You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sr...@apache.org on 2016/06/02 00:09:10 UTC
ambari git commit: AMBARI-16890 Updating Ambari configs changes for
latest Ranger configs (Mugdha Varadkar via srimanth)
Repository: ambari
Updated Branches:
refs/heads/trunk f6cd388f2 -> e803e9605
AMBARI-16890 Updating Ambari configs changes for latest Ranger configs (Mugdha Varadkar via srimanth)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e803e960
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e803e960
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e803e960
Branch: refs/heads/trunk
Commit: e803e960527c94dcf74b4e81aa836e3e70ac1e06
Parents: f6cd388
Author: Srimanth Gunturi <sg...@hortonworks.com>
Authored: Wed Jun 1 17:08:48 2016 -0700
Committer: Srimanth Gunturi <sg...@hortonworks.com>
Committed: Wed Jun 1 17:08:48 2016 -0700
----------------------------------------------------------------------
.../RANGER/0.4.0/configuration/ranger-site.xml | 3 +
.../0.5.0/configuration/ranger-admin-site.xml | 10 ++++
.../0.6.0/configuration/ranger-admin-site.xml | 58 ++++++++++++++++++++
.../configuration/ranger-kms-audit.xml | 12 ++--
.../stacks/HDP/2.3/services/stack_advisor.py | 9 +++
.../stacks/HDP/2.3/upgrades/config-upgrade.xml | 6 ++
.../HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml | 4 ++
.../stacks/HDP/2.3/upgrades/upgrade-2.5.xml | 1 +
.../stacks/HDP/2.4/upgrades/config-upgrade.xml | 6 ++
.../HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml | 4 ++
.../stacks/HDP/2.4/upgrades/upgrade-2.5.xml | 1 +
.../stacks/HDP/2.5/services/stack_advisor.py | 14 ++++-
ambari-web/app/data/HDP2.3/site_properties.js | 9 ++-
13 files changed, 127 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
index 88af5db..d51265d 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
@@ -48,6 +48,9 @@
<description>The keystore pass to be used </description>
<on-ambari-upgrade add="false" change="true" delete="true"/>
<on-stack-upgrade add="true" change="true" delete="false"/>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
</property>
<property>
<name>https.attrib.keyAlias</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
index babf248..22ed674 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
@@ -533,6 +533,12 @@
</value-attributes>
<on-ambari-upgrade add="false" change="true" delete="true"/>
<on-stack-upgrade add="true" change="true" delete="false"/>
+ <depends-on>
+ <property>
+ <type>gateway-site</type>
+ <name>gateway.port</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.sso.publicKey</name>
@@ -564,6 +570,10 @@
<description/>
<on-ambari-upgrade add="false" change="true" delete="true"/>
<on-stack-upgrade add="true" change="true" delete="false"/>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
</property>
<property>
<name>ranger.sso.query.param.originalurl</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
index 60bd840..71dd5fe 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
@@ -170,4 +170,62 @@
<on-ambari-upgrade add="false" change="true" delete="true"/>
<on-stack-upgrade add="true" change="true" delete="false"/>
</property>
+ <property>
+ <name>ranger.sso.cookiename</name>
+ <deleted>true</deleted>
+ </property>
+
+ <property>
+ <name>ranger.sso.query.param.originalurl</name>
+ <deleted>true</deleted>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.user.searchfilter</name>
+ <value>(sAMAccountName={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ </property>
+
+ <property>
+ <name>ranger.ldap.user.searchfilter</name>
+ <display-name>User Search Filter</display-name>
+ <value>(uid={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ </property>
+
+ <property>
+ <name>ranger.kms.service.user.hdfs</name>
+ <value></value>
+ <description></description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ </property>
+
+ <property>
+ <name>ranger.kms.service.user.hive</name>
+ <value></value>
+ <description></description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ </property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
index d412cd4..a7c1b65 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
@@ -91,12 +91,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <depends-on>
- <property>
- <type>core-site</type>
- <name>fs.defaultFS</name>
- </property>
- </depends-on>
<on-ambari-upgrade add="false" change="true" delete="true"/>
<on-stack-upgrade add="true" change="true" delete="false"/>
</property>
@@ -106,6 +100,12 @@
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
<on-ambari-upgrade add="false" change="true" delete="true"/>
<on-stack-upgrade add="true" change="true" delete="false"/>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index 0093c1a..36fe066 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -586,6 +586,15 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
ranger_audit_source_type = 'db'
putRangerAdminProperty('ranger.audit.source.type',ranger_audit_source_type)
+ knox_host = 'localhost'
+ knox_port = '8443'
+ if 'KNOX' in servicesList:
+ knox_hosts = self.getComponentHostNames(services, "KNOX", "KNOX_GATEWAY")
+ knox_host = knox_hosts[0]
+ if 'gateway-site' in services['configurations'] and 'gateway.port' in services['configurations']["gateway-site"]["properties"]:
+ knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port']
+ putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port))
+
def recommendYARNConfigurations(self, configurations, clusterData, services, hosts):
super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts)
