You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by ad...@apache.org on 2017/02/09 19:14:43 UTC
[1/2] incubator-hawq git commit: HAWQ-1298. Updated RPS properties
and scripts (closes #1109)
Repository: incubator-hawq
Updated Branches:
refs/heads/master 23c45c746 -> 8c9b45a40
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/test/resources/ranger-hawq-security.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/resources/ranger-hawq-security.xml b/ranger-plugin/service/src/test/resources/ranger-hawq-security.xml
new file mode 100644
index 0000000..6141df7
--- /dev/null
+++ b/ranger-plugin/service/src/test/resources/ranger-hawq-security.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <property>
+ <name>ranger.plugin.hawq.service.name</name>
+ <value>hawq</value>
+ <description>
+ Name of the Ranger service containing policies for this HAWQ instance
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.source.impl</name>
+ <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+ <description>
+ Class to retrieve policies from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.url</name>
+ <value>http://localhost:6080</value>
+ <description>
+ URL to Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.ssl.config.file</name>
+ <value>/usr/local/hawq/ranger/etc/ranger-policymgr-ssl.xml</value>
+ <description>
+ Path to the file containing SSL details to contact Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.pollIntervalMs</name>
+ <value>30000</value>
+ <description>
+ How often to poll for changes in policies?
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.cache.dir</name>
+ <value>/usr/local/hawq/ranger/policycache</value>
+ <description>
+ Directory where Ranger policies are cached after successful retrieval from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.client.connection.timeoutMs</name>
+ <value>120000</value>
+ <description>
+ RangerRESTClient Connection Timeout in Milliseconds
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.client.read.timeoutMs</name>
+ <value>30000</value>
+ <description>
+ RangerRESTClient read Timeout in Milliseconds
+ </description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/test/resources/rps.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/resources/rps.properties b/ranger-plugin/service/src/test/resources/rps.properties
index 1fd50e5..042e4ff 100644
--- a/ranger-plugin/service/src/test/resources/rps.properties
+++ b/ranger-plugin/service/src/test/resources/rps.properties
@@ -13,5 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-ranger.hawq.instance=instance-test
-version=version-test
\ No newline at end of file
+RANGER_HAWQ_INSTANCE=instance-test
+RPS_VERSION=version-test
\ No newline at end of file
[2/2] incubator-hawq git commit: HAWQ-1298. Updated RPS properties
and scripts (closes #1109)
Posted by ad...@apache.org.
HAWQ-1298. Updated RPS properties and scripts
(closes #1109)
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/8c9b45a4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/8c9b45a4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/8c9b45a4
Branch: refs/heads/master
Commit: 8c9b45a40ec55bd7ad1589de894962aaf1540f3a
Parents: 23c45c7
Author: Alexander Denissov <ad...@pivotal.io>
Authored: Tue Jan 31 14:31:06 2017 -0800
Committer: Alexander Denissov <ad...@pivotal.io>
Committed: Thu Feb 9 11:13:54 2017 -0800
----------------------------------------------------------------------
ranger-plugin/conf/catalina.properties | 83 +++
ranger-plugin/conf/log4j.properties | 58 +++
ranger-plugin/conf/ranger-hawq-audit.xml | 47 ++
ranger-plugin/conf/ranger-hawq-security.xml | 85 ++++
ranger-plugin/conf/rps.properties | 32 ++
ranger-plugin/conf/server.xml | 38 ++
ranger-plugin/conf/tomcat-server.xml | 60 ---
.../service/tests/common/ServiceTestBase.java | 5 +-
ranger-plugin/pom.xml | 67 ++-
ranger-plugin/scripts/catalina.sh | 507 +++++++++++++++++++
ranger-plugin/scripts/enable-ranger-plugin.sh | 225 ++++++++
ranger-plugin/scripts/register_hawq.sh | 217 --------
ranger-plugin/scripts/rps.sh | 82 ++-
ranger-plugin/scripts/rps_env.sh | 30 --
ranger-plugin/scripts/setenv.sh | 23 +
ranger-plugin/service/pom.xml | 42 +-
.../authorization/RangerHawqAuthorizer.java | 6 +-
.../apache/hawq/ranger/authorization/Utils.java | 17 +-
.../service/src/main/resources/log4j.properties | 42 --
.../src/main/resources/ranger-hawq-security.xml | 92 ----
.../service/src/main/resources/rps.properties | 17 -
.../service/src/main/webapp/WEB-INF/web.xml | 20 +-
.../hawq/ranger/authorization/UtilsTest.java | 20 +-
.../src/test/resources/ranger-hawq-security.xml | 85 ++++
.../service/src/test/resources/rps.properties | 4 +-
25 files changed, 1363 insertions(+), 541 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/catalina.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/catalina.properties b/ranger-plugin/conf/catalina.properties
new file mode 100644
index 0000000..7e10ef5
--- /dev/null
+++ b/ranger-plugin/conf/catalina.properties
@@ -0,0 +1,83 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageAccess unless the
+# corresponding RuntimePermission ("accessClassInPackage."+package) has
+# been granted.
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,\
+org.apache.naming.resources.,org.apache.tomcat.,sun.beans.
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageDefinition unless the
+# corresponding RuntimePermission ("defineClassInPackage."+package) has
+# been granted.
+#
+# by default, no packages are restricted for definition, and none of
+# the class loaders supplied with the JDK call checkPackageDefinition.
+#
+package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\
+org.apache.jasper.,org.apache.naming.,org.apache.tomcat.
+
+#
+#
+# List of comma-separated paths defining the contents of the "common"
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
+# If left as blank,the JVM system loader will be used as Catalina's "common"
+# loader.
+# Examples:
+# "foo": Add this folder as a class repository
+# "foo/*.jar": Add all the JARs of the specified folder as class
+# repositories
+# "foo/bar.jar": Add bar.jar as a class repository
+common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
+
+#
+# List of comma-separated paths defining the contents of the "server"
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
+# If left as blank, the "common" loader will be used as Catalina's "server"
+# loader.
+# Examples:
+# "foo": Add this folder as a class repository
+# "foo/*.jar": Add all the JARs of the specified folder as class
+# repositories
+# "foo/bar.jar": Add bar.jar as a class repository
+server.loader=
+
+#
+# List of comma-separated paths defining the contents of the "shared"
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
+# the "common" loader will be used as Catalina's "shared" loader.
+# Examples:
+# "foo": Add this folder as a class repository
+# "foo/*.jar": Add all the JARs of the specified folder as class
+# repositories
+# "foo/bar.jar": Add bar.jar as a class repository
+# Please note that for single jars, e.g. bar.jar, you need the URL form
+# starting with file:.
+shared.loader=
+
+#
+# String cache configuration.
