display-name>Atlas Source: Kafka endpoint</display-name>
+ <value>localhost:6667</value>
+ <description/>
+ <depends-on>
+ <property>
+ <type>kafka-broker</type>
+ <name>port</name>
+ </property>
+ </depends-on>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>atlas.kafka.zookeeper.connect</name>
+ <display-name>Atlas Source: Zookeeper endpoint</display-name>
+ <value>localhost:2181</value>
+ <description/>
+ <depends-on>
+ <property>
+ <type>zoo.cfg</type>
+ <name>clientPort</name>
+ </property>
+ </depends-on>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml
new file mode 100644
index 0000000..8ec85a0
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_tagsync_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger tagsync Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_tagsync_log_number_of_backup_files</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger tagsync Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>tagsync-log4j template</display-name>
+ <description>tagsync-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+log4j.rootLogger = info,logFile
+
+# logFile
+log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.logFile.file=${logdir}/tagsync.log
+log4j.appender.logFile.datePattern='.'yyyy-MM-dd
+log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logFile.MaxFileSize = {{ranger_tagsync_log_maxfilesize}}MB
+log4j.appender.logFile.MaxBackupIndex = {{ranger_tagsync_log_number_of_backup_files}}
+log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.Target=System.out
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml
new file mode 100644
index 0000000..6d91b6e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_usersync_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger usersync Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_usersync_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger usersync Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>usersync-log4j template</display-name>
+ <description>usersync-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+log4j.rootLogger = info,logFile
+
+# logFile
+log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.logFile.file=${logdir}/usersync.log
+log4j.appender.logFile.datePattern='.'yyyy-MM-dd
+log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
+log4j.appender.logFile.MaxFileSize = {{ranger_usersync_log_maxfilesize}}MB
+log4j.appender.logFile.MaxBackupIndex = {{ranger_usersync_log_maxbackupindex}}
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.Target=System.out
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml
new file mode 100644
index 0000000..15aabe8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false">
+
+
+
+
+
+
+
+
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json
new file mode 100644
index 0000000..1fc8acf
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json
@@ -0,0 +1,153 @@
+{
+ "services": [
+ {
+ "name": "RANGER",
+ "identities": [
+ {
+ "name": "/spnego"
+ },
+ {
+ "name": "/smokeuser"
+ }
+ ],
+ "configurations": [
+ {
+ "ranger-admin-site": {
+ "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+ "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+ "xasecure.audit.jaas.Client.option.storeKey": "false",
+ "xasecure.audit.jaas.Client.option.serviceName": "solr"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "RANGER_ADMIN",
+ "identities": [
+ {
+ "name": "rangeradmin",
+ "principal": {
+ "value": "rangeradmin/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "ranger-admin-site/ranger.admin.kerberos.principal",
+ "local_username" : "${ranger-env/ranger_user}"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangeradmin.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-admin-site/ranger.admin.kerberos.keytab"
+ }
+ },
+ {
+ "name": "rangerlookup",
+ "principal": {
+ "value": "rangerlookup/_HOST@${realm}",
+ "configuration": "ranger-admin-site/ranger.lookup.kerberos.principal",
+ "type" : "service"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerlookup.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-admin-site/ranger.lookup.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/spnego",
+ "keytab": {
+ "configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER/RANGER_ADMIN/rangeradmin",
+ "principal": {
+ "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
+ },
+ "keytab": {
+ "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.keyTab"
+ }
+ },
+ {
+ "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "when" : {
+ "contains" : ["services", "AMBARI_INFRA"]
+ }
+ }
+ ]
+ },
+ {
+ "name": "RANGER_USERSYNC",
+ "identities": [
+ {
+ "name": "rangerusersync",
+ "principal": {
+ "value": "rangerusersync/_HOST@${realm}",
+ "type" : "service",
