You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mu...@apache.org on 2017/01/17 12:45:41 UTC
[1/4] ambari git commit: AMBARI-19044 Install & configure Ranger
plugin components independently of Ranger admin components (mugdha)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 ac92188b7 -> 7edd6df94
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
index 5672f04..21658e7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
@@ -23,12 +23,12 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/storm-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/storm-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-security.xml
index f3d7530..8a3dd2e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-security.xml
@@ -23,6 +23,6 @@
<name>ranger.plugin.storm.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/storm-client/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index 2ad35a2..afe9fea 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -1978,6 +1978,13 @@ yarn.scheduler.capacity.root.{0}.maximum-am-resource-percent=1""".format(llap_qu
putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs',xasecure_audit_destination_hdfs)
putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs.dir',xasecure_audit_destination_hdfs_dir)
putAtlasRangerAuditProperty('xasecure.audit.destination.solr',xasecure_audit_destination_solr)
+ required_services = [
+ {'service_name': 'ATLAS', 'config_type': 'ranger-atlas-security'}
+ ]
+
+ # recommendation for ranger url for ranger-supported plugins
+ self.recommendRangerUrlConfigurations(configurations, services, required_services)
+
def validateRangerTagsyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
ranger_tagsync_properties = properties
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 44d52cf..efc1a6e 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -282,6 +282,7 @@ public class UpgradeCatalog250Test {
Method updateTEZInteractiveConfigs = UpgradeCatalog250.class.getDeclaredMethod("updateTEZInteractiveConfigs");
Method updateLogSearchConfigs = UpgradeCatalog250.class.getDeclaredMethod("updateLogSearchConfigs");
Method updateAmbariInfraConfigs = UpgradeCatalog250.class.getDeclaredMethod("updateAmbariInfraConfigs");
+ Method updateRangerUrlConfigs = UpgradeCatalog250.class.getDeclaredMethod("updateRangerUrlConfigs");
Method addManageServiceAutoStartPermissions = UpgradeCatalog250.class.getDeclaredMethod("addManageServiceAutoStartPermissions");
UpgradeCatalog250 upgradeCatalog250 = createMockBuilder(UpgradeCatalog250.class)
@@ -296,6 +297,7 @@ public class UpgradeCatalog250Test {
.addMockedMethod(updateLogSearchConfigs)
.addMockedMethod(updateAmbariInfraConfigs)
.addMockedMethod(addNewConfigurationsFromXml)
+ .addMockedMethod(updateRangerUrlConfigs)
.addMockedMethod(addManageServiceAutoStartPermissions)
.createMock();
@@ -333,6 +335,9 @@ public class UpgradeCatalog250Test {
upgradeCatalog250.updateAmbariInfraConfigs();
expectLastCall().once();
+ upgradeCatalog250.updateRangerUrlConfigs();
+ expectLastCall().once();
+
upgradeCatalog250.addManageServiceAutoStartPermissions();
expectLastCall().once();
@@ -1134,4 +1139,109 @@ public class UpgradeCatalog250Test {
Assert.assertTrue(clusterAdministratorAuthorizations.contains(clusterRunCustomCommandEntity));
}
+ @Test
+ public void testUpdateRangerUrlConfigs() throws Exception {
+ Map<String, String> oldHdfsProperties = new HashMap<String, String>();
+ Map<String, String> newHdfsProperties = new HashMap<String, String>();
+ oldHdfsProperties.put("ranger.plugin.hdfs.policy.rest.url", "{{policymgr_mgr_url}}");
+ newHdfsProperties.put("ranger.plugin.hdfs.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldHdfsProperties, newHdfsProperties, "ranger-hdfs-security");
+
+ Map<String, String> oldHiveProperties = new HashMap<String, String>();
+ Map<String, String> newHiveProperties = new HashMap<String, String>();
+ oldHiveProperties.put("ranger.plugin.hive.policy.rest.url", "{{policymgr_mgr_url}}");
+ newHiveProperties.put("ranger.plugin.hive.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldHiveProperties, newHiveProperties, "ranger-hive-security");
+
+ Map<String, String> oldHbaseProperties = new HashMap<String, String>();
+ Map<String, String> newHbaseProperties = new HashMap<String, String>();
+ oldHbaseProperties.put("ranger.plugin.hbase.policy.rest.url", "{{policymgr_mgr_url}}");
+ newHbaseProperties.put("ranger.plugin.hbase.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldHbaseProperties, newHbaseProperties, "ranger-hbase-security");
+
+ Map<String, String> oldKnoxProperties = new HashMap<String, String>();
+ Map<String, String> newKnoxProperties = new HashMap<String, String>();
+ oldKnoxProperties.put("ranger.plugin.knox.policy.rest.url", "{{policymgr_mgr_url}}");
+ newKnoxProperties.put("ranger.plugin.knox.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldKnoxProperties, newKnoxProperties, "ranger-knox-security");
+
+ Map<String, String> oldStormProperties = new HashMap<String, String>();
+ Map<String, String> newStormProperties = new HashMap<String, String>();
+ oldStormProperties.put("ranger.plugin.storm.policy.rest.url", "{{policymgr_mgr_url}}");
+ newStormProperties.put("ranger.plugin.storm.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldStormProperties, newStormProperties, "ranger-storm-security");
+
+ Map<String, String> oldYarnProperties = new HashMap<String, String>();
+ Map<String, String> newYarnProperties = new HashMap<String, String>();
+ oldYarnProperties.put("ranger.plugin.yarn.policy.rest.url", "{{policymgr_mgr_url}}");
+ newYarnProperties.put("ranger.plugin.yarn.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldYarnProperties, newYarnProperties, "ranger-yarn-security");
+
+ Map<String, String> oldKafkaProperties = new HashMap<String, String>();
+ Map<String, String> newKafkaProperties = new HashMap<String, String>();
+ oldKafkaProperties.put("ranger.plugin.kafka.policy.rest.url", "{{policymgr_mgr_url}}");
+ newKafkaProperties.put("ranger.plugin.kafka.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldKafkaProperties, newKafkaProperties, "ranger-kafka-security");
+
+ Map<String, String> oldAtlasProperties = new HashMap<String, String>();
+ Map<String, String> newAtlasProperties = new HashMap<String, String>();
+ oldAtlasProperties.put("ranger.plugin.atlas.policy.rest.url", "{{policymgr_mgr_url}}");
+ newAtlasProperties.put("ranger.plugin.atlas.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldAtlasProperties, newAtlasProperties, "ranger-atlas-security");
+
+ Map<String, String> oldKmsProperties = new HashMap<String, String>();
+ Map<String, String> newKmsProperties = new HashMap<String, String>();
+ oldKmsProperties.put("ranger.plugin.kms.policy.rest.url", "{{policymgr_mgr_url}}");
+ newKmsProperties.put("ranger.plugin.kms.policy.rest.url", "http://localhost:6080");
+ testUpdateRangerUrl(oldKmsProperties, newKmsProperties, "ranger-kms-security");
+ }
+
+ public void testUpdateRangerUrl(Map<String, String> oldProperties, Map<String, String> newProperties, String configType) throws Exception {
+ Map<String, String> adminProperties = new HashMap<String, String>() {
+ {
+ put("policymgr_external_url", "http://localhost:6080");
+ }
+ };
+
+ EasyMockSupport easyMockSupport = new EasyMockSupport();
+
+ reset(clusters, cluster);
+
+ expect(clusters.getClusters()).andReturn(new HashMap<String, Cluster>() {{
+ put("normal", cluster);
+ }}).once();
+
+ Config mockRangerPluginConfig = easyMockSupport.createNiceMock(Config.class);
+ Config mockRangerAdminProperties = easyMockSupport.createNiceMock(Config.class);
+
+ expect(cluster.getDesiredConfigByType("admin-properties")).andReturn(mockRangerAdminProperties).anyTimes();
+ expect(mockRangerAdminProperties.getProperties()).andReturn(adminProperties).anyTimes();
+
+ expect(cluster.getDesiredConfigByType(configType)).andReturn(mockRangerPluginConfig).anyTimes();
+ expect(mockRangerPluginConfig.getProperties()).andReturn(oldProperties).anyTimes();
+
+ replay(clusters, mockRangerPluginConfig, mockRangerAdminProperties, cluster);
+
+ AmbariManagementControllerImpl controller = createMockBuilder(AmbariManagementControllerImpl.class)
+ .addMockedMethod("createConfiguration")
+ .addMockedMethod("getClusters", new Class[] { })
+ .addMockedMethod("createConfig")
+ .withConstructor(actionManager, clusters, injector)
+ .createNiceMock();
+
+ Injector injector2 = easyMockSupport.createNiceMock(Injector.class);
+ Capture<Map<String, String>> propertiesCapture = EasyMock.newCapture();
+
+ expect(injector2.getInstance(AmbariManagementController.class)).andReturn(controller).anyTimes();
+ expect(controller.getClusters()).andReturn(clusters).anyTimes();
+ expect(controller.createConfig(anyObject(Cluster.class), anyString(), capture(propertiesCapture), anyString(),
+ EasyMock.<Map<String, Map<String, String>>>anyObject())).andReturn(config).once();
+
+ replay(controller, injector2);
+ new UpgradeCatalog250(injector2).updateRangerUrlConfigs();
+ easyMockSupport.verifyAll();
+
+ Map<String, String> updatedProperties = propertiesCapture.getValue();
+ assertTrue(Maps.difference(newProperties, updatedProperties).areEqual());
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/altfs_plus_hdfs.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/altfs_plus_hdfs.json b/ambari-server/src/test/python/stacks/2.0.6/configs/altfs_plus_hdfs.json
index 99d2251..ea00a37 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/altfs_plus_hdfs.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/altfs_plus_hdfs.json
@@ -380,10 +380,10 @@
"hive.optimize.mapjoin.mapreduce": "true"
},
"ranger-hive-plugin-properties": {
- "ranger-hive-plugin-enabled":"yes"
+ "ranger-hive-plugin-enabled":"No"
},
"ranger-knox-plugin-properties": {
- "ranger-knox-plugin-enabled":"yes"
+ "ranger-knox-plugin-enabled":"No"
},
"yarn-site": {
"yarn.nodemanager.disk-health-checker.min-healthy-disks": "0.25",
@@ -626,7 +626,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
index 849b737..2a27eca 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
@@ -534,6 +534,9 @@
"yarn.http.policy": "HTTP_ONLY",
"yarn.resourcemanager.webapp.https.address": "c6402.ambari.apache.org:8090"
},
+ "ranger-yarn-plugin-properties": {
+ "ranger-yarn-plugin-enabled": "No"
+ },
"tez-site": {
"tez.am.log.level": "WARN",
"tez.lib.uris": "hdfs:///apps/tez/,hdfs:///apps/tez/lib/",
@@ -582,7 +585,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"ranger-env": {
"xml_configurations_supported" : "false"
@@ -750,7 +754,7 @@
"XAAUDIT.HDFS.IS_ENABLED": "false",
"SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
"XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
- "ranger-hbase-plugin-enabled": "Yes",
+ "ranger-hbase-plugin-enabled": "No",
"REPOSITORY_NAME": "{{repo_name}}",
"SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
"XAAUDIT.DB.IS_ENABLED": "true",
@@ -791,7 +795,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default_client.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default_client.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default_client.json
index 5659ba6..8c17e86 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default_client.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default_client.json
@@ -532,7 +532,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"hbase-env": {
"hbase_pid_dir": "/var/run/hbase",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha.json
index 2b92cca..009ff6d 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha.json
@@ -317,7 +317,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"cluster-env": {
"managed_hdfs_resource_property_names": "",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha_2.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha_2.json
index acac36f..2b078c3 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha_2.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_nn_ha_2.json
@@ -319,7 +319,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"cluster-env": {
"managed_hdfs_resource_property_names": "",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_non_hdfs.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_non_hdfs.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_non_hdfs.json
index a02a874..571b737 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_non_hdfs.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default_hive_non_hdfs.json
@@ -569,7 +569,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"ranger-env": {
"xml_configurations_supported" : "false"
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default_no_install.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default_no_install.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default_no_install.json
index 73c49a1..7fdb449 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default_no_install.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default_no_install.json
@@ -542,7 +542,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"cluster-env": {
"managed_hdfs_resource_property_names": "",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/default_with_bucket.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default_with_bucket.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default_with_bucket.json
index a0e7e9d..5080d30 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default_with_bucket.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default_with_bucket.json
@@ -742,7 +742,7 @@
"XAAUDIT.HDFS.IS_ENABLED": "false",
"SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
"XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
- "ranger-hbase-plugin-enabled": "Yes",
+ "ranger-hbase-plugin-enabled": "No",
"REPOSITORY_NAME": "{{repo_name}}",
"SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
"XAAUDIT.DB.IS_ENABLED": "true",
@@ -783,7 +783,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_active_node.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_active_node.json b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_active_node.json
index 0e666ba..841dfda 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_active_node.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_active_node.json
@@ -506,7 +506,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node.json b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node.json
index baec1fa..96f4d9d 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node.json
@@ -506,7 +506,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start.json b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start.json
index 61b9fe0..de2742f 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start.json
@@ -507,7 +507,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start_dfs_nameservices.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start_dfs_nameservices.json b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start_dfs_nameservices.json
index 6b57397..ba0fa8f 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start_dfs_nameservices.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_bootstrap_standby_node_initial_start_dfs_nameservices.json
@@ -507,7 +507,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/ha_default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_default.json b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_default.json
index 1cdb982..888886e 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_default.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_default.json
@@ -234,7 +234,7 @@
"hadoop.security.auth_to_local": "\n RULE:[2:$1@$0]([rn]m@.*)s/.*/yarn/\n RULE:[2:$1@$0](jhs@.*)s/.*/mapred/\n RULE:[2:$1@$0]([nd]n@.*)s/.*/hdfs/\n RULE:[2:$1@$0](hm@.*)s/.*/hbase/\n RULE:[2:$1@$0](rs@.*)s/.*/hbase/\n DEFAULT"
},
"ranger-hdfs-plugin-properties" : {
- "ranger-hdfs-plugin-enabled":"yes"
+ "ranger-hdfs-plugin-enabled":"No"
},
"hdfs-log4j": {
"log4j.appender.DRFA.layout": "org.apache.log4j.PatternLayout",
@@ -508,7 +508,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/ha_secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_secured.json b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_secured.json
index 15902af..f06fae3 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/ha_secured.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/ha_secured.json
@@ -526,7 +526,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-2.2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-2.2.json b/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-2.2.json
index e6a8676..c5ffcc9 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-2.2.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-2.2.json
@@ -538,7 +538,7 @@
"hbase_java_io_tmpdir" : "/tmp"
},
"ranger-hbase-plugin-properties": {
- "ranger-hbase-plugin-enabled":"yes"
+ "ranger-hbase-plugin-enabled":"No"
},
"ganglia-env": {
"gmond_user": "nobody",
@@ -583,7 +583,7 @@
"XAAUDIT.HDFS.IS_ENABLED": "false",
"SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
"XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
- "ranger-hbase-plugin-enabled": "Yes",
+ "ranger-hbase-plugin-enabled": "No",
"REPOSITORY_NAME": "{{repo_name}}",
"SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
"XAAUDIT.DB.IS_ENABLED": "true",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2-phoenix.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2-phoenix.json b/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2-phoenix.json
index b1d603b..114bdff 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2-phoenix.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2-phoenix.json
@@ -539,7 +539,7 @@
"hbase_java_io_tmpdir" : "/tmp"
},
"ranger-hbase-plugin-properties": {
- "ranger-hbase-plugin-enabled":"yes"
+ "ranger-hbase-plugin-enabled":"No"
},
"ganglia-env": {
"gmond_user": "nobody",
@@ -584,7 +584,7 @@
"XAAUDIT.HDFS.IS_ENABLED": "false",
"SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
"XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
- "ranger-hbase-plugin-enabled": "Yes",
+ "ranger-hbase-plugin-enabled": "No",
"REPOSITORY_NAME": "{{repo_name}}",
"SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
"XAAUDIT.DB.IS_ENABLED": "true",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2.json b/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2.json
index 435291a..d82ca99 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/hbase-rs-2.2.json
@@ -538,7 +538,7 @@
"hbase_java_io_tmpdir" : "/tmp"
},
"ranger-hbase-plugin-properties": {
- "ranger-hbase-plugin-enabled":"yes"
+ "ranger-hbase-plugin-enabled":"No"
},
"ganglia-env": {
"gmond_user": "nobody",
@@ -583,7 +583,7 @@
"XAAUDIT.HDFS.IS_ENABLED": "false",
"SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
"XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
- "ranger-hbase-plugin-enabled": "Yes",
+ "ranger-hbase-plugin-enabled": "No",
"REPOSITORY_NAME": "{{repo_name}}",
"SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
"XAAUDIT.DB.IS_ENABLED": "true",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/nn_ru_lzo.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/nn_ru_lzo.json b/ambari-server/src/test/python/stacks/2.0.6/configs/nn_ru_lzo.json
index 9f0c236..f4b8a70 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/nn_ru_lzo.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/nn_ru_lzo.json
@@ -183,7 +183,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
index 3367e1b..5327865 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
@@ -387,7 +387,7 @@
"ipc.client.connection.maxidletime": "30000"
},
"ranger-hdfs-plugin-properties" : {
- "ranger-hdfs-plugin-enabled":"yes"
+ "ranger-hdfs-plugin-enabled":"No"
},
"ranger-hive-plugin-properties": {
"XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS": "900",
@@ -592,6 +592,9 @@
"yarn.http.policy": "HTTP_ONLY",
"yarn.resourcemanager.webapp.https.address": "c6402.ambari.apache.org:8090"
},
+ "ranger-yarn-plugin-properties" : {
+ "ranger-yarn-plugin-enabled":"No"
+ },
"yarn-env": {
"yarn_pid_dir_prefix": "/var/run/hadoop-yarn",
"apptimelineserver_heapsize": "1024",
@@ -649,7 +652,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"hbase-env": {
"hbase_pid_dir": "/var/run/hbase",
@@ -771,7 +775,7 @@
"XAAUDIT.HDFS.IS_ENABLED": "false",
"SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
"XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
- "ranger-hbase-plugin-enabled": "Yes",
+ "ranger-hbase-plugin-enabled": "No",
"REPOSITORY_NAME": "{{repo_name}}",
"SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
"XAAUDIT.DB.IS_ENABLED": "true",
@@ -812,7 +816,7 @@
"XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"hadoop.rpc.protection": "-",
- "ranger-hdfs-plugin-enabled": "Yes",
+ "ranger-hdfs-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"policy_user": "ambari-qa",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.0.6/configs/secured_client.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/secured_client.json b/ambari-server/src/test/python/stacks/2.0.6/configs/secured_client.json
index 699c1f5..bf4ff12 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/secured_client.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/secured_client.json
