You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2015/05/21 22:57:39 UTC
ambari git commit: AMBARI-11311 - Ranger Knox Plugin Upgrade Pack For
HDP-2.2 To HDP-2.3 (jonathanhurley)
Repository: ambari
Updated Branches:
refs/heads/trunk 9e5647d99 -> fac6c4899
AMBARI-11311 - Ranger Knox Plugin Upgrade Pack For HDP-2.2 To HDP-2.3 (jonathanhurley)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fac6c489
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fac6c489
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fac6c489
Branch: refs/heads/trunk
Commit: fac6c4899cf4530a00ce53f5f330946ee70eba12
Parents: 9e5647d
Author: Jonathan Hurley <jh...@hortonworks.com>
Authored: Thu May 21 14:20:19 2015 -0400
Committer: Jonathan Hurley <jh...@hortonworks.com>
Committed: Thu May 21 16:57:20 2015 -0400
----------------------------------------------------------------------
.../stacks/HDP/2.2/upgrades/upgrade-2.3.xml | 53 +++++++++++++++++++-
.../configuration/ranger-knox-policymgr-ssl.xml | 4 +-
.../KNOX/configuration/ranger-knox-security.xml | 2 +-
3 files changed, 54 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/fac6c489/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
index 01f857d..eb6f51a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
@@ -648,7 +648,7 @@
<set key="xasecure.audit.provider.summary.enabled" value="TRUE"/>
</task>
- <task xsi:type="configure" summary="Removing Deprecated Ranger Configurations">
+ <task xsi:type="configure" summary="Removing Deprecated Ranger Hive Plugin Configurations">
<type>ranger-hive-plugin-properties</type>
<transfer operation="delete" delete-key="SSL_KEYSTORE_FILE_PATH"/>
<transfer operation="delete" delete-key="SSL_KEYSTORE_PASSWORD"/>
@@ -818,6 +818,55 @@
<service name="KNOX">
<component name="KNOX_GATEWAY">
+ <pre-upgrade>
+ <task xsi:type="configure" summary="Configuring Ranger Knox Policy">
+ <type>ranger-knox-policymgr-ssl</type>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="SSL_KEYSTORE_FILE_PATH" to-key="xasecure.policymgr.clientssl.keystore" default-value="/usr/hdp/current/knox-server/conf/ranger-plugin-keystore.jks"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="SSL_KEYSTORE_PASSWORD" to-key="xasecure.policymgr.clientssl.keystore.password" default-value="myKeyFilePassword" mask="true"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="SSL_TRUSTSTORE_FILE_PATH" to-key="xasecure.policymgr.clientssl.truststore" default-value="/usr/hdp/current/knox-server/conf/ranger-plugin-truststore.jks"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="SSL_TRUSTSTORE_PASSWORD" to-key="xasecure.policymgr.clientssl.truststore.password" default-value="changeit" mask="true"/>
+ </task>
+
+ <task xsi:type="configure" summary="Configuring Ranger Knox Audit">
+ <type>ranger-knox-audit</type>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/knox/audit/hdfs/spool"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/>
+ <set key="xasecure.audit.destination.solr" value="TRUE"/>
+ <set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/>
+ <set key="xasecure.audit.destination.solr.zookeepers" value=""/>
+ <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/knox/audit/solr/spool"/>
+ <set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/>
+ <set key="xasecure.audit.destination.db.jdbc.url" value=""/>
+ <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/>
+ </task>
+
+ <task xsi:type="configure" summary="Removing Deprecated Ranger Knox Plugin Configurations">
+ <type>ranger-knox-plugin-properties</type>
+ <transfer operation="delete" delete-key="SSL_KEYSTORE_FILE_PATH"/>
+ <transfer operation="delete" delete-key="SSL_KEYSTORE_PASSWORD"/>
+ <transfer operation="delete" delete-key="SSL_TRUSTSTORE_FILE_PATH"/>
+ <transfer operation="delete" delete-key="SSL_TRUSTSTORE_PASSWORD"/>
+ <transfer operation="delete" delete-key="XAAUDIT.DB.IS_ENABLED"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.IS_ENABLED"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY"/>
+ <transfer operation="delete" delete-key="XAAUDIT.DB.USER_NAME"/>
+ <transfer operation="delete" delete-key="XAAUDIT.DB.PASSWORD"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.DESTINTATION_FILE"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/>
+ </task>
+ </pre-upgrade>
<upgrade>
<task xsi:type="restart" />
</upgrade>
@@ -864,7 +913,7 @@
<set key="xasecure.audit.provider.summary.enabled" value="TRUE"/>
</task>
- <task xsi:type="configure" summary="Removing Deprecated Ranger Configurations">
+ <task xsi:type="configure" summary="Removing Deprecated Ranger Storm Plugin Configurations">
<type>ranger-storm-plugin-properties</type>
<transfer operation="delete" delete-key="SSL_KEYSTORE_FILE_PATH"/>
<transfer operation="delete" delete-key="SSL_KEYSTORE_PASSWORD"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/fac6c489/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
index d95f95d..b56bf4f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/knox/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/knox-server/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/knox/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/knox-server/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/fac6c489/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
index 1686f04..9ed8941 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
@@ -40,7 +40,7 @@
<property>
<name>ranger.plugin.knox.policy.rest.ssl.config.file</name>
- <value>/etc/knox/conf/ranger-policymgr-ssl.xml</value>
+ <value>/usr/hdp/current/knox-server/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
</property>