+tomcat.util.buf.StringCache.byte.enabled=true
+#tomcat.util.buf.StringCache.char.enabled=true
+#tomcat.util.buf.StringCache.trainThreshold=500000
+#tomcat.util.buf.StringCache.cacheSize=5000
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/log4j.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/log4j.properties b/ranger-plugin/conf/log4j.properties
new file mode 100644
index 0000000..ca7cfcd
--- /dev/null
+++ b/ranger-plugin/conf/log4j.properties
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# log only messages at INFO level and higher
+root.logger=INFO,rps
+audit.logger=INFO,audit
+
+#
+# Loggers
+#
+
+log4j.rootLogger=${root.logger}
+
+log4j.logger.ranger_audit_logger=${audit.logger}
+log4j.additivity.ranger_audit_logger=false
+
+# fine tune verbosity of Hadoop and Ranger libraries logging, if needed
+#log4j.logger.org.apache.ranger=WARN
+#log4j.logger.org.apache.hadoop=WARN
+#log4j.logger.org.apache.hawq.ranger=DEBUG
+
+#
+# Appenders
+#
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
+
+# RPS log file
+log4j.appender.rps=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.rps.file=/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs/rps.log
+log4j.appender.rps.datePattern='.'yyyy-MM-dd
+log4j.appender.rps.append=true
+log4j.appender.rps.layout=org.apache.log4j.PatternLayout
+log4j.appender.rps.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %C{6}: %m%n
+
+# Ranger Audit log file
+log4j.appender.audit=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.audit.file=/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs/audit.log
+log4j.appender.audit.datePattern='.'yyyy-MM-dd
+log4j.appender.audit.append=true
+log4j.appender.audit.layout=org.apache.log4j.PatternLayout
+log4j.appender.audit.layout.ConversionPattern=%m%n
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/ranger-hawq-audit.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/ranger-hawq-audit.xml b/ranger-plugin/conf/ranger-hawq-audit.xml
new file mode 100644
index 0000000..01fe5ab
--- /dev/null
+++ b/ranger-plugin/conf/ranger-hawq-audit.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <!-- HDFS audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://localhost:8020/ranger/audit</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
+ <value>/tmp/audit/hdfs/spool</value>
+ </property>
+
+
+ <!-- Log4j audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.log4j</name>
+ <value>true</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.log4j.logger</name>
+ <value>ranger_audit_logger</value>
+ </property>
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/ranger-hawq-security.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/ranger-hawq-security.xml b/ranger-plugin/conf/ranger-hawq-security.xml
new file mode 100644
index 0000000..0cdc160
--- /dev/null
+++ b/ranger-plugin/conf/ranger-hawq-security.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <property>
+ <name>ranger.plugin.hawq.service.name</name>
+ <value>hawq</value>
+ <description>
+ Name of the Ranger service containing policies for this HAWQ instance
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.source.impl</name>
+ <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+ <description>
+ Class to retrieve policies from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.url</name>
+ <value>${policy.manager.url}</value>
+ <description>
+ URL to Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.ssl.config.file</name>
+ <value>ranger-policymgr-ssl.xml</value>
+ <description>
+ Path to the file containing SSL details to contact Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.pollIntervalMs</name>
+ <value>30000</value>
+ <description>
+ How often to poll for changes in policies?
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.cache.dir</name>
+ <value>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work/policycache</value>
+ <description>
+ Directory where Ranger policies are cached after successful retrieval from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.client.connection.timeoutMs</name>
+ <value>120000</value>
+ <description>
+ RangerRESTClient Connection Timeout in Milliseconds
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.hawq.policy.rest.client.read.timeoutMs</name>
+ <value>30000</value>
+ <description>
+ RangerRESTClient read Timeout in Milliseconds
+ </description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/rps.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/rps.properties b/ranger-plugin/conf/rps.properties
new file mode 100644
index 0000000..60545c1
--- /dev/null
+++ b/ranger-plugin/conf/rps.properties
@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# URL for Ranger Admin policy manager, e.g. http://host:port
+POLICY_MGR_URL=
+
+# port where Ranger Plugin Service should listen for HTTP requests
+RPS_HTTP_PORT=8432
+
+# port where Ranger Plugin Service should listen for HTTPS requests
+RPS_HTTPS_PORT=8333
+
+# port where Ranger Plugin Service should listen for shutdown requests
+RPS_SHUTDOWN_PORT=8405
+
+# name of the instance of HAWQ service in Ranger Policy Manager
+RANGER_HAWQ_INSTANCE=hawq
+
+# version of the software
+RPS_VERSION=${project.version}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/server.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/server.xml b/ranger-plugin/conf/server.xml
new file mode 100644
index 0000000..7a2ae69
--- /dev/null
+++ b/ranger-plugin/conf/server.xml
@@ -0,0 +1,38 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Server port="${rps.shutdown.port}" shutdown="7d558327-ef81-48fa-bed2-fc1aaa5bb634">
+
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+
+ <Service name="Catalina">
+ <Connector port="${rps.http.port}" redirectPort="${rps.https.port}" protocol="HTTP/1.1"
+ maxHttpHeaderSize="8192" enableLookups="false"
+ acceptCount="100" maxThreads="50" minSpareThreads="5"
+ connectionTimeout="20000" server="Apache Tomcat" xpoweredBy="false" />
+ <!--
+ <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
+ maxThreads="150" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+ <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"
+ deployOnStartup="true" xmlValidation="false" xmlNamespaceAware="false" />
+ </Engine>
+ </Service>
+</Server>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/tomcat-server.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/conf/tomcat-server.xml b/ranger-plugin/conf/tomcat-server.xml
deleted file mode 100644
index 09f9088..0000000
--- a/ranger-plugin/conf/tomcat-server.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
-
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <Listener className="org.apache.catalina.core.JasperListener" />
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
-
- <GlobalNamingResources>
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <Service name="Catalina">
-
- <Connector port="${http.port}" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
-
- <Engine name="Catalina" defaultHost="localhost">
-
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
-
- <Host name="${http.host}" appBase="webapps"
- unpackWARs="true" autoDeploy="true"
- xmlValidation="false" xmlNamespaceAware="false">
-
- <Context path="/rps"
- docBase="/usr/local/hawq/ranger/plugin-service/webapps/rps"
- reloadable="false" debug="0" cookies="false"></Context>
-
- </Host>
- </Engine>
- </Service>
-</Server>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java
index 0b3be56..21c654c 100644
--- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java
+++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java
@@ -67,7 +67,8 @@ public abstract class ServiceTestBase {
private static final String RANGER_URL = String.format("http://%s:%s/service/public/v2/api", RANGER_HOST, RANGER_PORT);
private static final String RANGER_POLICY_URL = RANGER_URL + "/policy";
- private static final int POLICY_REFRESH_INTERVAL = 6000;
+ private static final String POLICY_WAIT_INTERVAL_PROP_NAME = "policy.wait.interval.ms";
+ private static final int POLICY_WAIT_INTERVAL = Integer.parseInt(System.getProperty(POLICY_WAIT_INTERVAL_PROP_NAME, "6000"));
private static final TypeReference<HashMap<String,Object>> typeMSO = new TypeReference<HashMap<String,Object>>() {};
private RESTClient rest = new RESTClient();
@@ -132,7 +133,7 @@ public abstract class ServiceTestBase {
private void waitForPolicyRefresh() {
try {
- Thread.sleep(POLICY_REFRESH_INTERVAL);
+ Thread.sleep(POLICY_WAIT_INTERVAL);
}
catch (InterruptedException e) {
LOG.error(e);
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/pom.xml b/ranger-plugin/pom.xml
index 20d3112..d8ab6b0 100644
--- a/ranger-plugin/pom.xml
+++ b/ranger-plugin/pom.xml
@@ -81,10 +81,37 @@
<mappings>
<mapping>
<directory>/usr/local/hawq_${hawq.name.version}/ranger/bin</directory>
- <filemode>755</filemode>
+ <filemode>750</filemode>
<sources>
<source>
- <location>scripts</location>
+ <location>scripts/enable-ranger-plugin.sh</location>
+ </source>
+ <source>
+ <location>scripts/rps.sh</location>
+ </source>
+ <source>
+ <location>scripts/catalina.sh</location>
+ </source>
+ </sources>
+ </mapping>
+ <mapping>
+ <directory>/usr/local/hawq_${hawq.name.version}/ranger/etc</directory>
+ <sources>
+ <source>
+ <location>conf/ranger-servicedef-hawq.json</location>
+ </source>
+ <!-- filtered resources include version number and come from target/conf directory -->
+ <source>
+ <location>service/target/conf/ranger-hawq-security.xml</location>
+ </source>
+ <source>
+ <location>service/target/conf/ranger-hawq-audit.xml</location>
+ </source>
+ <source>
+ <location>service/target/conf/rps.properties</location>
+ </source>
+ <source>
+ <location>service/target/conf/log4j.properties</location>
</source>
</sources>
</mapping>
@@ -100,18 +127,34 @@
</sources>
</mapping>
<mapping>
- <directory>/usr/local/hawq_${hawq.name.version}/ranger/etc</directory>
+ <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service</directory>
+ </mapping>
+ <mapping>
+ <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/bin</directory>
<sources>
<source>
- <location>conf/ranger-servicedef-hawq.json</location>
+ <location>scripts/setenv.sh</location>
</source>
</sources>
</mapping>
<mapping>
- <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service</directory>
+ <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/conf</directory>
+ <sources>
+ <source>
+ <location>conf/server.xml</location>
+ </source>
+ <source>
+ <location>conf/catalina.properties</location>
+ </source>
+ </sources>
</mapping>
<mapping>
- <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/bin</directory>
+ <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/lib</directory>
+ <sources>
+ <source>
+ <location>service/target/ranger-plugin-service-${project.version}/WEB-INF/lib</location>
+ </source>
+ </sources>
</mapping>
<mapping>
<directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs</directory>
@@ -123,6 +166,9 @@
<directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work</directory>
</mapping>
<mapping>
+ <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work/policycache</directory>
+ </mapping>
+ <mapping>
<directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/webapps</directory>
<sources>
<source>
@@ -131,14 +177,7 @@
</source>
</sources>
</mapping>
- <mapping>
- <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/conf</directory>
- <sources>
- <source>
- <location>conf/tomcat-server.xml</location>
- </source>
- </sources>
- </mapping>
+
</mappings>
</configuration>
</plugin>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/catalina.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/catalina.sh b/ranger-plugin/scripts/catalina.sh
new file mode 100755
index 0000000..26f7601
--- /dev/null
+++ b/ranger-plugin/scripts/catalina.sh
@@ -0,0 +1,507 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# -----------------------------------------------------------------------------
+# Start/Stop Script for the CATALINA Server
+#
+# Environment Variable Prerequisites
+#
+# CATALINA_HOME May point at your Catalina "build" directory.