@@ -585,7 +585,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"hbase-env": {
"hbase_pid_dir": "/var/run/hbase",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json b/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json
index 92a7516..27cb63e 100644
--- a/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json
+++ b/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json
@@ -235,7 +235,7 @@
"XAAUDIT.DB.DATABASE_NAME": "{{xa_audit_db_name}}",
"XAAUDIT.DB.HOSTNAME": "{{xa_db_host}}",
"XAAUDIT.SOLR.IS_ENABLED": "false",
- "ranger-storm-plugin-enabled": "Yes",
+ "ranger-storm-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"XAAUDIT.DB.USER_NAME": "{{xa_audit_db_user}}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.1/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/configs/default.json b/ambari-server/src/test/python/stacks/2.1/configs/default.json
index 6ee7612..e04e1eb 100644
--- a/ambari-server/src/test/python/stacks/2.1/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.1/configs/default.json
@@ -254,7 +254,7 @@
"XAAUDIT.DB.DATABASE_NAME": "{{xa_audit_db_name}}",
"XAAUDIT.DB.HOSTNAME": "{{xa_db_host}}",
"XAAUDIT.SOLR.IS_ENABLED": "false",
- "ranger-storm-plugin-enabled": "Yes",
+ "ranger-storm-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"XAAUDIT.DB.USER_NAME": "{{xa_audit_db_user}}",
@@ -649,7 +649,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"hbase-env": {
"hbase_pid_dir": "/var/run/hbase",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json b/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json
index 9bd239c..1b027b7 100644
--- a/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json
+++ b/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json
@@ -246,7 +246,7 @@
"XAAUDIT.DB.DATABASE_NAME": "{{xa_audit_db_name}}",
"XAAUDIT.DB.HOSTNAME": "{{xa_db_host}}",
"XAAUDIT.SOLR.IS_ENABLED": "false",
- "ranger-storm-plugin-enabled": "Yes",
+ "ranger-storm-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"XAAUDIT.DB.USER_NAME": "{{xa_audit_db_user}}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.1/configs/secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/configs/secured.json b/ambari-server/src/test/python/stacks/2.1/configs/secured.json
index 0e4bfc3..61b359c 100644
--- a/ambari-server/src/test/python/stacks/2.1/configs/secured.json
+++ b/ambari-server/src/test/python/stacks/2.1/configs/secured.json
@@ -102,7 +102,7 @@
"XAAUDIT.DB.DATABASE_NAME": "{{xa_audit_db_name}}",
"XAAUDIT.DB.HOSTNAME": "{{xa_db_host}}",
"XAAUDIT.SOLR.IS_ENABLED": "false",
- "ranger-storm-plugin-enabled": "Yes",
+ "ranger-storm-plugin-enabled": "No",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
"XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
"XAAUDIT.DB.USER_NAME": "{{xa_audit_db_user}}",
@@ -640,7 +640,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"hbase-env": {
"hbase_pid_dir": "/var/run/hbase",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index 8f44e16..0a80703 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -3656,7 +3656,18 @@ class TestHDP22StackAdvisor(TestCase):
}
]
- res = self.stackAdvisor.validateHiveConfigurationsEnv(properties, {}, configurations, {}, {})
+ services = {
+ "services":
+ [
+ {
+ "StackServices": {
+ "service_name" : "RANGER"
+ }
+ }
+ ]
+ }
+
+ res = self.stackAdvisor.validateHiveConfigurationsEnv(properties, {}, configurations, services, {})
self.assertEquals(res, res_expected)
# 2) fail: hive_security_authorization=Ranger but ranger plugin is disabled in ranger-env
@@ -3674,6 +3685,14 @@ class TestHDP22StackAdvisor(TestCase):
}
}
services = {
+ "services":
+ [
+ {
+ "StackServices": {
+ "service_name" : "RANGER"
+ }
+ }
+ ],
"configurations": configurations
}
res_expected = []
@@ -3944,6 +3963,14 @@ class TestHDP22StackAdvisor(TestCase):
}
}
services = {
+ "services":
+ [
+ {
+ "StackServices": {
+ "service_name" : "RANGER"
+ }
+ }
+ ],
"configurations": configurations
}
res_expected = []
@@ -3980,6 +4007,14 @@ class TestHDP22StackAdvisor(TestCase):
}
}
services = {
+ "services":
+ [
+ {
+ "StackServices": {
+ "service_name" : "RANGER"
+ }
+ }
+ ],
"configurations": configurations
}
res_expected = []
@@ -4016,6 +4051,14 @@ class TestHDP22StackAdvisor(TestCase):
}
}
services = {
+ "services":
+ [
+ {
+ "StackServices": {
+ "service_name" : "RANGER"
+ }
+ }
+ ],
"configurations": configurations
}
res_expected = []
@@ -4052,6 +4095,14 @@ class TestHDP22StackAdvisor(TestCase):
}
}
services = {
+ "services":
+ [
+ {
+ "StackServices": {
+ "service_name" : "RANGER"
+ }
+ }
+ ],
"configurations": configurations
}
res_expected = []
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.2/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/default.json b/ambari-server/src/test/python/stacks/2.2/configs/default.json
index 7583e27..bcb021b 100644
--- a/ambari-server/src/test/python/stacks/2.2/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.2/configs/default.json
@@ -211,7 +211,7 @@
"XAAUDIT.DB.HOSTNAME": "{{xa_db_host}}",
"XAAUDIT.SOLR.IS_ENABLED": "false",
"SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
- "ranger-knox-plugin-enabled": "Yes",
+ "ranger-knox-plugin-enabled": "No",
"XAAUDIT.DB.USER_NAME": "{{xa_audit_db_user}}",
"policy_user": "ambari-qa",
"XAAUDIT.HDFS.DESTINTATION_FILE": "%hostname%-audit.log",
@@ -333,10 +333,10 @@
"log.retention.hours": "168"
},
"ranger-hbase-plugin-properties": {
- "ranger-hbase-plugin-enabled":"yes"
+ "ranger-hbase-plugin-enabled":"No"
},
"ranger-hive-plugin-properties": {
- "ranger-hive-plugin-enabled":"yes"
+ "ranger-hive-plugin-enabled":"No"
},
"accumulo-env": {
"accumulo_user": "accumulo",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.2/configs/hive-upgrade.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/hive-upgrade.json b/ambari-server/src/test/python/stacks/2.2/configs/hive-upgrade.json
index cb476d3..7a29ea0 100644
--- a/ambari-server/src/test/python/stacks/2.2/configs/hive-upgrade.json
+++ b/ambari-server/src/test/python/stacks/2.2/configs/hive-upgrade.json
@@ -500,7 +500,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"webhcat-site": {
"templeton.pig.path": "pig.tar.gz/pig/bin/pig",
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
index a9b3c24..b2438d9 100644
--- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
@@ -1556,7 +1556,8 @@ class TestHDP23StackAdvisor(TestCase):
'properties': {
'ranger-storm-plugin-enabled': 'No',
}
- }
+ },
+ 'ranger-knox-security': {'properties': {}}
}
recommendedConfigurations = {}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.5/configs/hsi_default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/hsi_default.json b/ambari-server/src/test/python/stacks/2.5/configs/hsi_default.json
index ffdd5e9..6531750 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/hsi_default.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/hsi_default.json
@@ -618,7 +618,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"ranger-env": {
"xml_configurations_supported" : "false"
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/test/python/stacks/2.5/configs/hsi_ha.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/hsi_ha.json b/ambari-server/src/test/python/stacks/2.5/configs/hsi_ha.json
index def0e54..10d1d99 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/hsi_ha.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/hsi_ha.json
@@ -617,7 +617,8 @@
"hive_log_dir": "/var/log/hive",
"hive_user": "hive",
"hcat_log_dir": "/var/log/webhcat",
- "hive_database": "New MySQL Database"
+ "hive_database": "New MySQL Database",
+ "hive_security_authorization": "None"
},
"ranger-env": {
"xml_configurations_supported" : "false"
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-web/app/controllers/main/service/info/configs.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/main/service/info/configs.js b/ambari-web/app/controllers/main/service/info/configs.js
index e718835..d2e3a89 100644
--- a/ambari-web/app/controllers/main/service/info/configs.js
+++ b/ambari-web/app/controllers/main/service/info/configs.js
@@ -515,12 +515,12 @@ App.MainServiceInfoConfigsController = Em.Controller.extend(App.AddSecurityConfi
var selectedService = this.get('stepConfigs').findProperty('serviceName', this.get('content.serviceName'));
this.set('selectedService', selectedService);
this.checkOverrideProperty(selectedService);
- if (App.Service.find().someProperty('serviceName', 'RANGER')) {
+ /* if (App.Service.find().someProperty('serviceName', 'RANGER')) {
App.router.get('mainServiceInfoSummaryController').updateRangerPluginsStatus();
this.setVisibilityForRangerProperties(selectedService);
} else {
App.config.removeRangerConfigs(this.get('stepConfigs'));
- }
+ } */
this.loadConfigRecommendations(null, this._onLoadComplete.bind(this));
App.loadTimer.finish('Service Configs Page');
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-web/app/controllers/wizard/step7_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/wizard/step7_controller.js b/ambari-web/app/controllers/wizard/step7_controller.js
index f6cc93b..59d6d39 100644
--- a/ambari-web/app/controllers/wizard/step7_controller.js
+++ b/ambari-web/app/controllers/wizard/step7_controller.js
@@ -535,10 +535,10 @@ App.WizardStep7Controller = Em.Controller.extend(App.ServerValidatorMixin, App.E
this.set('stepConfigs', serviceConfigs);
this.checkHostOverrideInstaller();
this.selectProperService();
- var rangerService = App.StackService.find().findProperty('serviceName', 'RANGER');
+ /* var rangerService = App.StackService.find().findProperty('serviceName', 'RANGER');
if (rangerService && !rangerService.get('isInstalled') && !rangerService.get('isSelected')) {
App.config.removeRangerConfigs(this.get('stepConfigs'));
- }
+ } */
console.timeEnd('applyServicesConfigs execution time: ');
console.time('loadConfigRecommendations execution time: ');
this.loadConfigRecommendations(null, this.completeConfigLoading.bind(this));
[3/4] ambari git commit: AMBARI-19044 Install & configure Ranger
plugin components independently of Ranger admin components (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-audit.xml
index b4c0790..5257549 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-audit.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/kafka/audit/db/spool</value>
<description>/var/log/kafka/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/kafka/audit/hdfs/spool</value>
<description>/var/log/kafka/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/kafka/audit/solr/spool</value>