+ "configuration" : "ranger-ugsync-site/ranger.usersync.kerberos.principal",
+ "local_username" : "rangerusersync"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerusersync.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-ugsync-site/ranger.usersync.kerberos.keytab"
+ }
+ }
+ ]
+ },
+ {
+ "name": "RANGER_TAGSYNC",
+ "identities": [
+ {
+ "name": "rangertagsync",
+ "principal": {
+ "value": "rangertagsync/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.principal",
+ "local_username" : "rangertagsync"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangertagsync.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
+ "principal": {
+ "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
+ },
+ "keytab": {
+ "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab"
+ }
+ }
+ ],
+ "configurations": [
+ {
+ "tagsync-application-properties": {
+ "atlas.jaas.KafkaClient.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "atlas.jaas.KafkaClient.loginModuleControlFlag": "required",
+ "atlas.jaas.KafkaClient.option.useKeyTab": "true",
+ "atlas.jaas.KafkaClient.option.storeKey": "true",
+ "atlas.jaas.KafkaClient.option.serviceName": "kafka",
+ "atlas.kafka.sasl.kerberos.service.name": "kafka",
+ "atlas.kafka.security.protocol": "PLAINTEXTSASL"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml
new file mode 100644
index 0000000..e208800
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml
@@ -0,0 +1,189 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER</name>
+ <displayName>Ranger</displayName>
+ <comment>Comprehensive security for Hadoop</comment>
+ <version>0.7.0.3.0</version>
+ <components>
+
+ <component>
+ <name>RANGER_ADMIN</name>
+ <displayName>Ranger Admin</displayName>
+ <category>MASTER</category>
+ <cardinality>1+</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <dependencies>
+ <dependency>
+ <name>AMBARI_INFRA/INFRA_SOLR_CLIENT</name>
+ <scope>host</scope>
+ <auto-deploy>
+ <enabled>true</enabled>
+ </auto-deploy>
+ </dependency>
+ </dependencies>
+ <commandScript>
+ <script>scripts/ranger_admin.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_admin</logId>
+ <primary>true</primary>
+ </log>
+ <log>
+ <logId>ranger_dbpatch</logId>
+ </log>
+ </logs>
+ </component>
+
+ <component>
+ <name>RANGER_TAGSYNC</name>
+ <displayName>Ranger Tagsync</displayName>
+ <category>SLAVE</category>
+ <cardinality>0-1</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <commandScript>
+ <script>scripts/ranger_tagsync.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <configuration-dependencies>
+ <config-type>ranger-tagsync-site</config-type>
+ <config-type>tagsync-application-properties</config-type>
+ </configuration-dependencies>
+ </component>
+
+ <component>
+ <name>RANGER_USERSYNC</name>
+ <displayName>Ranger Usersync</displayName>
+ <category>MASTER</category>
+ <cardinality>1</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <auto-deploy>
+ <enabled>true</enabled>
+ <co-locate>RANGER/RANGER_ADMIN</co-locate>
+ </auto-deploy>
+ <commandScript>
+ <script>scripts/ranger_usersync.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_usersync</logId>
+ <primary>true</primary>
+ </log>
+ </logs>
+ </component>
+
+ </components>
+ <configuration-dependencies>
+ <config-type>admin-properties</config-type>
+ <config-type>ranger-site</config-type>
+ <config-type>usersync-properties</config-type>
+ <config-type>ranger-admin-site</config-type>
+ <config-type>ranger-ugsync-site</config-type>
+ <config-type>admin-log4j</config-type>
+ <config-type>usersync-log4j</config-type>
+ <config-type>ranger-solr-configuration</config-type>
+ </configuration-dependencies>
+
+ <commandScript>
+ <script>scripts/service_check.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>300</timeout>
+ </commandScript>
+
+ <themes>
+ <theme>
+ <fileName>theme_version_1.json</fileName>
+ <default>true</default>
+ </theme>
+ <theme>
+ <fileName>theme_version_2.json</fileName>
+ <default>true</default>
+ </theme>
+ <theme>
+ <fileName>theme_version_3.json</fileName>
+ <default>true</default>
+ </theme>
+ <theme>
+ <fileName>theme_version_5.json</fileName>
+ <default>true</default>
+ </theme>
+ </themes>
+
+ <osSpecifics>
+ <osSpecific>
+ <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+ <packages>
+ <package>
+ <name>ranger_${stack_version}-admin</name>
+ </package>
+ <package>
+ <name>ranger_${stack_version}-usersync</name>
+ </package>
+ <package>
+ <name>ranger_${stack_version}-tagsync</name>
+ <condition>should_install_ranger_tagsync</condition>
+ </package>
+ <package>
+ <name>ambari-infra-solr-client</name>
+ <condition>should_install_infra_solr_client</condition>
+ </package>
+ </packages>
+ </osSpecific>
+ <osSpecific>
+ <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
