You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2022/04/13 06:14:28 UTC
[ranger] branch ranger-2.3 updated: RANGER-3632: accesslog RENAME_ON_ROTATE, del log4j remains
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new da426dc8d RANGER-3632: accesslog RENAME_ON_ROTATE, del log4j remains
da426dc8d is described below
commit da426dc8da469585f1c8f05d5d70189ebc7e6592
Author: Kirby Zhou <ki...@gmail.com>
AuthorDate: Sun Feb 20 23:34:36 2022 +0800
RANGER-3632: accesslog RENAME_ON_ROTATE, del log4j remains
Signed-off-by: pradeep <pr...@apache.org>
---
.../ranger-admin-install-postgres.properties | 2 +-
embeddedwebserver/scripts/ranger-admin-services.sh | 6 +-
.../ranger/server/tomcat/EmbeddedServer.java | 12 +++-
.../ranger/server/tomcat/EmbeddedServerUtil.java | 13 +++++
ranger-tools/scripts/README.txt | 2 +-
security-admin/scripts/changepasswordutil.py | 2 +-
security-admin/scripts/changeusernameutil.py | 2 +-
security-admin/scripts/db_setup.py | 36 ++++++------
security-admin/scripts/install.properties | 2 +-
security-admin/scripts/rolebasedusersearchutil.py | 4 +-
security-admin/scripts/setup.sh | 12 ++--
.../scripts/updateUserAndGroupNamesInJson.py | 2 +-
security-admin/src/bin/ranger_install.py | 4 +-
.../WEB-INF => resources/conf.dist}/logback.xml | 0
.../conf.dist/ranger-admin-default-site.xml | 19 +++++-
.../src/main/webapp/WEB-INF/db_patch.logback.xml | 68 ++++++++++++++++++++++
security-admin/src/test/resources/logback-test.xml | 22 +++++++
tagsync/scripts/setup.py | 4 +-
unixauthservice/scripts/setup.py | 4 +-
19 files changed, 170 insertions(+), 46 deletions(-)
diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties b/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties
index 53563e2fd..656430b79 100644
--- a/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties
+++ b/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties
@@ -22,7 +22,7 @@ RANGER_ADMIN_LOG_DIR=/var/log/ranger
RANGER_PID_DIR_PATH=/var/run/ranger
DB_FLAVOR=POSTGRES
SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar
-RANGER_ADMIN_LOG4J_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/logback.xml
+RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml
db_root_user=postgres
db_root_password=rangerR0cks!
diff --git a/embeddedwebserver/scripts/ranger-admin-services.sh b/embeddedwebserver/scripts/ranger-admin-services.sh
index 54ac41056..6831dea7e 100755
--- a/embeddedwebserver/scripts/ranger-admin-services.sh
+++ b/embeddedwebserver/scripts/ranger-admin-services.sh
@@ -57,9 +57,9 @@ then
RANGER_ADMIN_LOG_DIR=${XAPOLICYMGR_EWS_DIR}/logs
fi
-if [ -z "${RANGER_ADMIN_LOG4J_CONF_FILE}" ]
+if [ -z "${RANGER_ADMIN_LOGBACK_CONF_FILE}" ]
then
- RANGER_ADMIN_LOG4J_CONF_FILE=${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/logback.xml
+ RANGER_ADMIN_LOGBACK_CONF_FILE=${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf/logback.xml
fi
if [ -z "${RANGER_PID_DIR_PATH}" ]
@@ -91,7 +91,7 @@ fi
SERVER_NAME=rangeradmin
start() {
SLEEP_TIME_AFTER_START=5
- nohup java -Dproc_rangeradmin ${JAVA_OPTS} -Dlogback.configurationFile=file:${RANGER_ADMIN_LOG4J_CONF_FILE} -Duser=${USER} -Dhostname=${HOSTNAME} ${DB_SSL_PARAM} -Dservername=${SERVER_NAME} -Dlogdir=${RANGER_ADMIN_LOG_DIR} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*:$C [...]