+#
+# CATALINA_BASE (Optional) Base directory for resolving dynamic portions
+# of a Catalina installation. If not present, resolves to
+# the same directory that CATALINA_HOME points to.
+#
+# CATALINA_OUT (Optional) Full path to a file where stdout and stderr
+# will be redirected.
+# Default is $CATALINA_BASE/logs/catalina.out
+#
+# CATALINA_OPTS (Optional) Java runtime options used when the "start",
+# or "run" command is executed.
+#
+# CATALINA_TMPDIR (Optional) Directory path location of temporary directory
+# the JVM should use (java.io.tmpdir). Defaults to
+# $CATALINA_BASE/temp.
+#
+# JAVA_HOME Must point at your Java Development Kit installation.
+# Required to run the with the "debug" argument.
+#
+# JRE_HOME Must point at your Java Development Kit installation.
+# Defaults to JAVA_HOME if empty.
+#
+# JAVA_OPTS (Optional) Java runtime options used when the "start",
+# "stop", or "run" command is executed.
+#
+# JAVA_ENDORSED_DIRS (Optional) Lists of of colon separated directories
+# containing some jars in order to allow replacement of APIs
+# created outside of the JCP (i.e. DOM and SAX from W3C).
+# It can also be used to update the XML parser implementation.
+# Defaults to $CATALINA_HOME/endorsed.
+#
+# JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start"
+# command is executed. The default is "dt_socket".
+#
+# JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start"
+# command is executed. The default is 8000.
+#
+# JPDA_SUSPEND (Optional) Java runtime options used when the "jpda start"
+# command is executed. Specifies whether JVM should suspend
+# execution immediately after startup. Default is "n".
+#
+# JPDA_OPTS (Optional) Java runtime options used when the "jpda start"
+# command is executed. If used, JPDA_TRANSPORT, JPDA_ADDRESS,
+# and JPDA_SUSPEND are ignored. Thus, all required jpda
+# options MUST be specified. The default is:
+#
+# -agentlib:jdwp=transport=$JPDA_TRANSPORT,
+# address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND
+#
+# CATALINA_PID (Optional) Path of the file which should contains the pid
+# of catalina startup java process, when start (fork) is used
+#
+# LOGGING_CONFIG (Optional) Override Tomcat's logging config file
+# Example (all one line)
+# LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"
+#
+# LOGGING_MANAGER (Optional) Override Tomcat's logging manager
+# Example (all one line)
+# LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
+# -----------------------------------------------------------------------------
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false
+os400=false
+darwin=false
+case "`uname`" in
+CYGWIN*) cygwin=true;;
+OS400*) os400=true;;
+Darwin*) darwin=true;;
+esac
+
+# resolve links - $0 may be a softlink
+PRG="$0"
+
+while [ -h "$PRG" ]; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG=`dirname "$PRG"`/"$link"
+ fi
+done
+
+# Get standard environment variables
+PRGDIR=`dirname "$PRG"`
+
+# Only set CATALINA_HOME if not already set
+[ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd`
+
+# Copy CATALINA_BASE from CATALINA_HOME if not already set
+[ -z "$CATALINA_BASE" ] && CATALINA_BASE="$CATALINA_HOME"
+
+# Ensure that any user defined CLASSPATH variables are not used on startup,
+# but allow them to be specified in setenv.sh, in rare case when it is needed.
+CLASSPATH=
+
+if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then
+ . "$CATALINA_BASE/bin/setenv.sh"
+elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then
+ . "$CATALINA_HOME/bin/setenv.sh"
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin; then
+ [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$JRE_HOME" ] && JRE_HOME=`cygpath --unix "$JRE_HOME"`
+ [ -n "$CATALINA_HOME" ] && CATALINA_HOME=`cygpath --unix "$CATALINA_HOME"`
+ [ -n "$CATALINA_BASE" ] && CATALINA_BASE=`cygpath --unix "$CATALINA_BASE"`
+ [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For OS400
+if $os400; then
+ # Set job priority to standard for interactive (interactive - 6) by using
+ # the interactive priority - 6, the helper threads that respond to requests
+ # will be running at the same priority as interactive jobs.