<description>/var/log/kafka/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-plugin-properties.xml
index 3949402..7f594a0 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-plugin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-plugin-properties.xml
@@ -24,7 +24,7 @@
<value>ambari-qa</value>
<display-name>Policy user for KAFKA</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>hadoop.rpc.protection</name>
@@ -33,7 +33,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>common.name.for.certificate</name>
@@ -42,13 +42,13 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>zookeeper.connect</name>
<value>localhost:2181</value>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger-kafka-plugin-enabled</name>
@@ -65,14 +65,14 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>kafka</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -83,6 +83,6 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml
index cf4a82e..f0fc160 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>kafkadev-clientcert.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>cacerts-xasecure.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file/{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file/{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-security.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-security.xml
index 91061d1..a9f84a4 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-security.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/configuration/ranger-kafka-security.xml
@@ -23,36 +23,42 @@
<name>ranger.plugin.kafka.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this Kafka instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.kafka.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.kafka.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.kafka.policy.rest.ssl.config.file</name>
<value>/etc/kafka/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.kafka.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.kafka.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
index ae9314b..7f85667 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
@@ -24,7 +24,7 @@
<value>ambari-qa</value>
<display-name>Policy user for KNOX</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>common.name.for.certificate</name>
@@ -33,7 +33,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger-knox-plugin-enabled</name>
@@ -50,14 +50,14 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>admin</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -68,14 +68,14 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>KNOX_HOME</name>
<value>/usr/local/knox-server</value>
<display-name>Knox Home</display-name>
<description>Knox home folder</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>XAAUDIT.DB.IS_ENABLED</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
index d245178..febede3 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
@@ -39,6 +39,7 @@ from resource_management.libraries.functions.stack_features import check_stack_f
from resource_management.libraries.functions.stack_features import get_stack_feature_version
from resource_management.libraries.functions.constants import StackFeature
from resource_management.libraries.functions import is_empty
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
# server configurations
config = Script.get_config()
@@ -261,82 +262,86 @@ if security_enabled:
_hostname_lowercase = config['hostname'].lower()
knox_principal_name = config['configurations']['knox-env']['knox_principal_name'].replace('_HOST',_hostname_lowercase)
+# for curl command in ranger plugin to get db connector
+jdk_location = config['hostLevelParams']['jdk_location']
+
+# ranger knox plugin start section
+
# ranger host
ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ambari-server hostname
ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
-# ranger knox properties
-policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
-if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
-xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
-xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
-xa_db_host = config['configurations']['admin-properties']['db_host']
-repo_name = str(config['clusterName']) + '_knox'
-repo_name_value = config['configurations']['ranger-knox-security']['ranger.plugin.knox.service.name']
-if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
+# ranger knox plugin enabled property
+enable_ranger_knox = default("/configurations/ranger-knox-plugin-properties/ranger-knox-plugin-enabled", "No")
+enable_ranger_knox = True if enable_ranger_knox.lower() == 'yes' else False
+
+# get ranger knox properties if enable_ranger_knox is True
+if enable_ranger_knox:
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if xml_configurations_supported:
+ policymgr_mgr_url = config['configurations']['ranger-knox-security']['ranger.plugin.knox.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+
+ # ranger audit db user
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
+ # ranger knox service/repositry name
+ repo_name = str(config['clusterName']) + '_knox'
+ repo_name_value = config['configurations']['ranger-knox-security']['ranger.plugin.knox.service.name']
+ if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+
+ knox_home = config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME']
+ common_name_for_certificate = config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate']
+ repo_config_username = config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+
+ # ranger-env config
+ ranger_env = config['configurations']['ranger-env']
+
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_knox:
+ external_admin_username = default('/configurations/ranger-knox-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-knox-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-knox-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-knox-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-knox-plugin-properties']
+ policy_user = config['configurations']['ranger-knox-plugin-properties']['policy_user']
+ repo_config_password = config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-knox_home = config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME']
-common_name_for_certificate = config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate']
+ xa_audit_db_password = ''
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
-repo_config_username = config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+ downloaded_custom_connector = None
+ previous_jdbc_jar_name = None
+ driver_curl_source = None
+ driver_curl_target = None
+ previous_jdbc_jar = None
-ranger_env = config['configurations']['ranger-env']
-ranger_plugin_properties = config['configurations']['ranger-knox-plugin-properties']
-policy_user = config['configurations']['ranger-knox-plugin-properties']['policy_user']
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
-#For curl command in ranger plugin to get db connector
-jdk_location = config['hostLevelParams']['jdk_location']
-java_share_dir = '/usr/share/java'
-if has_ranger_admin:
- enable_ranger_knox = (config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled'].lower() == 'yes')
- xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- repo_config_password = unicode(config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
- previous_jdbc_jar_name= None
-
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_target = format("{stack_root}/current/knox-server/ext/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- previous_jdbc_jar = format("{stack_root}/current/knox-server/ext/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- sql_connector_jar = ''
+ downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_target = format("{stack_root}/current/knox-server/ext/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ previous_jdbc_jar = format("{stack_root}/current/knox-server/ext/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ sql_connector_jar = ''
knox_ranger_plugin_config = {
'username': repo_config_username,
@@ -369,21 +374,21 @@ if has_ranger_admin:
'type': 'knox'
}
-
-
xa_audit_db_is_enabled = False
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
if xml_configurations_supported and stack_supports_ranger_audit_db:
xa_audit_db_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.destination.db']
- xa_audit_hdfs_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None
- ssl_keystore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
+ xa_audit_hdfs_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else False
+ ssl_keystore_password = config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla':
xa_audit_db_is_enabled = False
+# ranger knox plugin end section
+
hdfs_user = config['configurations']['hadoop-env']['hdfs_user'] if has_namenode else None
hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab'] if has_namenode else None
hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name'] if has_namenode else None
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
index 7601dfa..67a1670 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
@@ -25,8 +25,7 @@ from resource_management.libraries.functions.setup_ranger_plugin_xml import setu
def setup_ranger_knox(upgrade_type=None):
import params
- if params.has_ranger_admin:
-
+ if params.enable_ranger_knox:
stack_version = None
if upgrade_type is not None:
@@ -105,4 +104,4 @@ def setup_ranger_knox(upgrade_type=None):
Logger.info("Stack does not support core-site.xml creation for Ranger plugin, skipping core-site.xml configurations")
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Knox plugin is not enabled')
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml
index 95e653c..b0efb6d 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml
@@ -36,6 +36,12 @@
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
<on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-audit.xml
index 4dc51eb..b7cf4c5 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-audit.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/storm/audit/db/spool</value>
<description>/var/log/storm/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/storm/audit/hdfs/spool</value>
<description>/var/log/storm/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/storm/audit/solr/spool</value>
<description>/var/log/storm/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-policymgr-ssl.xml