+ nohup java -Dproc_rangeradmin ${JAVA_OPTS} -Dlogback.configurationFile=file:${RANGER_ADMIN_LOGBACK_CONF_FILE} -Duser=${USER} -Dhostname=${HOSTNAME} ${DB_SSL_PARAM} -Dservername=${SERVER_NAME} -Dlogdir=${RANGER_ADMIN_LOG_DIR} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*: [...]
VALUE_OF_PID=$!
echo "Starting Apache Ranger Admin Service"
sleep $SLEEP_TIME_AFTER_START
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index f5636e180..cae9075a7 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -78,6 +78,9 @@ public class EmbeddedServer {
private static final String ACCESS_LOG_PREFIX = "ranger.accesslog.prefix";
private static final String ACCESS_LOG_DATE_FORMAT = "ranger.accesslog.dateformat";
private static final String ACCESS_LOG_PATTERN = "ranger.accesslog.pattern";
+ private static final String ACCESS_LOG_ROTATE_ENABLED = "ranger.accesslog.rotate.enabled";
+ private static final String ACCESS_LOG_ROTATE_MAX_DAYS = "ranger.accesslog.rotate.max_days";
+ private static final String ACCESS_LOG_ROTATE_RENAME_ON_ROTATE = "ranger.accesslog.rotate.rename_on_rotate";
public static final String RANGER_KEYSTORE_FILE_TYPE_DEFAULT = KeyStore.getDefaultType();
public static final String RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT = KeyStore.getDefaultType();
public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2";
@@ -192,12 +195,15 @@ public class EmbeddedServer {
valve.setAsyncSupported(true);
valve.setBuffered(false);
valve.setEnabled(true);
- valve.setPrefix(EmbeddedServerUtil.getConfig(ACCESS_LOG_PREFIX,"access-" + hostName +"-"));
- valve.setFileDateFormat(EmbeddedServerUtil.getConfig(ACCESS_LOG_DATE_FORMAT, "yyyy-MM-dd.HH"));
+ valve.setPrefix(EmbeddedServerUtil.getConfig(ACCESS_LOG_PREFIX,"access-" + hostName));
+ valve.setFileDateFormat(EmbeddedServerUtil.getConfig(ACCESS_LOG_DATE_FORMAT, "-yyyy-MM-dd.HH"));
valve.setDirectory(logDirectory.getAbsolutePath());
valve.setSuffix(".log");
+ valve.setRotatable(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_ENABLED, true));
+ valve.setMaxDays(EmbeddedServerUtil.getIntConfig(ACCESS_LOG_ROTATE_MAX_DAYS,15));
+ valve.setRenameOnRotate(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_RENAME_ON_ROTATE, false));
- String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b" : "%h %l %u %t \"%r\" %s %b";
+ String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b %D" : "%h %l %u %t \"%r\" %s %b %D";
String logPattern = EmbeddedServerUtil.getConfig(ACCESS_LOG_PATTERN, defaultAccessLogPattern);
valve.setPattern(logPattern);
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java
index b05db77e6..b6c2a94bb 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java
@@ -64,6 +64,19 @@ public class EmbeddedServerUtil {
return ret;
}
+ public static boolean getBooleanConfig(String key, boolean defaultValue) {
+ boolean ret = defaultValue;
+ String retStr = getConfig(key);
+ try {
+ if (retStr != null) {
+ ret = Boolean.parseBoolean(retStr);
+ }
+ } catch (Exception err) {
+ LOG.severe(retStr + " can't be parsed to int. Reason: " + err.toString());
+ }
+ return ret;
+ }
+
public static int getIntConfig(String key, int defaultValue) {
int ret = defaultValue;
String retStr = getConfig(key);
diff --git a/ranger-tools/scripts/README.txt b/ranger-tools/scripts/README.txt
index 81b5b6678..b9ffe635a 100644
--- a/ranger-tools/scripts/README.txt
+++ b/ranger-tools/scripts/README.txt
@@ -56,7 +56,7 @@ This file describes how to build, setup, configure and run the performance testi
Please review the contents of these files and modify to suit your profiling needs.
