You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrii Babiichuk (JIRA)" <ji...@apache.org> on 2015/01/29 13:14:34 UTC

[jira] [Created] (AMBARI-9395) Ambari Web UI changes required to support Ranger Installation

Andrii Babiichuk created AMBARI-9395:
----------------------------------------

             Summary: Ambari Web UI changes required to support Ranger Installation
                 Key: AMBARI-9395
                 URL: https://issues.apache.org/jira/browse/AMBARI-9395
             Project: Ambari
          Issue Type: Task
          Components: ambari-web
    Affects Versions: 2.0.0
            Reporter: Andrii Babiichuk
            Assignee: Andrii Babiichuk
             Fix For: 2.0.0


Ranger Policy Admin and User/Group Sync Process fields will be under the "Ranger" service and Ranger Agents fields will be under the corresponding component ( HDFS/Hive/HBASE/KNOX/STORM currently)

{color:blue} +*Ranger Policy Admin:*+{color}
+Admin Setting+
|Name|Type|Default|Label|
|ambari_user_password|Password|ambari|Ranger Admin user's password for Ambari|
|SQL_CONNECTOR_JAR|Text|/usr/share/java/mysql-connector-java.jar|Location of Sql Connector Jar |

+DB Settings+
|DB_FLAVOR|SelectOne(MYSQL,ORACLE)|MYSQL|DB Flavor|
|SQL_COMMAND_INVOKER|Text|mysql| |
|db_host|Text|<Blank>|Admin DB Instance|
|db_root_user|Text|<Blank>|Admin DB root user|
|db_root_password|Password|<Blank>|Admin DB root password|
|db_name|Text|<Blank>|Admin DB database name|
|db_user|Text|<Blank>|Admin DB mysql username|
|db_password|Password|<Blank>|Admin DB mysql password|
|audit_db_name|Text|<Blank>|Admin DB database name|
|audit_db_user|Text|<Blank>|Admin DB mysql username|
|audit_db_password|Password|<Blank>|Admin DB mysql password|

+Ranger Settings+
|policymgr_external_url|Text(URL)|http://localhost:6080| External URL|
|policymgr_http_enabled|Checkbox|Selected|HTTP enabled|
|unix_user|Text|ranger|Used to create user and assign permission|
|unix_group|Text|ranger|Used to create group and assign permission|
|authentication_method|SelectOne(LDAP,ACTIVE_DIRECTORY,UNIX,NONE)|NONE|Authentication method|

+Unix Authentication Settings( Enable only if authentication_method=UNIX )+
|remoteLoginEnabled|Checkbox|Selected|Allow remote Login|
|authServiceHostName|Text|localhost| |
|authServicePort|Text(Numerical)|5151| |

+LDAP Settings ( Enable only if authentication_method=LDAP )+
|xa_ldap_url|Text| |E.g. ldap://71.127.43.33:389|
|xa_ldap_userDNpattern|Text| |E.g. "uid={0},ou=users,dc=xasecure,dc=net" |
|xa_ldap_groupSearchBase|Text| |E.g."ou=groups,dc=xasecure,dc=net"|
|xa_ldap_groupSearchFilter|Text| |E.g."(member=uid={0},ou=users,dc=xasecure,dc=net)"|
|xa_ldap_groupRoleAttribute|Text| |E.g."cn"|

+AD Settings ( Enable only if authentication_method=AD )+
|xa_ldap_ad_domain|Text|<Blank>|E.g."xasecure.net" |
|xa_ldap_ad_url|Text|<Blank>|E.g."ldap://ad.xasecure.net:389" |



{color:blue}+*User/Group Sync Process:*+{color}
|Name|Type|Default|Label|
|{color:red}RANGER_HOST{color}|Text|<Blank>|Policy Admin URL|
|SYNC_INTERVAL|Text|360|sync interval in minutes|
|SYNC_LDAP_URL|Text|<Blank>|E.g. ldap://ldap.example.com:389|
|SYNC_LDAP_BIND_DN|Text|<Blank>|E.g. cn=admin,ou=users,dc=hadoop,dc=apache,dc-org|
|SYNC_LDAP_BIND_PASSWORD|Text|<Blank>| |
|SYNC_LDAP_USER_SEARCH_BASE|Text|<Blank>|Eg. ou=users,dc=xasecure,dc=net |
|SYNC_LDAP_USER_SEARCH_SCOPE|Text|sub| |
|SYNC_LDAP_USER_OBJECT_CLASS|Text|person|objectclass to identify user entries|
|SYNC_LDAP_USER_SEARCH_FILTER|Text|<Blank>|optional additional filter constraining the users selected for syncing|
|SYNC_LDAP_USER_NAME_ATTRIBUTE|Text|cn|attribute from user entry that would be treated as user name|
|SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE|Text|memberof,ismemberof|attribute from user entry whose values would be treated as group values|
|SYNC_LDAP_USERNAME_CASE_CONVERSION|Text|lower|Case Conversion Flags|
|SYNC_LDAP_GROUPNAME_CASE_CONVERSION|Text|lower|Case Conversion Flags|
|CRED_KEYSTORE_FILE|Text|<Blank>| |


{color:blue}+*RANGER Agents*+ (for each agent - HDFS/Hive/Hbase/Knox/Storm){color}
|Name|Type|Default|Label|
|enable_hdfs_plugin|Checkbox|Disabled|Enable Ranger for HDFS|
|{color:red}RANGER_HOST{color}|Text|<Blank>|Policy Admin URL|
|SQL_CONNECTOR_JAR|Text|/usr/share/java/mysql-connector-java.jar|Location of Sql Connector Jar |
|XAAUDIT.DB.IS_ENABLED|Checkbox|Disabled|Audit to DB|
|XAAUDIT.HDFS.IS_ENABLED|Checkbox|Disabled|Audit to HDFS|

+HDFS Audit Settings ( Enabled Only if XAAUDIT.HDFS.IS_ENABLED is checked )+
|XAAUDIT.HDFS.DESTINATION_DIRECTORY|Text|hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%||
|XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY|Text|__REPLACE__LOG_DIR/hbase/audit/%app-type%| |
|XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY|Text|__REPLACE__LOG_DIR/hbase/audit/archive/%app-type%| |
|XAAUDIT.HDFS.DESTINTATION_FILE|Text|%hostname%-audit.log| |
|XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS|Text|900| |
|XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS|Text|86400| |
|XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS|Text|60| |
|XAAUDIT.HDFS.LOCAL_BUFFER_FILE|Text|%time:yyyyMMdd-HHmm.ss%.log| |
|XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS|Text|60| |
|XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS|Text|600| |
|XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT|Text|10| |

+Grant/Revoke Settings ( Only for Hive/HBase Plugin )+
|UPDATE_XAPOLICIES_ON_GRANT_REVOKE|Checkbox|Enabled|Should HBase/Hive GRANT/REVOKE update XA policies?|

+SSL Settings+

|SSL_KEYSTORE_FILE_PATH|Text|/etc/hadoop/conf/ranger-plugin-keystore.jks| |
|SSL_KEYSTORE_PASSWORD|Text|myKeyFilePassword| |
|SSL_TRUSTSTORE_FILE_PATH|Text|/etc/hadoop/conf/ranger-plugin-truststore.jks| |
|SSL_TRUSTSTORE_PASSWORD|Text|changeit| |




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)