index b1f6e1e..9592914 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>hadoopdev-clientcert.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>cacerts-xasecure.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-security.xml b/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-security.xml
index 983702f..84e394b4 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-security.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/0.10.0/configuration/ranger-storm-security.xml
@@ -23,36 +23,42 @@
<name>ranger.plugin.storm.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this Storm instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.storm.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.storm.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.storm.policy.rest.ssl.config.file</name>
<value>/etc/storm/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.storm.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.storm.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
index dbb26f6..137f29a 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
@@ -41,6 +41,7 @@ from resource_management.libraries.functions.expect import expect
from resource_management.libraries.functions.setup_atlas_hook import has_atlas_in_cluster
from resource_management.libraries.functions import is_empty
from ambari_commons.ambari_metrics_helper import select_metric_collector_hosts_from_hostnames
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
# server configurations
config = Script.get_config()
@@ -225,34 +226,8 @@ if enable_atlas_hook:
jar_jvm_opts += '-Datlas.conf=' + atlas_conf_dir
#endregion
-
-# ranger host
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
-
-#ranger storm properties
-policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
-if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
-xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
-xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
-xa_db_host = config['configurations']['admin-properties']['db_host']
-repo_name = str(config['clusterName']) + '_storm'
-repo_name_value = config['configurations']['ranger-storm-security']['ranger.plugin.storm.service.name']
-if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
-
-common_name_for_certificate = config['configurations']['ranger-storm-plugin-properties']['common.name.for.certificate']
-
storm_ui_port = config['configurations']['storm-site']['ui.port']
-repo_config_username = config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-ranger_env = config['configurations']['ranger-env']
-ranger_plugin_properties = config['configurations']['ranger-storm-plugin-properties']
-policy_user = storm_user
-
#Storm log4j properties
storm_a1_maxfilesize = default('/configurations/storm-cluster-log4j/storm_a1_maxfilesize', 100)
storm_a1_maxbackupindex = default('/configurations/storm-cluster-log4j/storm_a1_maxbackupindex', 9)
@@ -269,55 +244,87 @@ storm_worker_log4j_content = config['configurations']['storm-worker-log4j']['con
# some commands may need to supply the JAAS location when running as storm
storm_jaas_file = format("{conf_dir}/storm_jaas.conf")
-# For curl command in ranger plugin to get db connector
+# for curl command in ranger plugin to get db connector
jdk_location = config['hostLevelParams']['jdk_location']
-java_share_dir = '/usr/share/java'
-if has_ranger_admin:
- enable_ranger_storm = (config['configurations']['ranger-storm-plugin-properties']['ranger-storm-plugin-enabled'].lower() == 'yes')
+# ranger storm plugin start section
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ambari-server hostname
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+# ranger storm plugin enabled property
+enable_ranger_storm = default("/configurations/ranger-storm-plugin-properties/ranger-storm-plugin-enabled", "No")
+enable_ranger_storm = True if enable_ranger_storm.lower() == 'yes' else False
+
+# ranger storm properties
+if enable_ranger_storm:
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if xml_configurations_supported:
+ policymgr_mgr_url = config['configurations']['ranger-storm-security']['ranger.plugin.storm.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+
+ # ranger audit db user
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
+ # ranger storm service name
+ repo_name = str(config['clusterName']) + '_storm'
+ repo_name_value = config['configurations']['ranger-storm-security']['ranger.plugin.storm.service.name']
+ if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+
+ common_name_for_certificate = config['configurations']['ranger-storm-plugin-properties']['common.name.for.certificate']
+ repo_config_username = config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+
+ # ranger-env config
+ ranger_env = config['configurations']['ranger-env']
+
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_storm:
+ external_admin_username = default('/configurations/ranger-storm-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-storm-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-storm-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-storm-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-storm-plugin-properties']
+ policy_user = storm_user
+ repo_config_password = config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+
xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- repo_config_password = unicode(config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+
+ repo_config_password = config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+
+ downloaded_custom_connector = None
previous_jdbc_jar_name = None
+ driver_curl_source = None
+ driver_curl_target = None
+ previous_jdbc_jar = None
+
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_target = format("{storm_component_home_dir}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- previous_jdbc_jar = format("{storm_component_home_dir}/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- sql_connector_jar = ''
+ downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_target = format("{storm_component_home_dir}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ previous_jdbc_jar = format("{storm_component_home_dir}/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ sql_connector_jar = ''
storm_ranger_plugin_config = {
'username': repo_config_username,
@@ -356,18 +363,20 @@ if has_ranger_admin:
ranger_storm_keytab = storm_keytab_path
xa_audit_db_is_enabled = False
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
if xml_configurations_supported and stack_supports_ranger_audit_db:
xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.db']
+
xa_audit_hdfs_is_enabled = default('/configurations/ranger-storm-audit/xasecure.audit.destination.hdfs', False)
- ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
+ ssl_keystore_password = config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla':
xa_audit_db_is_enabled = False
+# ranger storm plugin end section
+
namenode_hosts = default("/clusterHostInfo/namenode_host", [])
has_namenode = not len(namenode_hosts) == 0
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py
index e81d62a..c04496e 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py
@@ -28,7 +28,7 @@ def setup_ranger_storm(upgrade_type=None):
:param upgrade_type: Upgrade Type such as "rolling" or "nonrolling"
"""
import params
- if params.has_ranger_admin and params.security_enabled:
+ if params.enable_ranger_storm and params.security_enabled:
stack_version = None
if upgrade_type is not None:
@@ -130,4 +130,4 @@ def setup_ranger_storm(upgrade_type=None):
else:
Logger.info("Stack does not support core-site.xml creation for Ranger plugin, skipping core-site.xml configurations")
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Storm plugin is not enabled')
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-plugin-properties.xml b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index 017df91..d56cde8 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -35,6 +35,7 @@ from resource_management.libraries.functions.default import default
from resource_management.libraries import functions
from resource_management.libraries.functions import is_empty
from resource_management.libraries.functions.get_architecture import get_architecture
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
import status_params
@@ -296,9 +297,6 @@ tez_lib_uris = default("/configurations/tez-site/tez.lib.uris", None)
#for create_hdfs_directory
hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-
-
-
hdfs_site = config['configurations']['hdfs-site']
default_fs = config['configurations']['core-site']['fs.defaultFS']
is_webhdfs_enabled = hdfs_site['dfs.webhdfs.enabled']
@@ -343,12 +341,6 @@ node_label_enable = config['configurations']['yarn-site']['yarn.node-labels.enab
cgroups_dir = "/cgroups_test/cpu"
-# *********************** RANGER PLUGIN CHANGES ***********************
-# ranger host
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
# hostname of the active HDFS HA Namenode (only used when HA is enabled)
dfs_ha_namenode_active = default("/configurations/hadoop-env/dfs_ha_initial_namenode_active", None)
if dfs_ha_namenode_active is not None:
@@ -379,106 +371,119 @@ if rm_ha_enabled:
rm_webapp_address = config['configurations']['yarn-site'][rm_webapp_address_property]
rm_webapp_addresses_list.append(rm_webapp_address)
-#ranger yarn properties
-if has_ranger_admin:
- is_supported_yarn_ranger = config['configurations']['yarn-env']['is_supported_yarn_ranger']
-
- if is_supported_yarn_ranger:
- enable_ranger_yarn = (config['configurations']['ranger-yarn-plugin-properties']['ranger-yarn-plugin-enabled'].lower() == 'yes')
- policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
- if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
- xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
- xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
- xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- xa_db_host = config['configurations']['admin-properties']['db_host']
- repo_name = str(config['clusterName']) + '_yarn'
- repo_name_value = config['configurations']['ranger-yarn-security']['ranger.plugin.yarn.service.name']
- if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
-
- ranger_env = config['configurations']['ranger-env']
- ranger_plugin_properties = config['configurations']['ranger-yarn-plugin-properties']
- policy_user = config['configurations']['ranger-yarn-plugin-properties']['policy_user']
- yarn_rest_url = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address']
-
- ranger_plugin_config = {
- 'username' : config['configurations']['ranger-yarn-plugin-properties']['REPOSITORY_CONFIG_USERNAME'],