- Update conf/log4j.properties to specify the filename where perf run results will be written to. Property to update is 'log4j.appender.PERF.File'.
+ Update conf/logback.xml to specify the filename where perf run results will be written to. Property to update is 'log4j.appender.PERF.File'.
6. Run the tool with the following command
diff --git a/security-admin/scripts/changepasswordutil.py b/security-admin/scripts/changepasswordutil.py
index c9c4edcb6..e45dab643 100644
--- a/security-admin/scripts/changepasswordutil.py
+++ b/security-admin/scripts/changepasswordutil.py
@@ -111,7 +111,7 @@ def main(argv):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home)
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,
'ChangePasswordUtil','"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"')
if os_name == "LINUX":
ret = subprocess.call(shlex.split(get_java_cmd))
diff --git a/security-admin/scripts/changeusernameutil.py b/security-admin/scripts/changeusernameutil.py
index 45c0ef748..699f945f0 100644
--- a/security-admin/scripts/changeusernameutil.py
+++ b/security-admin/scripts/changeusernameutil.py
@@ -111,7 +111,7 @@ def main(argv):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home)
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'ChangeUserNameUtil',userName,oldPassword,newUserName)
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'ChangeUserNameUtil',userName,oldPassword,newUserName)
if os_name == "LINUX":
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index db6983e17..77598177c 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -484,13 +484,13 @@ class BaseDB(object):
if ranger_log_dir == "$PWD":
ranger_log_dir = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
- log4j_conf_file = globalDict['RANGER_ADMIN_LOG4J_CONF_FILE']
- if not log4j_conf_file:
- log4j_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "logback.xml")
+ logback_conf_file = globalDict['RANGER_ADMIN_LOGBACK_CONF_FILE']
+ if not logback_conf_file:
+ logback_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "classes", "conf", "logback.xml")
else:
- log4j_conf_file = "file:" + log4j_conf_file
+ logback_conf_file = "file:" + logback_conf_file
log("[I] RANGER ADMIN LOG DIR : " + ranger_log_dir, "info")
- log("[I] LOG4J CONF FILE : " + log4j_conf_file, "info")
+ log("[I] LOGBACK CONF FILE : " + logback_conf_file, "info")
if not os.path.exists(javaFiles):
log("[I] No java patches to apply!","info")
else:
@@ -559,7 +559,7 @@ class BaseDB(object):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log_dir,log4j_conf_file,os_user,client_host,path,className)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlogback.configurationFile=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log_dir,logback_conf_file,os_user,client_host,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -587,14 +587,14 @@ class BaseDB(object):
if ranger_log_dir == "$PWD":
ranger_log_dir = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
- log4j_conf_file = globalDict['RANGER_ADMIN_LOG4J_CONF_FILE']
- if not log4j_conf_file:
- log4j_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "logback.xml")
+ logback_conf_file = globalDict['RANGER_ADMIN_LOGBACK_CONF_FILE']
+ if not logback_conf_file:
+ logback_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "classes", "conf", "logback.xml")
else:
- log4j_conf_file = "file:" + log4j_conf_file
+ logback_conf_file = "file:" + logback_conf_file
log("[I] RANGER ADMIN LOG DIR : " + ranger_log_dir, "info")
- log("[I] LOG4J CONF FILE : " + log4j_conf_file, "info")
+ log("[I] LOGBACK CONF FILE : " + logback_conf_file, "info")
if os.path.exists(filePath):
if version != "":