+ <packages>
+ <package>
+ <name>ranger-${stack_version}-admin</name>
+ </package>
+ <package>
+ <name>ranger-${stack_version}-usersync</name>
+ </package>
+ <package>
+ <name>ranger-${stack_version}-tagsync</name>
+ <condition>should_install_ranger_tagsync</condition>
+ </package>
+ <package>
+ <name>ambari-infra-solr-client</name>
+ <condition>should_install_infra_solr_client</condition>
+ </package>
+ </packages>
+ </osSpecific>
+ </osSpecifics>
+
+ <quickLinksConfigurations>
+ <quickLinksConfiguration>
+ <fileName>quicklinks.json</fileName>
+ <default>true</default>
+ </quickLinksConfiguration>
+ </quickLinksConfigurations>
+
+ </service>
+ </services>
+</metainfo>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
new file mode 100644
index 0000000..8ea8070
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
@@ -0,0 +1,195 @@
+#!/usr/bin/env python
+
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import base64
+import urllib2
+import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import logging
+from resource_management.core.environment import Environment
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+logger = logging.getLogger()
+RANGER_ADMIN_URL = '{{admin-properties/policymgr_external_url}}'
+ADMIN_USERNAME = '{{ranger-env/admin_username}}'
+ADMIN_PASSWORD = '{{ranger-env/admin_password}}'
+RANGER_ADMIN_USERNAME = '{{ranger-env/ranger_admin_username}}'
+RANGER_ADMIN_PASSWORD = '{{ranger-env/ranger_admin_password}}'
+SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
+
+def get_tokens():
+ """
+ Returns a tuple of tokens in the format {{site/property}} that will be used
+ to build the dictionary passed into execute
+
+ :return tuple
+ """
+ return (RANGER_ADMIN_URL, ADMIN_USERNAME, ADMIN_PASSWORD, RANGER_ADMIN_USERNAME, RANGER_ADMIN_PASSWORD, SECURITY_ENABLED)
+
+
+def execute(configurations={}, parameters={}, host_name=None):
+ """
+ Returns a tuple containing the result code and a pre-formatted result label
+
+ Keyword arguments:
+ configurations (dictionary): a mapping of configuration key to value
+ parameters (dictionary): a mapping of script parameter key to value
+ host_name (string): the name of this host where the alert is running
+ """
+
+ if configurations is None:
+ return (('UNKNOWN', ['There were no configurations supplied to the script.']))
+
+ ranger_link = None
+ ranger_auth_link = None
+ ranger_get_user = None
+ admin_username = None
+ admin_password = None
+ ranger_admin_username = None
+ ranger_admin_password = None
+ security_enabled = False
+
+ stack_version_formatted = Script.get_stack_version()
+ stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, stack_version_formatted)
+
+ if RANGER_ADMIN_URL in configurations:
+ ranger_link = configurations[RANGER_ADMIN_URL]
+ if ranger_link.endswith('/'):
+ ranger_link = ranger_link[:-1]
+ ranger_auth_link = '{0}/{1}'.format(ranger_link, 'service/public/api/repository/count')
+ ranger_get_user = '{0}/{1}'.format(ranger_link, 'service/xusers/users')
+
+ if ADMIN_USERNAME in configurations:
+ admin_username = configurations[ADMIN_USERNAME]
+
+ if ADMIN_PASSWORD in configurations:
+ admin_password = configurations[ADMIN_PASSWORD]
+
+ if RANGER_ADMIN_USERNAME in configurations:
+ ranger_admin_username = configurations[RANGER_ADMIN_USERNAME]
+
+ if RANGER_ADMIN_PASSWORD in configurations:
+ ranger_admin_password = configurations[RANGER_ADMIN_PASSWORD]
+
+ if SECURITY_ENABLED in configurations:
+ security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
+
+ label = None
+ result_code = 'OK'
+
+ try:
+ if security_enabled and stack_supports_ranger_kerberos:
+ result_code = 'UNKNOWN'
+ label = 'This alert will get skipped for Ranger Admin on kerberos env'
+ else:
+ admin_http_code = check_ranger_login(ranger_auth_link, admin_username, admin_password)
+ if admin_http_code == 200:
+ get_user_code = get_ranger_user(ranger_get_user, admin_username, admin_password, ranger_admin_username)
+ if get_user_code:
+ user_http_code = check_ranger_login(ranger_auth_link, ranger_admin_username, ranger_admin_password)
+ if user_http_code == 200:
+ result_code = 'OK'
+ label = 'Login Successful for users {0} and {1}'.format(admin_username, ranger_admin_username)
+ elif user_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(ranger_admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+ else:
+ result_code = 'OK'
+ label = 'Login Successful for user: {0}. User:{1} user not yet synced with Ranger'.format(admin_username, ranger_admin_username)
+ elif admin_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+
+ except Exception, e:
+ label = str(e)
+ result_code = 'UNKNOWN'
+ logger.exception(label)
+
+ return ((result_code, [label]))
+