+ COMMAND='chgjob job('$JOBNAME') runpty(6)'
+ system $COMMAND
+
+ # Enable multi threading
+ export QIBM_MULTI_THREADED=Y
+fi
+
+# Get standard Java environment variables
+if $os400; then
+ # -r will Only work on the os400 if the files are:
+ # 1. owned by the user
+ # 2. owned by the PRIMARY group of the user
+ # this will not work if the user belongs in secondary groups
+ BASEDIR="$CATALINA_HOME"
+ . "$CATALINA_HOME"/bin/setclasspath.sh
+else
+ if [ -r "$CATALINA_HOME"/bin/setclasspath.sh ]; then
+ BASEDIR="$CATALINA_HOME"
+ . "$CATALINA_HOME"/bin/setclasspath.sh
+ else
+ echo "Cannot find $CATALINA_HOME/bin/setclasspath.sh"
+ echo "This file is needed to run this program"
+ exit 1
+ fi
+fi
+
+if [ -z "$CATALINA_BASE" ] ; then
+ CATALINA_BASE="$CATALINA_HOME"
+fi
+
+# Add tomcat-juli.jar and bootstrap.jar to classpath
+# tomcat-juli.jar can be over-ridden per instance
+if [ ! -z "$CLASSPATH" ] ; then
+ CLASSPATH="$CLASSPATH":
+fi
+if [ "$CATALINA_BASE" != "$CATALINA_HOME" ] && [ -r "$CATALINA_BASE/bin/tomcat-juli.jar" ] ; then
+ CLASSPATH="$CLASSPATH""$CATALINA_BASE"/bin/tomcat-juli.jar:"$CATALINA_HOME"/bin/bootstrap.jar
+else
+ CLASSPATH="$CLASSPATH""$CATALINA_HOME"/bin/bootstrap.jar
+fi
+
+if [ -z "$CATALINA_OUT" ] ; then
+ CATALINA_OUT="$CATALINA_BASE"/logs/catalina.out
+fi
+
+if [ -z "$CATALINA_TMPDIR" ] ; then
+ # Define the java.io.tmpdir to use for Catalina
+ CATALINA_TMPDIR="$CATALINA_BASE"/temp
+fi
+
+# Bugzilla 37848: When no TTY is available, don't output to console
+have_tty=0
+if [ "`tty`" != "not a tty" ]; then
+ have_tty=1
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"`
+ JRE_HOME=`cygpath --absolute --windows "$JRE_HOME"`
+ CATALINA_HOME=`cygpath --absolute --windows "$CATALINA_HOME"`
+ CATALINA_BASE=`cygpath --absolute --windows "$CATALINA_BASE"`
+ CATALINA_TMPDIR=`cygpath --absolute --windows "$CATALINA_TMPDIR"`
+ CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+ JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"`
+fi
+
+# Set juli LogManager config file if it is present and an override has not been issued
+if [ -z "$LOGGING_CONFIG" ]; then
+ if [ -r "$CATALINA_BASE"/conf/logging.properties ]; then
+ LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"
+ else
+ # Bugzilla 45585
+ LOGGING_CONFIG="-Dnop"
+ fi
+fi
+
+if [ -z "$LOGGING_MANAGER" ]; then
+ LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
+fi
+
+# ----- Execute The Requested Command -----------------------------------------
+
+# Bugzilla 37848: only output this if we have a TTY
+if [ $have_tty -eq 1 ]; then
+ echo "Using CATALINA_BASE: $CATALINA_BASE"
+ echo "Using CATALINA_HOME: $CATALINA_HOME"
+ echo "Using CATALINA_TMPDIR: $CATALINA_TMPDIR"
+ if [ "$1" = "debug" ] ; then
+ echo "Using JAVA_HOME: $JAVA_HOME"
+ else
+ echo "Using JRE_HOME: $JRE_HOME"
+ fi
+ echo "Using CLASSPATH: $CLASSPATH"
+ if [ ! -z "$CATALINA_PID" ]; then
+ echo "Using CATALINA_PID: $CATALINA_PID"
+ fi
+fi
+
+if [ "$1" = "jpda" ] ; then
+ if [ -z "$JPDA_TRANSPORT" ]; then
+ JPDA_TRANSPORT="dt_socket"
+ fi
+ if [ -z "$JPDA_ADDRESS" ]; then
+ JPDA_ADDRESS="8000"
+ fi
+ if [ -z "$JPDA_SUSPEND" ]; then
+ JPDA_SUSPEND="n"
+ fi
+ if [ -z "$JPDA_OPTS" ]; then
+ JPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND"
+ fi
+ CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS"
+ shift
+fi
+
+if [ "$1" = "debug" ] ; then
+ if $os400; then
+ echo "Debug command not available on OS400"
+ exit 1
+ else
+ shift
+ if [ "$1" = "-security" ] ; then
+ if [ $have_tty -eq 1 ]; then
+ echo "Using Security Manager"
+ fi
+ shift
+ exec "$_RUNJDB" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -sourcepath "$CATALINA_HOME"/../../java \
+ -Djava.security.manager \
+ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start
+ else
+ exec "$_RUNJDB" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -sourcepath "$CATALINA_HOME"/../../java \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start
+ fi
+ fi
+
+elif [ "$1" = "run" ]; then
+
+ shift
+ if [ "$1" = "-security" ] ; then
+ if [ $have_tty -eq 1 ]; then
+ echo "Using Security Manager"
+ fi
+ shift
+ exec "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start
+ else
+ exec "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start
+ fi
+
+elif [ "$1" = "start" ] ; then
+
+ if [ ! -z "$CATALINA_PID" ]; then
+ if [ -f "$CATALINA_PID" ]; then
+ if [ -s "$CATALINA_PID" ]; then
+ echo "Existing PID file found during start."
+ if [ -r "$CATALINA_PID" ]; then
+ PID=`cat "$CATALINA_PID"`
+ ps -p $PID >/dev/null 2>&1
+ if [ $? -eq 0 ] ; then
+ echo "Tomcat appears to still be running with PID $PID. Start aborted."
+ echo "If the following process is not a Tomcat process, remove the PID file and try again:"
+ ps -f -p $PID
+ # RPS treats repeated start as non-error condition, assuming running process is RPS; originally was: exit 1
+ exit 0
+ else
+ echo "Removing/clearing stale PID file."
+ rm -f "$CATALINA_PID" >/dev/null 2>&1
+ if [ $? != 0 ]; then
+ if [ -w "$CATALINA_PID" ]; then
+ cat /dev/null > "$CATALINA_PID"
+ else
+ echo "Unable to remove or clear stale PID file. Start aborted."
+ exit 1
+ fi
+ fi
+ fi
+ else
+ echo "Unable to read PID file. Start aborted."
+ exit 1
+ fi
+ else
+ rm -f "$CATALINA_PID" >/dev/null 2>&1
+ if [ $? != 0 ]; then
+ if [ ! -w "$CATALINA_PID" ]; then
+ echo "Unable to remove or write to empty PID file. Start aborted."
+ exit 1
+ fi
+ fi
+ fi
+ fi
+ fi
+
+ shift
+ touch "$CATALINA_OUT"
+ if [ "$1" = "-security" ] ; then
+ if [ $have_tty -eq 1 ]; then
+ echo "Using Security Manager"
+ fi
+ shift
+ "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Djava.security.manager \
+ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start \
+ >> "$CATALINA_OUT" 2>&1 &
+
+ else
+ "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" start \
+ >> "$CATALINA_OUT" 2>&1 &
+
+ fi
+
+ if [ ! -z "$CATALINA_PID" ]; then
+ echo $! > "$CATALINA_PID"
+ fi
+
+elif [ "$1" = "stop" ] ; then
+
+ shift
+
+ SLEEP=5
+ if [ ! -z "$1" ]; then
+ echo $1 | grep "[^0-9]" >/dev/null 2>&1
+ if [ $? -gt 0 ]; then
+ SLEEP=$1
+ shift
+ fi
+ fi
+
+ FORCE=0
+ if [ "$1" = "-force" ]; then
+ shift
+ FORCE=1
+ fi
+
+ if [ ! -z "$CATALINA_PID" ]; then
+ if [ -f "$CATALINA_PID" ]; then
+ if [ -s "$CATALINA_PID" ]; then
+ kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1
+ if [ $? -gt 0 ]; then
+ echo "PID file found but no matching process was found. Stop aborted."
+ # RPS treats stop of non-running process as non-error condition, PID file will be cleaned on start; originally was: exit 1
+ exit 0
+ fi
+ else
+ echo "PID file is empty and has been ignored."
+ fi
+ else
+ echo "\$CATALINA_PID was set but the specified file does not exist. Is Tomcat running? Stop aborted."
+ # RPS treats stop when PID file is missing as non-error condition, assuming RPS has already been stopped; originally was: exit 1
+ exit 0
+ fi
+ fi
+
+ "$_RUNJAVA" $LOGGING_MANAGER $JAVA_OPTS \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap "$@" stop
+
+ if [ ! -z "$CATALINA_PID" ]; then
+ if [ -f "$CATALINA_PID" ]; then
+ while [ $SLEEP -ge 0 ]; do
+ kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1
+ if [ $? -gt 0 ]; then
+ rm -f "$CATALINA_PID" >/dev/null 2>&1
+ if [ $? != 0 ]; then
+ if [ -w "$CATALINA_PID" ]; then
+ cat /dev/null > "$CATALINA_PID"
+ else
+ echo "Tomcat stopped but the PID file could not be removed or cleared."
+ fi
+ fi
+ break
+ fi
+ if [ $SLEEP -gt 0 ]; then
+ sleep 1
+ fi
+ if [ $SLEEP -eq 0 ]; then
+ if [ $FORCE -eq 0 ]; then
+ echo "Tomcat did not stop in time. PID file was not removed."