output = self.execute_query(self.get_version_query(version,'Y'))
@@ -650,7 +650,7 @@ class BaseDB(object):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log_dir,log4j_conf_file,os_user,client_host,path,className,'"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"')
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log_dir,logback_conf_file,os_user,client_host,path,className,'"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"')
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -685,14 +685,14 @@ class BaseDB(object):
if ranger_log_dir == "$PWD":
ranger_log_dir = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
- log4j_conf_file = globalDict['RANGER_ADMIN_LOG4J_CONF_FILE']
- if not log4j_conf_file:
- log4j_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "logback.xml")
+ logback_conf_file = globalDict['RANGER_ADMIN_LOGBACK_CONF_FILE']
+ if not logback_conf_file:
+ logback_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "classes", "conf", "logback.xml")
else:
- log4j_conf_file = "file:" + log4j_conf_file
+ logback_conf_file = "file:" + logback_conf_file
log("[I] RANGER ADMIN LOG DIR : " + ranger_log_dir, "info")
- log("[I] LOG4J CONF FILE : " + log4j_conf_file, "info")
+ log("[I] LOGBACK CONF FILE : " + logback_conf_file, "info")
if os.path.exists(filePath):
if version != "":
output = self.execute_query(self.get_version_query(version,'Y'))
@@ -748,7 +748,7 @@ class BaseDB(object):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log_dir,log4j_conf_file,os_user,client_host,path,className, userPwdString)
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log_dir,logback_conf_file,os_user,client_host,path,className, userPwdString)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index f162e4fd7..b8e864e9a 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -243,7 +243,7 @@ sso_publickey=
# Custom log directory path
RANGER_ADMIN_LOG_DIR=$PWD
-RANGER_ADMIN_LOG4J_CONF_FILE=
+RANGER_ADMIN_LOGBACK_CONF_FILE=
# PID file path
RANGER_PID_DIR_PATH=/var/run/ranger
diff --git a/security-admin/scripts/rolebasedusersearchutil.py b/security-admin/scripts/rolebasedusersearchutil.py
index f9feddce2..612db33df 100644
--- a/security-admin/scripts/rolebasedusersearchutil.py
+++ b/security-admin/scripts/rolebasedusersearchutil.py
@@ -142,9 +142,9 @@ def main(argv):
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home)
if userRole != "" :
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password,userRole)
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password,userRole)
if userRole == "" :
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s "%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password)
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s "%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password)
if os_name == "LINUX":
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 4ca4e9d82..a27eaff8a 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -144,7 +144,7 @@ sso_enabled=$(get_prop 'sso_enabled' $PROPFILE)
sso_providerurl=$(get_prop 'sso_providerurl' $PROPFILE)
sso_publickey=$(get_prop 'sso_publickey' $PROPFILE)
RANGER_ADMIN_LOG_DIR=$(eval echo "$(get_prop 'RANGER_ADMIN_LOG_DIR' $PROPFILE)")
-RANGER_ADMIN_LOG4J_CONF_FILE=$(eval echo "$(get_prop 'RANGER_ADMIN_LOG4J_CONF_FILE' $PROPFILE)")
+RANGER_ADMIN_LOGBACK_CONF_FILE=$(eval echo "$(get_prop 'RANGER_ADMIN_LOGBACK_CONF_FILE' $PROPFILE)")
RANGER_PID_DIR_PATH=$(eval echo "$(get_prop 'RANGER_PID_DIR_PATH' $PROPFILE)")
spnego_principal=$(get_prop 'spnego_principal' $PROPFILE)
@@ -1518,12 +1518,12 @@ setup_install_files(){
fi
fi
- if [ -z "${RANGER_ADMIN_LOG4J_CONF_FILE}" ]; then