+def check_ranger_login(ranger_auth_link, username, password):
+ """
+ params ranger_auth_link: ranger login url
+ params username: user credentials
+ params password: user credentials
+
+ return response code
+ """
+ try:
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(ranger_auth_link)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ if response_code == 200:
+ response = json.loads(result.read())
+ return response_code
+ except urllib2.HTTPError, e:
+ logger.exception("Error during Ranger service authentication. Http status code - {0}. {1}".format(e.code, e.read()))
+ return e.code
+ except urllib2.URLError, e:
+ logger.exception("Error during Ranger service authentication. {0}".format(e.reason))
+ return None
+ except Exception, e:
+ return 401
+
+def get_ranger_user(ranger_get_user, username, password, user):
+ """
+ params ranger_get_user: ranger get user url
+ params username: user credentials
+ params password: user credentials
+ params user: user to be search
+ return Boolean if user exist or not
+ """
+ try:
+ url = '{0}?name={1}'.format(ranger_get_user, user)
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(url)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(result.read())
+ if response_code == 200 and len(response['vXUsers']) > 0:
+ for xuser in response['vXUsers']:
+ if xuser['name'] == user:
+ return True
+ else:
+ return False
+ except urllib2.HTTPError, e:
+ logger.exception("Error getting user from Ranger service. Http status code - {0}. {1}".format(e.code, e.read()))
+ return False
+ except urllib2.URLError, e:
+ logger.exception("Error getting user from Ranger service. {0}".format(e.reason))
+ return False
+ except Exception, e:
+ return False
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py
new file mode 100644
index 0000000..094d239
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py
@@ -0,0 +1,448 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+import os
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions.stack_features import get_stack_feature_version
+from resource_management.libraries.functions import StackFeature
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
+
+# a map of the Ambari role to the component name
+# for use with <stack-root>/current/<component>
+SERVER_ROLE_DIRECTORY_MAP = {
+ 'RANGER_ADMIN' : 'ranger-admin',
+ 'RANGER_USERSYNC' : 'ranger-usersync',
+ 'RANGER_TAGSYNC' : 'ranger-tagsync'
+}
+
+component_directory = Script.get_component_from_role(SERVER_ROLE_DIRECTORY_MAP, "RANGER_ADMIN")
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+stack_root = Script.get_stack_root()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+version = default("/commandParams/version", None)
+
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+
+upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
+
+xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
+
+create_db_dbuser = config['configurations']['ranger-env']['create_db_dbuser']
+
+# get the correct version to use for checking stack features
+version_for_stack_feature_checks = get_stack_feature_version(config)
+
+stack_supports_rolling_upgrade = check_stack_feature(StackFeature.ROLLING_UPGRADE, version_for_stack_feature_checks)
+stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
+stack_supports_usersync_non_root = check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync = check_stack_feature(StackFeature.RANGER_TAGSYNC_COMPONENT, version_for_stack_feature_checks)
+stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_log4j = check_stack_feature(StackFeature.RANGER_LOG4J_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
+stack_supports_usersync_passwd = check_stack_feature(StackFeature.RANGER_USERSYNC_PASSWORD_JCEKS, version_for_stack_feature_checks)
+stack_supports_infra_client = check_stack_feature(StackFeature.RANGER_INSTALL_INFRA_CLIENT, version_for_stack_feature_checks)
+stack_supports_pid = check_stack_feature(StackFeature.RANGER_PID_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_admin_password_change = check_stack_feature(StackFeature.RANGER_ADMIN_PASSWD_CHANGE, version_for_stack_feature_checks)
+stack_supports_ranger_setup_db_on_start = check_stack_feature(StackFeature.RANGER_SETUP_DB_ON_START, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync_ssl_xml_support = check_stack_feature(StackFeature.RANGER_TAGSYNC_SSL_XML_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_solr_configs = check_stack_feature(StackFeature.RANGER_SOLR_CONFIG_SUPPORT, version_for_stack_feature_checks)
+stack_supports_secure_ssl_password = check_stack_feature(StackFeature.SECURE_RANGER_SSL_PASSWORD, version_for_stack_feature_checks)
+
+downgrade_from_version = default("/commandParams/downgrade_from_version", None)