- 'password' : unicode(config['configurations']['ranger-yarn-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']),
- 'yarn.url' : format('{scheme}://{yarn_rest_url}'),
- 'commonNameForCertificate' : config['configurations']['ranger-yarn-plugin-properties']['common.name.for.certificate']
- }
-
- yarn_ranger_plugin_repo = {
- 'isEnabled': 'true',
- 'configs': ranger_plugin_config,
- 'description': 'yarn repo',
- 'name': repo_name,
- 'repositoryType': 'yarn',
- 'type': 'yarn',
- 'assetType': '1'
- }
-
- if stack_supports_ranger_kerberos:
- ranger_plugin_config['ambari.service.check.user'] = policy_user
- ranger_plugin_config['hadoop.security.authentication'] = 'kerberos' if security_enabled else 'simple'
-
- if stack_supports_ranger_kerberos and security_enabled:
- ranger_plugin_config['policy.download.auth.users'] = yarn_user
- ranger_plugin_config['tag.download.auth.users'] = yarn_user
-
- #For curl command in ranger plugin to get db connector
- jdk_location = config['hostLevelParams']['jdk_location']
- java_share_dir = '/usr/share/java'
- previous_jdbc_jar_name = None
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
+# for curl command in ranger plugin to get db connector
+jdk_location = config['hostLevelParams']['jdk_location']
+
+# ranger yarn plugin section start
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ambari-server hostname
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+# ranger yarn plugin enabled property
+enable_ranger_yarn = default("/configurations/ranger-yarn-plugin-properties/ranger-yarn-plugin-enabled", "No")
+enable_ranger_yarn = True if enable_ranger_yarn.lower() == 'yes' else False
+
+# ranger yarn-plugin supported flag, instead of using is_supported_yarn_ranger/yarn-env, using stack feature
+is_supported_yarn_ranger = check_stack_feature(StackFeature.YARN_RANGER_PLUGIN_SUPPORT, version_for_stack_feature_checks)
+
+# get ranger yarn properties if enable_ranger_yarn is True
+if enable_ranger_yarn and is_supported_yarn_ranger:
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['ranger-yarn-security']['ranger.plugin.yarn.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+
+ # ranger audit db user
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
+ xa_audit_db_password = ''
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+
+ # ranger yarn service/repository name
+ repo_name = str(config['clusterName']) + '_yarn'
+ repo_name_value = config['configurations']['ranger-yarn-security']['ranger.plugin.yarn.service.name']
+ if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+
+ # ranger-env config
+ ranger_env = config['configurations']['ranger-env']
+
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_yarn:
+ external_admin_username = default('/configurations/ranger-yarn-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-yarn-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-yarn-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-yarn-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-yarn-plugin-properties']
+ policy_user = config['configurations']['ranger-yarn-plugin-properties']['policy_user']
+ yarn_rest_url = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address']
+
+ ranger_plugin_config = {
+ 'username' : config['configurations']['ranger-yarn-plugin-properties']['REPOSITORY_CONFIG_USERNAME'],
+ 'password' : unicode(config['configurations']['ranger-yarn-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']),
+ 'yarn.url' : format('{scheme}://{yarn_rest_url}'),
+ 'commonNameForCertificate' : config['configurations']['ranger-yarn-plugin-properties']['common.name.for.certificate']
+ }
+
+ yarn_ranger_plugin_repo = {
+ 'isEnabled': 'true',
+ 'configs': ranger_plugin_config,
+ 'description': 'yarn repo',
+ 'name': repo_name,
+ 'repositoryType': 'yarn',
+ 'type': 'yarn',
+ 'assetType': '1'
+ }
+
+ if stack_supports_ranger_kerberos:
+ ranger_plugin_config['ambari.service.check.user'] = policy_user
+ ranger_plugin_config['hadoop.security.authentication'] = 'kerberos' if security_enabled else 'simple'
+
+ if stack_supports_ranger_kerberos and security_enabled:
+ ranger_plugin_config['policy.download.auth.users'] = yarn_user
+ ranger_plugin_config['tag.download.auth.users'] = yarn_user
+
+ downloaded_custom_connector = None
+ previous_jdbc_jar_name = None
+ driver_curl_source = None
+ driver_curl_target = None
+ previous_jdbc_jar = None
+
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
driver_curl_target = format("{hadoop_yarn_home}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
previous_jdbc_jar = format("{hadoop_yarn_home}/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ xa_audit_db_is_enabled = False
+ if xml_configurations_supported and stack_supports_ranger_audit_db:
+ xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.db']
+
+ xa_audit_hdfs_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else False
+ ssl_keystore_password = config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla':
xa_audit_db_is_enabled = False
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
- if xml_configurations_supported and stack_supports_ranger_audit_db:
- xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.db']
- xa_audit_hdfs_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None
- ssl_keystore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
-
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
- xa_audit_db_is_enabled = False
+
+# ranger yarn plugin end section
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index 3117139..e6020ae 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -115,7 +115,7 @@ class ResourcemanagerDefault(Resourcemanager):
env.set_params(params)
self.configure(env) # FOR SECURITY
- if params.has_ranger_admin and params.is_supported_yarn_ranger:
+ if params.enable_ranger_yarn and params.is_supported_yarn_ranger:
setup_ranger_yarn() #Ranger Yarn Plugin related calls
# wait for active-dir and done-dir to be created by ATS if needed
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/setup_ranger_yarn.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/setup_ranger_yarn.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/setup_ranger_yarn.py
index 6ea7f82..d29e4dc 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/setup_ranger_yarn.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/setup_ranger_yarn.py
@@ -19,7 +19,7 @@ from resource_management.core.logger import Logger
def setup_ranger_yarn():
import params
- if params.has_ranger_admin:
+ if params.enable_ranger_yarn:
from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin
@@ -68,4 +68,4 @@ def setup_ranger_yarn():
component_user_keytab=params.rm_keytab if params.security_enabled else None
)
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Yarn plugin is not enabled')
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
index a64af73..6801d5a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
@@ -122,7 +122,7 @@
"name": "ranger_audit_db_support",
"description": "Ranger Audit to DB support",
"min_version": "2.2.0.0",
- "max_version": "2.5.0.0"
+ "max_version": "2.4.99.99"
},
{
"name": "accumulo_kerberos_user_auth",
@@ -334,6 +334,21 @@
"min_version": "2.6.0.0"
},
{
+ "name": "ranger_xml_configuration",
+ "description": "Ranger code base support xml configurations",
+ "min_version": "2.3.0.0"
+ },
+ {
+ "name": "kafka_ranger_plugin_support",
+ "description": "Ambari stack changes for Ranger Kafka Plugin (AMBARI-11299)",
+ "min_version": "2.3.0.0"
+ },
+ {
+ "name": "yarn_ranger_plugin_support",
+ "description": "Implement Stack changes for Ranger Yarn Plugin integration (AMBARI-10866)",
+ "min_version": "2.3.0.0"
+ },
+ {
"name": "ranger_solr_config_support",
"description": "Showing Ranger solrconfig.xml on UI",
"min_version": "2.6.0.0"
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
index 960c751..0de538d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
@@ -26,7 +26,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>policy_user</name>
@@ -39,7 +39,7 @@
</property>
</depends-on>
<description>This user must be system user and also present at Ranger admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger-hbase-plugin-enabled</name>
@@ -56,14 +56,14 @@
<name>ranger-hbase-plugin-enabled</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>hbase</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -74,7 +74,7 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>XAAUDIT.DB.IS_ENABLED</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
index c57c5f0..7460d26 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
@@ -17,7 +17,7 @@
<display-name>Policy user for HDFS</display-name>
<description>This user must be system user and also present at Ranger
admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>hadoop.rpc.protection</name>
@@ -27,7 +27,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>common.name.for.certificate</name>
@@ -36,7 +36,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger-hdfs-plugin-enabled</name>
@@ -53,7 +53,7 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
@@ -61,7 +61,7 @@
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin
</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -73,7 +73,7 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>XAAUDIT.DB.IS_ENABLED</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
index 830c539..0db5565 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
@@ -24,13 +24,13 @@
<value>ambari-qa</value>
<display-name>Policy user for HIVE</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>jdbc.driverClassName</name>
<value>org.apache.hive.jdbc.HiveDriver</value>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>common.name.for.certificate</name>
@@ -39,14 +39,14 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>hive</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -57,7 +57,7 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>XAAUDIT.DB.IS_ENABLED</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ranger-knox-plugin-properties.xml
index d5880dd..ad2b1e4 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ranger-knox-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ranger-knox-plugin-properties.xml
@@ -24,6 +24,6 @@
<value>/usr/hdp/current/knox-server</value>
<display-name>Knox Home</display-name>
<description>Knox home folder</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
[4/4] ambari git commit: AMBARI-19044 Install & configure Ranger
plugin components independently of Ranger admin components (mugdha)
Posted by mu...@apache.org.