- RANGER_ADMIN_LOG4J_CONF_FILE=${WEBAPP_ROOT}/WEB-INF/logback.xml
+ if [ -z "${RANGER_ADMIN_LOGBACK_CONF_FILE}" ]; then
+ RANGER_ADMIN_LOGBACK_CONF_FILE=${WEBAPP_ROOT}/WEB-INF/classes/conf/logback.xml
fi
- echo "export RANGER_ADMIN_LOG4J_CONF_FILE=${RANGER_ADMIN_LOG4J_CONF_FILE}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-log4j-conf-file.sh
- chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-log4j-conf-file.sh
- log "[I] RANGER ADMIN LOG4J CONF FILE : ${RANGER_ADMIN_LOG4J_CONF_FILE}"
+ echo "export RANGER_ADMIN_LOGBACK_CONF_FILE=${RANGER_ADMIN_LOGBACK_CONF_FILE}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-logback-conf-file.sh
+ chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-logback-conf-file.sh
+ log "[I] RANGER ADMIN LOGBACK CONF FILE : ${RANGER_ADMIN_LOGBACK_CONF_FILE}"
if [ -z "${RANGER_ADMIN_LOG_DIR}" ] || [ ${RANGER_ADMIN_LOG_DIR} == ${XAPOLICYMGR_DIR} ]; then
RANGER_ADMIN_LOG_DIR=${XAPOLICYMGR_DIR}/ews/logs;
diff --git a/security-admin/scripts/updateUserAndGroupNamesInJson.py b/security-admin/scripts/updateUserAndGroupNamesInJson.py
index b115d2241..c40ec4406 100644
--- a/security-admin/scripts/updateUserAndGroupNamesInJson.py
+++ b/security-admin/scripts/updateUserAndGroupNamesInJson.py
@@ -81,7 +81,7 @@ def main(argv):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home)
- get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s"%(JAVA_BIN,ranger_log,path,'UpdateUserAndGroupNamesInJson')
+ get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s"%(JAVA_BIN,ranger_log,path,'UpdateUserAndGroupNamesInJson')
if os_name == "LINUX":
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index 90ac92a0e..39b9d1f81 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -667,8 +667,8 @@ def import_db ():
# with zipfile.ZipFile(war_file, "r") as z:
# z.extractall(WEBAPP_ROOT)
# log("Extract War file " + war_file + " to " + WEBAPP_ROOT + " DONE! ","info")
-# if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod")) :
-# shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml"))
+# if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "logback.xml.prod")) :
+# shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "logback.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "logback.xml"))
# def copy_mysql_connector():
# log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib ","info")
diff --git a/security-admin/src/main/webapp/WEB-INF/logback.xml b/security-admin/src/main/resources/conf.dist/logback.xml
similarity index 100%
rename from security-admin/src/main/webapp/WEB-INF/logback.xml
rename to security-admin/src/main/resources/conf.dist/logback.xml
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index e8544c681..bf72ff3b0 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -311,12 +311,27 @@
<property>
<name>ranger.accesslog.dateformat</name>
- <value>yyyy-MM-dd</value>
+ <value>-yyyy-MM-dd</value>
</property>
<property>
<name>ranger.accesslog.pattern</name>
- <value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</value>
+ <value>%h %l %u %t "%r" %s %b %D "%{Referer}i" "%{User-Agent}i"</value>
+ </property>
+
+ <property>
+ <name>ranger.accesslog.rotate.enabled</name>
+ <value>true</value>
+ </property>
+
+ <property>
+ <name>ranger.accesslog.rotate.max_days</name>
+ <value>15</value>
+ </property>
+
+ <property>
+ <name>ranger.accesslog.rotate.rename_on_rotate</name>
+ <value>15</value>
</property>
<property>
diff --git a/security-admin/src/main/webapp/WEB-INF/db_patch.logback.xml b/security-admin/src/main/webapp/WEB-INF/db_patch.logback.xml
new file mode 100644
index 000000000..deb3b0c59
--- /dev/null