+upgrade_direction = default("/commandParams/upgrade_direction", None)
+
+ranger_conf = '/etc/ranger/admin/conf'
+ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
+ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
+tagsync_bin = '/usr/bin/ranger-tagsync'
+tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+security_store_path = '/etc/security/serverKeys'
+tagsync_etc_path = '/etc/ranger/tagsync/'
+ranger_tagsync_credential_file= os.path.join(tagsync_etc_path,'rangercred.jceks')
+atlas_tagsync_credential_file= os.path.join(tagsync_etc_path,'atlascred.jceks')
+ranger_tagsync_keystore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']
+ranger_tagsync_truststore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']
+atlas_tagsync_keystore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.keystore.password']
+atlas_tagsync_truststore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.truststore.password']
+
+if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.CONFIG_VERSIONING, version):
+ stack_supports_rolling_upgrade = True
+ stack_supports_config_versioning = False
+
+if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version):
+ stack_supports_usersync_non_root = False
+
+if stack_supports_rolling_upgrade:
+ ranger_home = format('{stack_root}/current/ranger-admin')
+ ranger_conf = '/etc/ranger/admin/conf'
+ ranger_stop = '/usr/bin/ranger-admin-stop'
+ ranger_start = '/usr/bin/ranger-admin-start'
+ usersync_home = format('{stack_root}/current/ranger-usersync')
+ usersync_start = '/usr/bin/ranger-usersync-start'
+ usersync_stop = '/usr/bin/ranger-usersync-stop'
+ ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+
+if stack_supports_config_versioning:
+ ranger_conf = format('{stack_root}/current/ranger-admin/conf')
+ ranger_ugsync_conf = format('{stack_root}/current/ranger-usersync/conf')
+
+if stack_supports_ranger_tagsync:
+ ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
+ tagsync_bin = '/usr/bin/ranger-tagsync'
+ ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
+ tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+
+usersync_services_file = format('{stack_root}/current/ranger-usersync/ranger-usersync-services.sh')
+
+java_home = config['hostLevelParams']['java_home']
+unix_user = config['configurations']['ranger-env']['ranger_user']
+unix_group = config['configurations']['ranger-env']['ranger_group']
+ranger_pid_dir = default("/configurations/ranger-env/ranger_pid_dir", "/var/run/ranger")
+usersync_log_dir = default("/configurations/ranger-env/ranger_usersync_log_dir", "/var/log/ranger/usersync")
+admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir", "/var/log/ranger/admin")
+ranger_admin_default_file = format('{ranger_conf}/ranger-admin-default-site.xml')
+security_app_context_file = format('{ranger_conf}/security-applicationContext.xml')
+ranger_ugsync_default_file = format('{ranger_ugsync_conf}/ranger-ugsync-default.xml')
+usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.xml')
+if stack_supports_ranger_log4j:
+ usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.properties')
+cred_validator_file = format('{usersync_home}/native/credValidator.uexe')
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+usersync_exturl = config['configurations']['admin-properties']['policymgr_external_url']
+if usersync_exturl.endswith('/'):
+ usersync_exturl = usersync_exturl.rstrip('/')
+ranger_host = config['clusterHostInfo']['ranger_admin_hosts'][0]
+ugsync_host = 'localhost'
+usersync_host_info = config['clusterHostInfo']['ranger_usersync_hosts']
+if not is_empty(usersync_host_info) and len(usersync_host_info) > 0:
+ ugsync_host = config['clusterHostInfo']['ranger_usersync_hosts'][0]
+ranger_external_url = config['configurations']['admin-properties']['policymgr_external_url']
+if ranger_external_url.endswith('/'):
+ ranger_external_url = ranger_external_url.rstrip('/')
+ranger_db_name = config['configurations']['admin-properties']['db_name']
+ranger_auditdb_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+
+sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+db_root_user = config['configurations']['admin-properties']['db_root_user']
+db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
+db_host = config['configurations']['admin-properties']['db_host']
+ranger_db_user = config['configurations']['admin-properties']['db_user']
+ranger_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+ranger_db_password = unicode(config['configurations']['admin-properties']['db_password'])
+
+#ranger-env properties
+oracle_home = default("/configurations/ranger-env/oracle_home", "-")
+
+#For curl command in ranger to get db connector
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = None
+previous_jdbc_jar_name = None