AMBARI-19044 Install & configure Ranger plugin components independently of Ranger admin components (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7edd6df9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7edd6df9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7edd6df9
Branch: refs/heads/branch-2.5
Commit: 7edd6df944b474183179d0432386a6015e6bc310
Parents: ac92188
Author: Mugdha Varadkar <mu...@apache.org>
Authored: Tue Jan 17 17:20:42 2017 +0530
Committer: Mugdha Varadkar <mu...@apache.org>
Committed: Tue Jan 17 18:14:55 2017 +0530
----------------------------------------------------------------------
.../libraries/functions/constants.py | 3 +
.../functions/setup_ranger_plugin_xml.py | 47 +++-
.../server/upgrade/UpgradeCatalog250.java | 37 ++++
.../ATLAS/0.1.0.2.3/package/scripts/params.py | 71 ++++--
.../package/scripts/setup_ranger_atlas.py | 4 +-
.../0.96.0.2.0/package/scripts/params_linux.py | 163 +++++++-------
.../package/scripts/setup_ranger_hbase.py | 4 +-
.../2.1.0.2.0/package/scripts/params_linux.py | 166 +++++++-------
.../package/scripts/setup_ranger_hdfs.py | 44 ++--
.../0.12.0.2.0/package/scripts/params_linux.py | 161 +++++++-------
.../package/scripts/setup_ranger_hive.py | 6 +-
.../KAFKA/0.8.1/package/scripts/params.py | 126 +++++------
.../0.8.1/package/scripts/setup_ranger_kafka.py | 4 +-
.../0.9.0/configuration/ranger-kafka-audit.xml | 32 +--
.../ranger-kafka-plugin-properties.xml | 14 +-
.../ranger-kafka-policymgr-ssl.xml | 12 +-
.../configuration/ranger-kafka-security.xml | 18 +-
.../ranger-knox-plugin-properties.xml | 12 +-
.../0.5.0.2.2/package/scripts/params_linux.py | 155 ++++++-------
.../package/scripts/setup_ranger_knox.py | 5 +-
.../configuration/ranger-kms-security.xml | 6 +
.../0.10.0/configuration/ranger-storm-audit.xml | 32 +--
.../ranger-storm-policymgr-ssl.xml | 12 +-
.../configuration/ranger-storm-security.xml | 18 +-
.../STORM/0.9.1/package/scripts/params_linux.py | 161 +++++++-------
.../0.9.1/package/scripts/setup_ranger_storm.py | 4 +-
.../ranger-storm-plugin-properties.xml | 71 ++++++
.../2.1.0.2.0/package/scripts/params_linux.py | 215 ++++++++++---------
.../package/scripts/resourcemanager.py | 2 +-
.../package/scripts/setup_ranger_yarn.py | 4 +-
.../HDP/2.0.6/properties/stack_features.json | 17 +-
.../ranger-hbase-plugin-properties.xml | 10 +-
.../ranger-hdfs-plugin-properties.xml | 12 +-
.../ranger-hive-plugin-properties.xml | 10 +-
.../ranger-knox-plugin-properties.xml | 2 +-
.../stacks/HDP/2.2/services/stack_advisor.py | 38 ++--
.../HBASE/configuration/ranger-hbase-audit.xml | 32 +--
.../ranger-hbase-policymgr-ssl.xml | 12 +-
.../configuration/ranger-hbase-security.xml | 20 +-
.../configuration/ranger-hdfs-policymgr-ssl.xml | 12 +-
.../HDFS/configuration/ranger-hdfs-security.xml | 20 +-
.../HIVE/configuration/ranger-hive-audit.xml | 32 +--
.../configuration/ranger-hive-policymgr-ssl.xml | 12 +-
.../HIVE/configuration/ranger-hive-security.xml | 20 +-
.../ranger-kafka-policymgr-ssl.xml | 4 +-
.../KNOX/configuration/ranger-knox-audit.xml | 32 +--
.../configuration/ranger-knox-policymgr-ssl.xml | 12 +-
.../KNOX/configuration/ranger-knox-security.xml | 18 +-
.../ranger-storm-policymgr-ssl.xml | 4 +-
.../configuration/ranger-storm-security.xml | 2 +-
.../YARN/configuration/ranger-yarn-audit.xml | 32 +--
.../ranger-yarn-plugin-properties.xml | 12 +-
.../configuration/ranger-yarn-policymgr-ssl.xml | 12 +-
.../YARN/configuration/ranger-yarn-security.xml | 18 +-
.../stacks/HDP/2.3/services/stack_advisor.py | 34 +++
.../ATLAS/configuration/ranger-atlas-audit.xml | 6 +-
.../ranger-atlas-plugin-properties.xml | 58 ++++-
.../ranger-atlas-policymgr-ssl.xml | 12 +-
.../configuration/ranger-atlas-security.xml | 20 +-
.../ranger-hbase-plugin-properties.xml | 71 ++++++
.../ranger-hdfs-plugin-properties.xml | 50 ++++-
.../ranger-hive-plugin-properties.xml | 71 ++++++
.../HIVE/configuration/ranger-hive-security.xml | 2 +-
.../ranger-kafka-plugin-properties.xml | 71 ++++++
.../ranger-knox-plugin-properties.xml | 71 ++++++
.../ranger-storm-policymgr-ssl.xml | 4 +-
.../configuration/ranger-storm-security.xml | 2 +-
.../ranger-yarn-plugin-properties.xml | 71 ++++++
.../stacks/HDP/2.5/services/stack_advisor.py | 7 +
.../server/upgrade/UpgradeCatalog250Test.java | 110 ++++++++++
.../stacks/2.0.6/configs/altfs_plus_hdfs.json | 6 +-
.../python/stacks/2.0.6/configs/default.json | 10 +-
.../stacks/2.0.6/configs/default_client.json | 3 +-
.../2.0.6/configs/default_hive_nn_ha.json | 3 +-
.../2.0.6/configs/default_hive_nn_ha_2.json | 3 +-
.../2.0.6/configs/default_hive_non_hdfs.json | 3 +-
.../2.0.6/configs/default_no_install.json | 3 +-
.../2.0.6/configs/default_with_bucket.json | 4 +-
.../2.0.6/configs/ha_bootstrap_active_node.json | 2 +-
.../configs/ha_bootstrap_standby_node.json | 2 +-
...ha_bootstrap_standby_node_initial_start.json | 2 +-
...dby_node_initial_start_dfs_nameservices.json | 2 +-
.../python/stacks/2.0.6/configs/ha_default.json | 4 +-
.../python/stacks/2.0.6/configs/ha_secured.json | 2 +-
.../python/stacks/2.0.6/configs/hbase-2.2.json | 4 +-
.../2.0.6/configs/hbase-rs-2.2-phoenix.json | 4 +-
.../stacks/2.0.6/configs/hbase-rs-2.2.json | 4 +-
.../python/stacks/2.0.6/configs/nn_ru_lzo.json | 2 +-
.../python/stacks/2.0.6/configs/secured.json | 12 +-
.../stacks/2.0.6/configs/secured_client.json | 3 +-
.../stacks/2.1/configs/default-storm-start.json | 2 +-
.../test/python/stacks/2.1/configs/default.json | 5 +-
.../stacks/2.1/configs/secured-storm-start.json | 2 +-
.../test/python/stacks/2.1/configs/secured.json | 5 +-
.../stacks/2.2/common/test_stack_advisor.py | 53 ++++-
.../test/python/stacks/2.2/configs/default.json | 6 +-
.../python/stacks/2.2/configs/hive-upgrade.json | 3 +-
.../stacks/2.3/common/test_stack_advisor.py | 3 +-
.../python/stacks/2.5/configs/hsi_default.json | 3 +-
.../test/python/stacks/2.5/configs/hsi_ha.json | 3 +-
.../controllers/main/service/info/configs.js | 4 +-
.../app/controllers/wizard/step7_controller.js | 4 +-
102 files changed, 1889 insertions(+), 946 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
index 56af615..6895e34 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
@@ -106,6 +106,9 @@ class StackFeature:
ZKFC_VERSION_ADVERTISED = "zkfc_version_advertised"
PHOENIX_CORE_HDFS_SITE_REQUIRED = "phoenix_core_hdfs_site_required"
RANGER_TAGSYNC_SSL_XML_SUPPORT="ranger_tagsync_ssl_xml_support"
+ RANGER_XML_CONFIGURATION = "ranger_xml_configuration"
+ KAFKA_RANGER_PLUGIN_SUPPORT = "kafka_ranger_plugin_support"
+ YARN_RANGER_PLUGIN_SUPPORT = "yarn_ranger_plugin_support"
RANGER_SOLR_CONFIG_SUPPORT='ranger_solr_config_support'
HIVE_INTERACTIVE_ATLAS_HOOK_REQUIRED="hive_interactive_atlas_hook_required"
CORE_SITE_FOR_RANGER_PLUGINS_SUPPORT='core_site_for_ranger_plugins'
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
index 6561928..a12116d 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
@@ -17,8 +17,7 @@ See the License for the specific language governing permissions and
limitations under the License.