+ fi
+ fi
+ SLEEP=`expr $SLEEP - 1 `
+ done
+ fi
+ fi
+
+ if [ $FORCE -eq 1 ]; then
+ if [ -z "$CATALINA_PID" ]; then
+ echo "Kill failed: \$CATALINA_PID not set"
+ else
+ if [ -f "$CATALINA_PID" ]; then
+ PID=`cat "$CATALINA_PID"`
+ echo "Killing Tomcat with the PID: $PID"
+ kill -9 $PID
+ rm -f "$CATALINA_PID" >/dev/null 2>&1
+ if [ $? != 0 ]; then
+ echo "Tomcat was killed but the PID file could not be removed."
+ fi
+ fi
+ fi
+ fi
+
+elif [ "$1" = "version" ] ; then
+
+ "$_RUNJAVA" \
+ -classpath "$CATALINA_HOME/lib/catalina.jar" \
+ org.apache.catalina.util.ServerInfo
+
+else
+
+ echo "Usage: catalina.sh ( commands ... )"
+ echo "commands:"
+ if $os400; then
+ echo " debug Start Catalina in a debugger (not available on OS400)"
+ echo " debug -security Debug Catalina with a security manager (not available on OS400)"
+ else
+ echo " debug Start Catalina in a debugger"
+ echo " debug -security Debug Catalina with a security manager"
+ fi
+ echo " jpda start Start Catalina under JPDA debugger"
+ echo " run Start Catalina in the current window"
+ echo " run -security Start in the current window with security manager"
+ echo " start Start Catalina in a separate window"
+ echo " start -security Start in a separate window with security manager"
+ echo " stop Stop Catalina, waiting up to 5 seconds for the process to end"
+ echo " stop n Stop Catalina, waiting up to n seconds for the process to end"
+ echo " stop -force Stop Catalina, wait up to 5 seconds and then use kill -KILL if still running"
+ echo " stop n -force Stop Catalina, wait up to n seconds and then use kill -KILL if still running"
+ echo " version What version of tomcat are you running?"
+ echo "Note: Waiting for the process to end and use of the -force option require that \$CATALINA_PID is defined"
+ exit 1
+
+fi
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/enable-ranger-plugin.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/enable-ranger-plugin.sh b/ranger-plugin/scripts/enable-ranger-plugin.sh
new file mode 100755
index 0000000..05a0b1d
--- /dev/null
+++ b/ranger-plugin/scripts/enable-ranger-plugin.sh
@@ -0,0 +1,225 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+function usage() {
+ echo "USAGE: enable-ranger-plugin.sh -r ranger_host:ranger_port -u ranger_user -p ranger_password -h hawq_host:hawq_port -w hawq_user -q hawq_password"
+ exit 1
+}
+
+function fail() {
+ echo "ERROR: $1"
+ exit 1
+}
+
+function mask() {
+ printf -v stars '%*s' ${#1} ''
+ echo "[${stars// /*}]"
+}
+
+function read_value() {
+ local input
+ read -p "Enter value for $1 : " input
+ echo $input
+}
+
+function read_password() {
+ local input
+ read -s -p "Enter value for $1 : " input
+ echo $input
+}
+
+function get_ranger_url() {
+ while [[ -z "$RANGER_URL" ]]
+ do
+ RANGER_URL=$(read_value "Ranger Admin host and port (e.g. abc.com:6080)")
+ done
+ local prefix="http://"
+ RANGER_URL=${RANGER_URL#$prefix}
+}
+
+function get_ranger_user() {
+ while [[ -z "$RANGER_USER" ]]
+ do
+ RANGER_USER=$(read_value "Ranger Admin user name")
+ done
+}
+
+function get_ranger_password() {
+ while [[ -z "$RANGER_PASSWORD" ]]
+ do
+ RANGER_PASSWORD=$(read_password "Ranger Admin password")
+ echo
+ done
+}
+
+function get_hawq_url() {
+ #todo read hawq-site.xml ?
+ local default=`hostname -f`
+ default="${default}:5432"
+ while [[ -z "$HAWQ_URL" ]]
+ do
+ HAWQ_URL=$(read_value "HAWQ Master host and port [${default}]")
+ done
+ local prefix="http://"
+ HAWQ_URL=${HAWQ_URL#$prefix}
+ local parts=(${HAWQ_URL//:/ })
+ if [ ${#parts[@]} != 2 ]; then
+ fail "Incorrect value for HAWQ Master host and port."
+ fi
+ HAWQ_HOST=${parts[0]}
+ HAWQ_PORT=${parts[1]}
+}
+
+function get_hawq_user() {
+ local default="gpadmin"
+ while [[ -z "$HAWQ_USER" ]]
+ do
+ HAWQ_USER=$(read_value "HAWQ user name [${default}]")
+ done
+}
+
+function get_hawq_password() {
+ while [[ -z "$HAWQ_PASSWORD" ]]
+ do
+ HAWQ_PASSWORD=$(read_password "HAWQ password")
+ echo
+ done
+}
+
+function parse_params() {
+ while [[ $# -gt 0 ]]
+ do
+ key="$1"
+ case $key in
+ -r)
+ RANGER_URL="$2"
+ shift
+ ;;
+ -u)
+ RANGER_USER="$2"
+ shift
+ ;;
+ -p)
+ RANGER_PASSWORD="$2"
+ shift
+ ;;
+ -h)
+ HAWQ_URL="$2"
+ shift
+ ;;
+ -w)
+ HAWQ_USER="$2"
+ shift
+ ;;
+ -q)
+ HAWQ_PASSWORD="$2"
+ shift
+ ;;
+ *)
+ usage
+ ;;
+ esac
+ shift
+ done
+}
+
+function validate_params() {
+ get_ranger_url
+ get_ranger_user
+ get_ranger_password
+ get_hawq_url
+ get_hawq_user
+ get_hawq_password
+ echo "RANGER URL = ${RANGER_URL}"
+ echo "RANGER User = ${RANGER_USER}"
+ echo "RANGER Password = $(mask ${RANGER_PASSWORD})"
+ echo "HAWQ HOST = ${HAWQ_HOST}"
+ echo "HAWQ PORT = ${HAWQ_PORT}"
+ echo "HAWQ User = ${HAWQ_USER}"
+ echo "HAWQ Password = $(mask ${HAWQ_PASSWORD})"
+}
+
+function check_hawq_service_definition() {
+ echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/servicedef/name/hawq | grep hawq | wc -l)
+}
+
+function create_hawq_service_definition() {
+ if [ $(check_hawq_service_definition) == 0 ]; then
+ local json_file="$(dirname ${SCRIPT_DIR})/etc/ranger-servicedef-hawq.json"
+ if [ ! -f ${json_file} ]; then
+ fail "File ${json_file} not found."
+ fi
+ echo "HAWQ service definition was not found in Ranger Admin, creating it by uploading ${json_file}"
+ local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/plugins/definitions -d @${json_file})
+ local created=$(echo ${output} | grep created | wc -l)
+ if [ ${created} == 0 ] || [ $(check_hawq_service_definition) == 0 ]; then
+ fail "Creation of HAWQ service definition from ${json_file} in Ranger Admin at ${RANGER_URL} failed. ${output}"
+ fi
+ else
+ echo "HAWQ service definition already exists in Ranger Admin, nothing to do."
+ fi
+}
+
+function check_hawq_service_instance() {
+ echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/service/name/hawq | grep hawq | wc -l)
+}
+
+function create_hawq_service_instance() {
+ if [ $(check_hawq_service_instance) == 0 ]; then
+ local payload="{\"name\":\"hawq\",
+ \"type\":\"hawq\",
+ \"description\":\"HAWQ Master\",
+ \"isEnabled\":true,
+ \"configs\":{\"username\":\"${HAWQ_USER}\",
+ \"password\":\"${HAWQ_PASSWORD}\",
+ \"hostname\":\"${HAWQ_HOST}\",
+ \"port\":\"${HAWQ_PORT}\"}}"
+
+ echo "HAWQ service instance was not found in Ranger Admin, creating it."