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
index 1130d9a..c72070b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
@@ -262,6 +262,12 @@
<transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.credential.alias" />
<transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.dialect" />
</definition>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property">
+ <type>ranger-admin-site</type>
+ <transfer operation="delete" delete-key="ranger.sso.cookiename" />
+ <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" />
+ </definition>
</changes>
</component>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
index c7d8b30..0a1bb40 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
@@ -370,6 +370,10 @@
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site"/>
</execute-stage>
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/>
+ </execute-stage>
+
<!-- RANGER KMS -->
<execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS Server">
<task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_kms_audit_db"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
index e39f413..a3a3c7d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
@@ -445,6 +445,7 @@
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_flag" />
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties" />
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site" />
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property" />
<task xsi:type="execute" hosts="any" sequential="true" summary="Upgrading Ranger database schema">
<script>scripts/ranger_admin.py</script>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
index 39fb9a6..60cac05 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
@@ -120,6 +120,12 @@
<transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.credential.alias" />
<transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.dialect" />
</definition>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property">
+ <type>ranger-admin-site</type>
+ <transfer operation="delete" delete-key="ranger.sso.cookiename" />
+ <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" />
+ </definition>
</changes>
</component>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
index 47e849c..0f3bff4 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
@@ -309,6 +309,10 @@
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site"/>
</execute-stage>
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/>
+ </execute-stage>
+
<!-- HDFS -->
<execute-stage service="HDFS" component="NAMENODE" title="Apply config changes for Hdfs Namenode">
<task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_hdfs_audit_db"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
index 644ca87..cadb3c7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
@@ -440,6 +440,7 @@
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_flag" />
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties" />
<task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site" />
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property" />
<task xsi:type="execute" hosts="any" sequential="true" summary="Upgrading Ranger database schema">
<script>scripts/ranger_admin.py</script>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index 613004d..413a2f7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -1218,7 +1218,7 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
{'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'},
{'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'},
{'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'},
- {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-site'}
+ {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-audit'}
]
for item in range(len(ranger_services)):
@@ -1239,6 +1239,18 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
+ if "HDFS" in servicesList:
+ hdfs_user = None
+ if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]:
+ hdfs_user = services["configurations"]["hadoop-env"]["properties"]["hdfs_user"]
+ putRangerAdminProperty('ranger.kms.service.user.hdfs', hdfs_user)
+
+ if "HIVE" in servicesList:
+ hive_user = None
+ if "hive-env" in services["configurations"] and "hive_user" in services["configurations"]["hive-env"]["properties"]:
+ hive_user = services["configurations"]["hive-env"]["properties"]["hive_user"]
+ putRangerAdminProperty('ranger.kms.service.user.hive', hive_user)
+
def validateRangerTagsyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
ranger_tagsync_properties = getSiteProperties(configurations, "ranger-tagsync-site")
validationItems = []
http://git-wip-us.apache.org/repos/asf/ambari/blob/e803e960/ambari-web/app/data/HDP2.3/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js
index e04d060..9ae68df 100644
--- a/ambari-web/app/data/HDP2.3/site_properties.js
+++ b/ambari-web/app/data/HDP2.3/site_properties.js
@@ -194,13 +194,15 @@ hdp23properties.push({
"name": "ranger.sso.providerurl",
"serviceName": "RANGER",
"filename": "ranger-admin-site.xml",
- "category": "KnoxSSOSettings"
+ "category": "KnoxSSOSettings",
+ "index": 2
},
{
"name": "ranger.sso.publicKey",
"serviceName": "RANGER",
"filename": "ranger-admin-site.xml",
- "category": "KnoxSSOSettings"
+ "category": "KnoxSSOSettings",
+ "index": 3
},
{
"name": "ranger.sso.cookiename",
@@ -212,7 +214,8 @@ hdp23properties.push({
"name": "ranger.sso.enabled",
"serviceName": "RANGER",
"filename": "ranger-admin-site.xml",
- "category": "KnoxSSOSettings"
+ "category": "KnoxSSOSettings",
+ "index": 1
},
{
"name": "ranger.sso.query.param.originalurl",