+if db_flavor.lower() == 'mysql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
+elif db_flavor.lower() == 'oracle':
+ jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
+ colon_count = db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}') if stack_supports_ranger_audit_db else None
+ else:
+ audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}') if stack_supports_ranger_audit_db else None
+elif db_flavor.lower() == 'postgres':
+ jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
+elif db_flavor.lower() == 'mssql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
+elif db_flavor.lower() == 'sqla':
+ jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+previous_jdbc_jar = format("{java_share_dir}/{previous_jdbc_jar_name}")
+if stack_supports_config_versioning:
+ driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+ previous_jdbc_jar = format("{ranger_home}/ews/lib/{previous_jdbc_jar_name}")
+
+if db_flavor.lower() == 'sqla':
+ downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
+ jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
+ libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
+ jdbc_libs_dir = format("{ranger_home}/native/lib64")
+ ld_lib_path = format("{jdbc_libs_dir}")
+
+#for db connection
+check_db_connection_jar_name = "DBConnectionVerification.jar"
+check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
+ranger_jdbc_connection_url = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.url"]
+ranger_jdbc_driver = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.driver"]
+
+ranger_credential_provider_path = config["configurations"]["ranger-admin-site"]["ranger.credential.provider.path"]
+ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"]
+ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"])
+
+ranger_jpa_audit_jdbc_credential_alias = default('/configurations/ranger-admin-site/ranger.jpa.audit.jdbc.credential.alias', 'rangeraudit')
+ranger_ambari_audit_db_password = ''
+if not is_empty(config["configurations"]["admin-properties"]["audit_db_password"]) and stack_supports_ranger_audit_db:
+ ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"])
+
+ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"]
+ugsync_cred_lib = os.path.join(usersync_home,"lib","*")
+cred_lib_path = os.path.join(ranger_home,"cred","lib","*")
+cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+ranger_audit_source_type = config["configurations"]["ranger-admin-site"]["ranger.audit.source.type"]
+
+if xml_configurations_supported:
+ ranger_usersync_keystore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.password"])
+ ranger_usersync_ldap_ldapbindpassword = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.ldapbindpassword"])
+ ranger_usersync_truststore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.truststore.password"])
+ ranger_usersync_keystore_file = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.file"]
+ default_dn_name = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
+
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
+is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
+ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"]
+ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
+ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
+ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]
+current_host = config['hostname']
+if current_host in ranger_admin_hosts:
+ ranger_host = current_host
+
+# ranger-tagsync
+ranger_tagsync_hosts = default("/clusterHostInfo/ranger_tagsync_hosts", [])
+has_ranger_tagsync = len(ranger_tagsync_hosts) > 0
+
+tagsync_log_dir = default("/configurations/ranger-tagsync-site/ranger.tagsync.logdir", "/var/log/ranger/tagsync")
+tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.keystore.filename"]
+atlas_tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.source.atlasrest.keystore.filename"]
+tagsync_application_properties = dict(config["configurations"]["tagsync-application-properties"]) if has_ranger_tagsync else None
+tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
+tagsync_cred_lib = os.path.join(ranger_tagsync_home, "lib", "*")
+
+ranger_usersync_log_maxfilesize = default('/configurations/usersync-log4j/ranger_usersync_log_maxfilesize',256)
+ranger_usersync_log_maxbackupindex = default('/configurations/usersync-log4j/ranger_usersync_log_maxbackupindex',20)
+ranger_tagsync_log_maxfilesize = default('/configurations/tagsync-log4j/ranger_tagsync_log_maxfilesize',256)
+ranger_tagsync_log_number_of_backup_files = default('/configurations/tagsync-log4j/ranger_tagsync_log_number_of_backup_files',20)
+ranger_xa_log_maxfilesize = default('/configurations/admin-log4j/ranger_xa_log_maxfilesize',256)