+ local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/public/v2/api/service -d "${payload}")
+ local created=$(echo ${output} | grep created | wc -l)
+ if [ ${created} == 0 ] || [ $(check_hawq_service_instance) == 0 ]; then
+ fail "Creation of HAWQ service instance in Ranger Admin at ${RANGER_URL} failed. ${output}"
+ fi
+ else
+ echo "HAWQ service instance already exists in Ranger Admin, nothing to do."
+ fi
+}
+
+function update_ranger_url() {
+ local policy_mgr_url="http://${RANGER_URL}"
+ local prop_file=$(dirname ${SCRIPT_DIR})/etc/rps.properties
+ sed -i -e "s|^POLICY_MGR_URL=.*|POLICY_MGR_URL=${policy_mgr_url}|g" ${prop_file}
+ echo "Updated POLICY_MGR_URL to ${policy_mgr_url} in ${prop_file}"
+}
+
+main() {
+ if [[ $# -lt 1 ]]; then
+ usage
+ fi
+ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd -P)"
+ parse_params "$@"
+ validate_params
+ create_hawq_service_definition
+ create_hawq_service_instance
+ update_ranger_url
+}
+main "$@"
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/register_hawq.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/register_hawq.sh b/ranger-plugin/scripts/register_hawq.sh
deleted file mode 100755
index 11e2df8..0000000
--- a/ranger-plugin/scripts/register_hawq.sh
+++ /dev/null
@@ -1,217 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-function usage() {
- echo "USAGE: register_hawq.sh -r ranger_host:ranger_port -u ranger_user -p ranger_password -h hawq_host:hawq_port -w hawq_user -q hawq_password"
- exit 1
-}
-
-function fail() {
- echo "ERROR: $1"
- exit 1
-}
-
-function mask() {
- printf -v stars '%*s' ${#1} ''
- echo "[${stars// /*}]"
-}
-
-function read_value() {
- local input
- read -p "Enter value for $1 : " input
- echo $input
-}
-
-function read_password() {
- local input
- read -s -p "Enter value for $1 : " input
- echo $input
-}
-
-function get_ranger_url() {
- while [[ -z "$RANGER_URL" ]]
- do
- RANGER_URL=$(read_value "Ranger Admin host and port (e.g. abc.com:6080)")
- done
- local prefix="http://"
- RANGER_URL=${RANGER_URL#$prefix}
-}
-
-function get_ranger_user() {
- while [[ -z "$RANGER_USER" ]]
- do
- RANGER_USER=$(read_value "Ranger Admin user name")
- done
-}
-
-function get_ranger_password() {
- while [[ -z "$RANGER_PASSWORD" ]]
- do
- RANGER_PASSWORD=$(read_password "Ranger Admin password")
- echo
- done
-}
-
-function get_hawq_url() {
- #todo read hawq-site.xml ?
- local default=`hostname -f`
- default="${default}:5432"
- while [[ -z "$HAWQ_URL" ]]
- do
- HAWQ_URL=$(read_value "HAWQ Master host and port [${default}]")
- done
- local prefix="http://"
- HAWQ_URL=${HAWQ_URL#$prefix}
- local parts=(${HAWQ_URL//:/ })
- if [ ${#parts[@]} != 2 ]; then
- fail "Incorrect value for HAWQ Master host and port."
- fi
- HAWQ_HOST=${parts[0]}
- HAWQ_PORT=${parts[1]}
-}
-
-function get_hawq_user() {
- local default="gpadmin"
- while [[ -z "$HAWQ_USER" ]]
- do
- HAWQ_USER=$(read_value "HAWQ user name [${default}]")
- done
-}
-
-function get_hawq_password() {
- while [[ -z "$HAWQ_PASSWORD" ]]
- do
- HAWQ_PASSWORD=$(read_password "HAWQ password")
- echo
- done
-}
-
-function parse_params() {
- while [[ $# -gt 0 ]]
- do
- key="$1"
- case $key in
- -r)
- RANGER_URL="$2"
- shift
- ;;
- -u)
- RANGER_USER="$2"
- shift
- ;;
- -p)
- RANGER_PASSWORD="$2"
- shift
- ;;
- -h)
- HAWQ_URL="$2"
- shift
- ;;
- -w)
- HAWQ_USER="$2"
- shift
- ;;
- -q)
- HAWQ_PASSWORD="$2"
- shift
- ;;
- *)
- usage
- ;;
- esac
- shift
- done
-}
-
-function validate_params() {
- get_ranger_url
- get_ranger_user
- get_ranger_password
- get_hawq_url
- get_hawq_user
- get_hawq_password
- echo "RANGER URL = ${RANGER_URL}"
- echo "RANGER User = ${RANGER_USER}"
- echo "RANGER Password = $(mask ${RANGER_PASSWORD})"
- echo "HAWQ HOST = ${HAWQ_HOST}"
- echo "HAWQ PORT = ${HAWQ_PORT}"
- echo "HAWQ User = ${HAWQ_USER}"
- echo "HAWQ Password = $(mask ${HAWQ_PASSWORD})"
-}
-
-function check_hawq_service_definition() {
- echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/servicedef/name/hawq | grep hawq | wc -l)
-}
-
-function create_hawq_service_definition() {
- if [ $(check_hawq_service_definition) == 0 ]; then
- local json_file="$(dirname ${SCRIPT_DIR})/etc/ranger-servicedef-hawq.json"
- if [ ! -f ${json_file} ]; then
- fail "File ${json_file} not found."
- fi
- echo "HAWQ service definition was not found in Ranger Admin, creating it by uploading ${json_file}"
- local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/plugins/definitions -d @${json_file})
- local created=$(echo ${output} | grep created | wc -l)
- if [ ${created} == 0 ] || [ $(check_hawq_service_definition) == 0 ]; then
- fail "Creation of HAWQ service definition from ${json_file} in Ranger Admin at ${RANGER_URL} failed. ${output}"
- fi
- else
- echo "HAWQ service definition already exists in Ranger Admin, nothing to do."
- fi
-}
-
-function check_hawq_service_instance() {
- echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/service/name/hawq | grep hawq | wc -l)
-}
-
-function create_hawq_service_instance() {
- if [ $(check_hawq_service_instance) == 0 ]; then
- local payload="{\"name\":\"hawq\",
- \"type\":\"hawq\",
- \"description\":\"HAWQ Master\",
- \"isEnabled\":true,
- \"configs\":{\"username\":\"${HAWQ_USER}\",
- \"password\":\"${HAWQ_PASSWORD}\",
- \"hostname\":\"${HAWQ_HOST}\",
- \"port\":\"${HAWQ_PORT}\"}}"
-
- echo "HAWQ service instance was not found in Ranger Admin, creating it."
- local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/public/v2/api/service -d "${payload}")
- local created=$(echo ${output} | grep created | wc -l)
- if [ ${created} == 0 ] || [ $(check_hawq_service_instance) == 0 ]; then
- fail "Creation of HAWQ service instance in Ranger Admin at ${RANGER_URL} failed. ${output}"
- fi
- else
- echo "HAWQ service instance already exists in Ranger Admin, nothing to do."