+++ b/security-admin/src/main/webapp/WEB-INF/db_patch.logback.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <appender name="xa_log_appender" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logdir}/ranger_db_patch.log</file>
+ <encoder>
+ <pattern>%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logdir}/ranger_db_patch.log.%d{'.'yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ </appender>
+
+ <appender name="sql_appender" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logdir}/ranger_admin_sql_db_patch.log</file>
+ <encoder>
+ <pattern>%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logdir}/ranger_admin_sql_db_patch.log.%d{'.'yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ </appender>
+
+ <logger name="org.springframework" level="warn" additivity="false"/>
+ <logger name="org.hibernate.SQL" level="warn" additivity="false">
+ <appender-ref ref="sql_appender"/>
+ </logger>
+ <logger name="jdbc.sqlonly" level="fatal" additivity="false">
+ <appender-ref ref="sql_appender"/>
+ </logger>
+ <logger name="jdbc.sqltiming" level="warn" additivity="false">
+ <appender-ref ref="sql_appender"/>
+ </logger>
+ <logger name="jdbc.audit" level="fatal" additivity="false">
+ <appender-ref ref="sql_appender"/>
+ </logger>
+ <logger name="jdbc.resultset" level="fatal" additivity="false">
+ <appender-ref ref="sql_appender"/>
+ </logger>
+ <logger name="jdbc.connection" level="fatal" additivity="false">
+ <appender-ref ref="sql_appender"/>
+ </logger>
+ <logger name="org.apache.ranger" level="info" additivity="false">
+ <appender-ref ref="xa_log_appender"/>
+ </logger>
+ <logger name="xa" level="info" additivity="false">
+ <appender-ref ref="xa_log_appender"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="xa_log_appender"/>
+ </root>
+</configuration>
diff --git a/security-admin/src/test/resources/logback-test.xml b/security-admin/src/test/resources/logback-test.xml
new file mode 100644
index 000000000..aacad9620
--- /dev/null
+++ b/security-admin/src/test/resources/logback-test.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration>
+ <root level="warn">
+ </root>
+</configuration>
diff --git a/tagsync/scripts/setup.py b/tagsync/scripts/setup.py
index d11facaf8..6ac30565f 100755
--- a/tagsync/scripts/setup.py
+++ b/tagsync/scripts/setup.py
@@ -53,7 +53,7 @@ confDistBaseDirName = 'conf.dist'
outputFileName = 'ranger-tagsync-site.xml'
installPropFileName = 'install.properties'
-log4jFileName = 'logback.xml'
+logbackFileName = 'logback.xml'
install2xmlMapFileName = 'installprop2xml.properties'
templateFileName = 'ranger-tagsync-template.xml'
initdProgramName = 'ranger-tagsync'
@@ -363,7 +363,7 @@ def main():
if (not os.path.isdir(dir)):
os.makedirs(dir,0o755)
- defFileList = [ log4jFileName ]
+ defFileList = [ logbackFileName ]
for defFile in defFileList:
fn = join(confDistDirName, defFile)
if ( isfile(fn) ):
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index 708a2105a..1ddeb0ce8 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -57,7 +57,7 @@ defaultCertFileName = 'unixauthservice.jks'
outputFileName = 'ranger-ugsync-site.xml'
installPropFileName = 'install.properties'
defaultSiteXMLFileName = 'ranger-ugsync-default.xml'
-log4jFileName = 'logback.xml'
+logbackFileName = 'logback.xml'
install2xmlMapFileName = 'installprop2xml.properties'
templateFileName = 'ranger-ugsync-template.xml'
initdProgramName = 'ranger-usersync'
@@ -410,7 +410,7 @@ def main():
if (not os.path.isdir(dir)):
os.makedirs(dir, 0o750)
- defFileList = [defaultSiteXMLFileName, log4jFileName]
+ defFileList = [defaultSiteXMLFileName, logbackFileName]
for defFile in defFileList:
fn = join(confDistDirName, defFile)
if (isfile(fn)):