+ranger_xa_log_maxbackupindex = default('/configurations/admin-log4j/ranger_xa_log_maxbackupindex',20)
+
+# ranger log4j.properties
+admin_log4j = config['configurations']['admin-log4j']['content']
+usersync_log4j = config['configurations']['usersync-log4j']['content']
+tagsync_log4j = config['configurations']['tagsync-log4j']['content']
+
+# ranger kerberos
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+namenode_hosts = default("/clusterHostInfo/namenode_host", [])
+has_namenode = len(namenode_hosts) > 0
+
+ugsync_policymgr_alias = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.alias"]
+ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.keystore"]
+
+# ranger solr
+audit_solr_enabled = default('/configurations/ranger-env/xasecure.audit.destination.solr', False)
+ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set']
+ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name']
+ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards']
+replication_factor = config['configurations']['ranger-env']['ranger_solr_replication_factor']
+ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
+infra_solr_hosts = default("/clusterHostInfo/infra_solr_hosts", [])
+has_infra_solr = len(infra_solr_hosts) > 0
+is_solrCloud_enabled = default('/configurations/ranger-env/is_solrCloud_enabled', False)
+is_external_solrCloud_enabled = default('/configurations/ranger-env/is_external_solrCloud_enabled', False)
+solr_znode = '/ranger_audits'
+if stack_supports_infra_client and is_solrCloud_enabled:
+ solr_znode = default('/configurations/ranger-admin-site/ranger.audit.solr.zookeepers', 'NONE')
+ if solr_znode != '' and solr_znode.upper() != 'NONE':
+ solr_znode = solr_znode.split('/')
+ if len(solr_znode) > 1 and len(solr_znode) == 2:
+ solr_znode = solr_znode[1]
+ solr_znode = format('/{solr_znode}')
+ if has_infra_solr and not is_external_solrCloud_enabled:
+ solr_znode = config['configurations']['infra-solr-env']['infra_solr_znode']
+solr_user = unix_user
+if has_infra_solr and not is_external_solrCloud_enabled:
+ solr_user = default('/configurations/infra-solr-env/infra_solr_user', unix_user)
+ infra_solr_role_ranger_admin = default('configurations/infra-solr-security-json/infra_solr_role_ranger_admin', 'ranger_user')
+ infra_solr_role_ranger_audit = default('configurations/infra-solr-security-json/infra_solr_role_ranger_audit', 'ranger_audit_user')
+ infra_solr_role_dev = default('configurations/infra-solr-security-json/infra_solr_role_dev', 'dev')
+custom_log4j = has_infra_solr and not is_external_solrCloud_enabled
+
+ranger_audit_max_retention_days = config['configurations']['ranger-solr-configuration']['ranger_audit_max_retention_days']
+ranger_audit_logs_merge_factor = config['configurations']['ranger-solr-configuration']['ranger_audit_logs_merge_factor']
+ranger_solr_config_content = config['configurations']['ranger-solr-configuration']['content']
+
+# get comma separated list of zookeeper hosts
+zookeeper_port = default('/configurations/zoo.cfg/clientPort', None)
+zookeeper_hosts = default("/clusterHostInfo/zookeeper_hosts", [])
+index = 0
+zookeeper_quorum = ""
+for host in zookeeper_hosts:
+ zookeeper_quorum += host + ":" + str(zookeeper_port)
+ index += 1
+ if index < len(zookeeper_hosts):
+ zookeeper_quorum += ","
+
+# solr kerberised
+solr_jaas_file = None
+is_external_solrCloud_kerberos = default('/configurations/ranger-env/is_external_solrCloud_kerberos', False)
+
+if security_enabled:
+ if has_ranger_tagsync:
+ ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
+ if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+ tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
+ tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
+
+ if stack_supports_ranger_kerberos:
+ ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab']
+ ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
+ if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+ ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
+ if stack_supports_infra_client and is_solrCloud_enabled and is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+ solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+ solr_kerberos_principal = ranger_admin_jaas_principal
+ solr_kerberos_keytab = ranger_admin_keytab
+ if stack_supports_infra_client and is_solrCloud_enabled and not is_external_solrCloud_enabled and not is_external_solrCloud_kerberos:
+ solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+ solr_kerberos_principal = ranger_admin_jaas_principal
+ solr_kerberos_keytab = ranger_admin_keytab
+
+# logic to create core-site.xml if hdfs not installed
+if stack_supports_ranger_kerberos and not has_namenode:
+ core_site_property = {
+ 'hadoop.security.authentication': 'kerberos' if security_enabled else 'simple'
+ }
+