- fi
-}
-
-main() {
- if [[ $# -lt 1 ]]; then
- usage
- fi
- SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
- parse_params "$@"
- validate_params
- create_hawq_service_definition
- create_hawq_service_instance
-}
-main "$@"
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/rps.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/rps.sh b/ranger-plugin/scripts/rps.sh
index e8ccf3a..476d0d6 100755
--- a/ranger-plugin/scripts/rps.sh
+++ b/ranger-plugin/scripts/rps.sh
@@ -20,41 +20,71 @@
#
if [ $# -le 0 ]; then
- echo "Usage: rps (start|stop|init) [<catalina-args...>]"
+ echo "Usage: rps.sh (start|stop)"
exit 1
fi
-actionCmd=$1
+action=$1
shift
-CWDIR=$( cd $( dirname ${BASH_SOURCE[0]} ) && pwd )
-source $CWDIR/rps_env.sh
-
-setup_rps() {
- echo "Initializing Hawq Ranger Plugin Service..."
- cp $CATALINA_HOME/conf.template/* $CATALINA_BASE/conf
- cp $CATALINA_BASE/conf/tomcat-server.xml $CATALINA_BASE/conf/server.xml
- pushd $CATALINA_BASE/webapps >/dev/null
- unzip -d rps rps.war >/dev/null
- find . -name ranger-hawq-security.xml | xargs sed -i \
- "s/localhost:6080/$RANGER_ADMIN_HOST:$RANGER_ADMIN_PORT/g"
- popd >/dev/null
- echo "Hawq Ranger Plugin Service installed on http://$RPS_HOST:$RPS_PORT/rps"
- echo "Please use 'rps.sh start' to start the service"
+CWDIR=$( cd $( dirname ${BASH_SOURCE[0]} ) && pwd -P)
+BASEDIR=$( dirname ${CWDIR} )
+# read properties from the file
+source ${BASEDIR}/etc/rps.properties
+
+export CATALINA_HOME=/usr/lib/bigtop-tomcat
+export CATALINA_BASE=${BASEDIR}/plugin-service
+export CATALINA_PID=${CATALINA_BASE}/work/rps.pid
+
+# options used to start the RPS process
+export CATALINA_OPTS="-server -Xms512m -Xmx512m -XX:MaxPermSize=128m
+ -Dproc_rps -Dversion=${RPS_VERSION}
+ -Dranger.hawq.instance=${RANGER_HAWQ_INSTANCE}
+ -Drps.http.port=${RPS_HTTP_PORT} -Drps.https.port=${RPS_HTTPS_PORT}
+ -Dpolicy.manager.url=${POLICY_MGR_URL}"
+
+# options used to stop the RPS process
+export JAVA_OPTS="-Drps.shutdown.port=${RPS_SHUTDOWN_PORT}"
+
+RPS_URL="http://localhost:${RPS_HTTP_PORT}/rps"
+RPS_LOG="${CATALINA_BASE}/logs/catalina.out"
+
+function fail() {
+ echo "FATAL: Failed to ${1} HAWQ Ranger Plugin Service. Check ${RPS_LOG} for details."
+ exit 2
}
-case $actionCmd in
- (init)
- setup_rps
- ;;
+function tomcat_command() {
+ ${CWDIR}/catalina.sh ${1} ${2}
+ if [ $? -ne 0 ]; then
+ fail ${1}
+ fi
+}
+
+function wait_until_server_started() {
+ echo -n "Waiting for Hawq Ranger Plugin Service to start ."
+ local retries="20"
+ local n=0
+ until $(curl -s --output /dev/null --fail ${RPS_URL}/version); do
+ n=$[${n}+1]
+ if [ ${n} -ge ${retries} ]; then
+ echo
+ fail "start"
+ fi
+ printf '.'
+ sleep 3
+ done
+ echo -e "\nHawq Ranger Plugin Service is available at ${RPS_URL}"
+}
+
+case ${action} in
(start)
- $CATALINA_HOME/bin/catalina.sh start "$@"
- echo "Waiting for RPS service to start..."
- sleep 15
+ tomcat_command "start"
+ wait_until_server_started
;;
(stop)
- $CATALINA_HOME/bin/catalina.sh stop "$@"
- echo "Waiting for RPS service to stop..."
- sleep 10
+ # allow the server 10 seconds after shutdown command before force killing it
+ tomcat_command "stop" "10 -force"
+ echo "Hawq Ranger Plugin Service is stopped."
;;
esac
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/rps_env.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/rps_env.sh b/ranger-plugin/scripts/rps_env.sh
deleted file mode 100755
index ae36e8f..0000000
--- a/ranger-plugin/scripts/rps_env.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-export CATALINA_HOME=/usr/lib/bigtop-tomcat
-export CATALINA_BASE=/usr/local/hawq/ranger/plugin-service
-
-export RANGER_ADMIN_HOST=${RANGER_ADMIN_HOST:-localhost}
-export RANGER_ADMIN_PORT=${RANGER_ADMIN_PORT:-6080}
-
-export RPS_HOST=${RPS_HOST:-localhost}
-export RPS_PORT=${RPS_PORT:-8432}
-export CATALINA_OPTS="-Dhttp.host=$RPS_HOST -Dhttp.port=$RPS_PORT"
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/setenv.sh
----------------------------------------------------------------------
diff --git a/ranger-plugin/scripts/setenv.sh b/ranger-plugin/scripts/setenv.sh
new file mode 100755
index 0000000..6124d83
--- /dev/null
+++ b/ranger-plugin/scripts/setenv.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# allow the webapp to see config files in this directory from its classpath
+export CLASSPATH=$(dirname ${CATALINA_BASE})/etc
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/pom.xml b/ranger-plugin/service/pom.xml
index 3f2f9f8..f29817c 100644
--- a/ranger-plugin/service/pom.xml
+++ b/ranger-plugin/service/pom.xml
@@ -32,14 +32,44 @@
<relativePath>..</relativePath>
</parent>
<build>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- <filtering>true</filtering>
- </resource>
- </resources>
<plugins>
<plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>3.0.2</version>
+ <executions>
+ <execution>
+ <id>copy-resources</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <escapeString>\</escapeString>
+ <outputDirectory>${basedir}/target/conf</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/../conf</directory>
+ <excludes>
+ <exclude>ranger-servicedef-hawq.json</exclude>
+ <exclude>server.xml</exclude>
+ </excludes>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>3.0.0</version>
+ <configuration>
+ <!-- Due to Hadoop library using system-level JVM hook, all dependent classes must be loaded by
+ Tomcat's server classloader, so they are shipped in RPM and not with the webapp -->
+ <packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes>
+ </configuration>
+ </plugin>
+ <plugin>
<!-- use mvn tomcat6:run-war to run the appserver with the app deployed -->
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat6-maven-plugin</artifactId>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
index 04d6f99..0d97e21 100644
--- a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java
@@ -29,6 +29,7 @@ import org.apache.hawq.ranger.authorization.model.AuthorizationResponse;
import org.apache.hawq.ranger.authorization.model.HawqPrivilege;
import org.apache.hawq.ranger.authorization.model.HawqResource;
import org.apache.hawq.ranger.authorization.model.ResourceAccess;
+import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
@@ -67,14 +68,15 @@ public class RangerHawqAuthorizer implements HawqAuthorizer {
*/
private RangerHawqAuthorizer() {
- LOG.info("Initializing RangerHawqAuthorizer");
+ LOG.info("********** Initializing RangerHawqAuthorizer **********");
String appId = Utils.getAppId();
LOG.info(String.format("Initializing RangerBasePlugin for service %s:%s", HAWQ, appId));
rangerPlugin = new RangerBasePlugin(HAWQ, appId);
+ rangerPlugin.setResultProcessor(new RangerDefaultAuditHandler());
rangerPlugin.init();
- LOG.info(String.format("Initialized RangerBasePlugin for service %s:%s", HAWQ, appId));
+ LOG.info(String.format("********** Initialized RangerBasePlugin for service %s:%s **********", HAWQ, appId));
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
index 86f7fc4..5f99b9d 100644
--- a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
+++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java
@@ -27,14 +27,16 @@ import java.io.InputStream;
import java.util.Properties;
/**
- * Utility class for reading values from the property file.
+ * Utility class for reading values from the environment with falling back to reading them from the property file.
*/
public abstract class Utils {
public static final String HAWQ = "hawq";
public static final String UNKNOWN = "unknown";
- public static final String APP_ID_PROPERTY = "ranger.hawq.instance";
- public static final String VERSION_PROPERTY = "version";
+ public static final String APP_ID_PROPERTY_ENV = "ranger.hawq.instance";
+ public static final String APP_ID_PROPERTY_FILE = "RANGER_HAWQ_INSTANCE";
+ public static final String VERSION_PROPERTY_ENV = "version";
+ public static final String VERSION_PROPERTY_FILE = "RPS_VERSION";
public static final String RANGER_SERVICE_PROPERTY_FILE = "rps.properties";
private static final Log LOG = LogFactory.getLog(Utils.class);
@@ -42,25 +44,26 @@ public abstract class Utils {
/**
* Retrieves the app id from the environment variable with the key ranger.hawq.instance
- * or from the rps.properties file with the key ranger.hawq.instance
+ * or from the rps.properties file with the key RANGER_HAWQ_INSTANCE
*
* If none exist, hawq is used as the default
*
* @return String id of the app
*/
public static String getAppId() {
- return System.getProperty(APP_ID_PROPERTY, properties.getProperty(APP_ID_PROPERTY, HAWQ));
+ return System.getProperty(APP_ID_PROPERTY_ENV, properties.getProperty(APP_ID_PROPERTY_FILE, HAWQ));
}
/**
- * Retrieves the version read from the property file.
+ * Retrieves the version from the environment variable with the key version
+ * or from the rps.properties file with the key RPS_VERSION
*
* If none exist, unknown is used as the default
*
* @return version of the service
*/
public static String getVersion() {
- return properties.getProperty(VERSION_PROPERTY, UNKNOWN);
+ return System.getProperty(VERSION_PROPERTY_ENV, properties.getProperty(VERSION_PROPERTY_FILE, UNKNOWN));
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/resources/log4j.properties b/ranger-plugin/service/src/main/resources/log4j.properties
deleted file mode 100644
index 6bbdaed..0000000
--- a/ranger-plugin/service/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,42 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# see debug messages during unit tests
-project.root.logger=DEBUG,console
-
-# suppress all logging output during unit tests
-#project.root.logger=FATAL,devnull
-
-#
-# Loggers
-#
-log4j.rootLogger=${project.root.logger}
-
-# ignore most errors from the Apache Ranger and Hadoop for unit tests
-log4j.logger.org.apache.ranger=FATAL
-log4j.logger.org.apache.hadoop=FATAL
-
-#
-# Appenders
-#
-
-# nothing
-log4j.appender.devnull=org.apache.log4j.varia.NullAppender
-
-# console
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.target=System.err
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml b/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml
deleted file mode 100644
index 46dd75d..0000000
--- a/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml
+++ /dev/null
@@ -1,92 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
- <property>
- <name>ranger.plugin.hawq.service.name</name>
- <value>hawq</value>
- <description>
- Name of the Ranger service containing policies for this HAWQ instance
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.hawq.policy.source.impl</name>
- <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
- <description>
- Class to retrieve policies from the source
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.hawq.policy.rest.url</name>
- <value>http://localhost:6080</value>
- <description>
- URL to Ranger Admin
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.hawq.policy.rest.ssl.config.file</name>
- <value>/usr/local/hawq/ranger/etc/ranger-policymgr-ssl.xml</value>
- <description>
- Path to the file containing SSL details to contact Ranger Admin
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.hawq.policy.pollIntervalMs</name>
- <value>30000</value>
- <description>
- How often to poll for changes in policies?
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.hawq.policy.cache.dir</name>
- <value>/usr/local/hawq/ranger/policycache</value>
- <description>
- Directory where Ranger policies are cached after successful retrieval from the source
- </description>
- </property>
-
- <!--
- <property>
- <name>xasecure.hive.update.xapolicies.on.grant.revoke</name>
- <value>true</value>
- <description>Should Hive plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description>
- </property>
- -->
- <property>
- <name>ranger.plugin.hawq.policy.rest.client.connection.timeoutMs</name>
- <value>120000</value>
- <description>
- RangerRESTClient Connection Timeout in Milliseconds
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.hawq.policy.rest.client.read.timeoutMs</name>
- <value>30000</value>
- <description>
- RangerRESTClient read Timeout in Milliseconds
- </description>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/resources/rps.properties
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/resources/rps.properties b/ranger-plugin/service/src/main/resources/rps.properties
deleted file mode 100644
index 9e2b1f4..0000000
--- a/ranger-plugin/service/src/main/resources/rps.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ranger.hawq.instance=hawq
-version=${project.version}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
index 36c976f..d8ae121 100644
--- a/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
+++ b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml
@@ -31,10 +31,9 @@ under the License.
init-param com.sun.jersey.config.property.packages
Tells Jersey where are the REST components of this webapp
jersey.config.server.provider.scanning.recursive
- Tells Jersey to recusively scan package for REST resources
+ Tells Jersey to scan package for REST resources recursively
load-on-startup Initialize the webapp on app server startup
- servlet-mapping Maps the path of the servlet (ranger-plugin/*)
- listener A class called after the webapp was initialized and before it's about to go down
+ servlet-mapping Maps the path of the servlet under the context (/*)
-->
<servlet>
@@ -54,19 +53,4 @@ under the License.
<servlet-name>HAWQ_Ranger_Plugin_Service</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
-
- <!--
- <listener>
- <listener-class>org.apache.hawq.pxf.service.rest.ServletLifecycleListener</listener-class>
- </listener>
- -->
- <!-- log4j configuration
- Log4jConfigListener looks for a file under log4jConfigLocation.
- When not using absolute path, the path starts from the webapp root directory.
- If this file cannot be read, log4j will revert to using the default
- pxf-log4j.properties inside the webapp. -->
- <context-param>
- <param-name>log4jConfigLocation</param-name>
- <param-value>/etc/pxf/conf/pxf-log4j.properties</param-value>
- </context-param>
</web-app>
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
index bf62785..5b94df0 100644
--- a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
+++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java
@@ -21,7 +21,8 @@ package org.apache.hawq.ranger.authorization;
import org.junit.Test;
-import static org.apache.hawq.ranger.authorization.Utils.APP_ID_PROPERTY;
+import static org.apache.hawq.ranger.authorization.Utils.APP_ID_PROPERTY_ENV;
+import static org.apache.hawq.ranger.authorization.Utils.VERSION_PROPERTY_ENV;
import static org.junit.Assert.assertEquals;
/**
@@ -30,19 +31,26 @@ import static org.junit.Assert.assertEquals;
public class UtilsTest {
@Test
- public void testCustomAppId_SystemEnv() throws Exception {
- System.setProperty(APP_ID_PROPERTY, "app-id");
+ public void testAppId_SystemEnv() throws Exception {
+ System.setProperty(APP_ID_PROPERTY_ENV, "app-id");
assertEquals("app-id", Utils.getAppId());
- System.clearProperty(APP_ID_PROPERTY);
+ System.clearProperty(APP_ID_PROPERTY_ENV);
}
@Test
- public void testCustomAppId_PropertyFile() throws Exception {
+ public void testAppId_PropertyFile() throws Exception {
assertEquals("instance-test", Utils.getAppId());
}
@Test
- public void testGetVersion() throws Exception {
+ public void testGetVersion_SystemEnv() throws Exception {
+ System.setProperty(VERSION_PROPERTY_ENV, "1.2.3");
+ assertEquals("1.2.3", Utils.getVersion());
+ System.clearProperty(VERSION_PROPERTY_ENV);
+ }
+
+ @Test
+ public void testGetVersion_PropertyFile() throws Exception {
assertEquals("version-test", Utils.getVersion());
}
}
\ No newline at end of file