+ if security_enabled:
+ realm = 'EXAMPLE.COM'
+ ranger_admin_bare_principal = 'rangeradmin'
+ ranger_usersync_bare_principal = 'rangerusersync'
+ ranger_tagsync_bare_principal = 'rangertagsync'
+
+ ranger_usersync_principal = config['configurations']['ranger-ugsync-site']['ranger.usersync.kerberos.principal']
+ if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+ ranger_admin_bare_principal = get_bare_principal(ranger_admin_principal)
+ if not is_empty(ranger_usersync_principal) and ranger_usersync_principal != '':
+ ranger_usersync_bare_principal = get_bare_principal(ranger_usersync_principal)
+ realm = config['configurations']['kerberos-env']['realm']
+
+ rule_dict = [
+ {'principal': ranger_admin_bare_principal, 'user': unix_user},
+ {'principal': ranger_usersync_bare_principal, 'user': 'rangerusersync'},
+ ]
+
+ if has_ranger_tagsync:
+ if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+ ranger_tagsync_bare_principal = get_bare_principal(ranger_tagsync_principal)
+ rule_dict.append({'principal': ranger_tagsync_bare_principal, 'user': 'rangertagsync'})
+
+ core_site_auth_to_local_property = ''
+ for item in range(len(rule_dict)):
+ rule_line = 'RULE:[2:$1@$0]({0}@{1})s/.*/{2}/\n'.format(rule_dict[item]['principal'], realm, rule_dict[item]['user'])
+ core_site_auth_to_local_property = rule_line + core_site_auth_to_local_property
+
+ core_site_auth_to_local_property = core_site_auth_to_local_property + 'DEFAULT'
+ core_site_property['hadoop.security.auth_to_local'] = core_site_auth_to_local_property
+
+upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
+
+# ranger service pid
+user_group = config['configurations']['cluster-env']['user_group']
+ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
+ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
+
+# admin credential
+admin_username = config['configurations']['ranger-env']['admin_username']
+admin_password = config['configurations']['ranger-env']['admin_password']
+default_admin_password = 'admin'
+
+ranger_is_solr_kerberised = "false"
+if audit_solr_enabled and is_solrCloud_enabled:
+ # Check internal solrCloud
+ if security_enabled and not is_external_solrCloud_enabled:
+ ranger_is_solr_kerberised = "true"
+ # Check external solrCloud
+ if is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+ ranger_is_solr_kerberised = "true"
+
+hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", [])
+is_hbase_ha_enabled = True if len(hbase_master_hosts) > 1 else False
+is_namenode_ha_enabled = True if len(namenode_hosts) > 1 else False
+ranger_hbase_plugin_enabled = False
+ranger_hdfs_plugin_enabled = False
+
+
+if is_hbase_ha_enabled:
+ if not is_empty(config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']):
+ ranger_hbase_plugin_enabled = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes'
+if is_namenode_ha_enabled:
+ if not is_empty(config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled']):
+ ranger_hdfs_plugin_enabled = config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled'].lower() == 'yes'
+
+ranger_admin_password_properties = ['ranger.jpa.jdbc.password', 'ranger.jpa.audit.jdbc.password', 'ranger.ldap.bind.password', 'ranger.ldap.ad.bind.password']
+ranger_usersync_password_properties = ['ranger.usersync.ldap.ldapbindpassword']
+ranger_tagsync_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
+if stack_supports_secure_ssl_password:
+ ranger_admin_password_properties.extend(['ranger.service.https.attrib.keystore.pass', 'ranger.truststore.password'])
+ ranger_usersync_password_properties.extend(['ranger.usersync.keystore.password', 'ranger.usersync.truststore.password'])
+
+ranger_auth_method = config['configurations']['ranger-admin-site']['ranger.authentication.method']
+ranger_ldap_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.binddn.credential.alias', 'ranger.ldap.bind.password')
+ranger_ad_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.ad.binddn.credential.alias', 'ranger.ldap.ad.bind.password')
+ranger_https_keystore_alias = default('/configurations/ranger-admin-site/ranger.service.https.attrib.keystore.credential.alias', 'keyStoreCredentialAlias')
+ranger_truststore_alias = default('/configurations/ranger-admin-site/ranger.truststore.alias', 'trustStoreAlias')
+https_enabled = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.ssl.enabled']
+http_enabled = config['configurations']['ranger-admin-site']['ranger.service.http.enabled']
+https_keystore_password = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.keystore.pass']
+truststore_password = config['configurations']['ranger-admin-site']['ranger.truststore.password']
+
+# need this to capture cluster name for ranger tagsync
+cluster_name = config['clusterName']
\ No newline at end of file