"""
-__all__ = ["setup_ranger_plugin"]
-
+__all__ = ["setup_ranger_plugin", "get_audit_configs"]
import os
import ambari_simplejson as json
@@ -34,6 +33,7 @@ from resource_management.libraries.functions.ranger_functions_v2 import Rangerad
from resource_management.core.utils import PasswordString
from resource_management.libraries.script.script import Script
from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
def setup_ranger_plugin(component_select_name, service_name, previous_jdbc_jar,
component_downloaded_custom_connector, component_driver_curl_source,
@@ -164,8 +164,8 @@ def setup_ranger_plugin(component_select_name, service_name, previous_jdbc_jar,
group = component_group,
mode=0744)
- #This should be done by rpm
- #setup_ranger_plugin_jar_symblink(stack_version, service_name, component_list)
+ # creating symblink should be done by rpm package
+ # setup_ranger_plugin_jar_symblink(stack_version, service_name, component_list)
setup_ranger_plugin_keystore(service_name, audit_db_is_enabled, stack_version, credential_file,
xa_audit_db_password, ssl_truststore_password, ssl_keystore_password,
@@ -176,7 +176,6 @@ def setup_ranger_plugin(component_select_name, service_name, previous_jdbc_jar,
action="delete"
)
-
def setup_ranger_plugin_jar_symblink(stack_version, service_name, component_list):
stack_root = Script.get_stack_root()
@@ -217,7 +216,6 @@ def setup_ranger_plugin_keystore(service_name, audit_db_is_enabled, stack_versio
mode = 0640
)
-
def setup_core_site_for_required_plugins(component_user, component_group, create_core_site_path, config):
XmlConfig('core-site.xml',
conf_dir=create_core_site_path,
@@ -227,3 +225,40 @@ def setup_core_site_for_required_plugins(component_user, component_group, create
group=component_group,
mode=0644
)
+
+def get_audit_configs(config):
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR'].lower()
+ xa_db_host = config['configurations']['admin-properties']['db_host']
+ xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+
+ if xa_audit_db_flavor == 'mysql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
+ jdbc_driver = "com.mysql.jdbc.Driver"
+ elif xa_audit_db_flavor == 'oracle':
+ jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ colon_count = xa_db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
+ else:
+ audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
+ jdbc_driver = "oracle.jdbc.OracleDriver"
+ elif xa_audit_db_flavor == 'postgres':
+ jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
+ jdbc_driver = "org.postgresql.Driver"
+ elif xa_audit_db_flavor == 'mssql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
+ jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
+ elif xa_audit_db_flavor == 'sqla':
+ jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
+ jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
+
+ return jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index c839b18..d19db3c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -166,6 +166,7 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog {
updateLogSearchConfigs();
updateAmbariInfraConfigs();
updateYarnSite();
+ updateRangerUrlConfigs();
addManageServiceAutoStartPermissions();
}
@@ -875,4 +876,40 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog {
"CLUSTER.OPERATOR:CLUSTER");
addRoleAuthorization("CLUSTER.MANAGE_AUTO_START", "Manage service auto-start configuration", roles);
}
+
+ /**
+ * Updates Ranger admin url for Ranger plugin supported configs.
+ *
+ * @throws AmbariException
+ */
+ protected void updateRangerUrlConfigs() throws AmbariException {
+ AmbariManagementController ambariManagementController = injector.getInstance(AmbariManagementController.class);
+ for (final Cluster cluster : getCheckedClusterMap(ambariManagementController.getClusters()).values()) {
+
+ Config ranger_admin_properties = cluster.getDesiredConfigByType("admin-properties");
+ if(null != ranger_admin_properties) {
+ String policyUrl = ranger_admin_properties.getProperties().get("policymgr_external_url");
+ if (null != policyUrl) {
+ updateRangerUrl(cluster, "ranger-hdfs-security", "ranger.plugin.hdfs.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-hive-security", "ranger.plugin.hive.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-hbase-security", "ranger.plugin.hbase.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-knox-security", "ranger.plugin.knox.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-storm-security", "ranger.plugin.storm.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-yarn-security", "ranger.plugin.yarn.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-kafka-security", "ranger.plugin.kafka.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-atlas-security", "ranger.plugin.atlas.policy.rest.url", policyUrl);
+ updateRangerUrl(cluster, "ranger-kms-security", "ranger.plugin.kms.policy.rest.url", policyUrl);
+ }
+ }
+ }
+ }
+
+ protected void updateRangerUrl(Cluster cluster, String configType, String configProperty, String policyUrl) throws AmbariException {
+ Config componentSecurity = cluster.getDesiredConfigByType(configType);
+ if(componentSecurity != null && componentSecurity.getProperties().containsKey(configProperty)) {
+ Map<String, String> updateProperty = new HashMap<>();
+ updateProperty.put(configProperty, policyUrl);
+ updateConfigurationPropertiesForCluster(cluster, configType, updateProperty, true, false);
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
index 2418326..4255ee4 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
@@ -217,17 +217,7 @@ for host in zookeeper_hosts:
if index < len(zookeeper_hosts):
zookeeper_quorum += ","
-
-# Atlas Ranger plugin configurations
-stack_supports_atlas_ranger_plugin = check_stack_feature(StackFeature.ATLAS_RANGER_PLUGIN_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
stack_supports_atlas_hdfs_site_on_namenode_ha = check_stack_feature(StackFeature.ATLAS_HDFS_SITE_ON_NAMENODE_HA, version_for_stack_feature_checks)
-retry_enabled = default("/commandParams/command_retry_enabled", False)
-
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-enable_ranger_atlas = False
atlas_server_xmx = default("configurations/atlas-env/atlas_server_xmx", 2048)
atlas_server_max_new_size = default("configurations/atlas-env/atlas_server_max_new_size", 614)
@@ -235,9 +225,6 @@ atlas_server_max_new_size = default("configurations/atlas-env/atlas_server_max_n
hbase_master_hosts = default('/clusterHostInfo/hbase_master_hosts', [])
has_hbase_master = not len(hbase_master_hosts) == 0
-ranger_admin_hosts = default('/clusterHostInfo/ranger_admin_hosts', [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-
atlas_hbase_setup = format("{exec_tmp_dir}/atlas_hbase_setup.rb")
atlas_kafka_setup = format("{exec_tmp_dir}/atlas_kafka_acl.sh")
atlas_graph_storage_hbase_table = default('/configurations/application-properties/atlas.graph.storage.hbase.table', None)
@@ -245,7 +232,6 @@ atlas_audit_hbase_tablename = default('/configurations/application-properties/at
hbase_user_keytab = default('/configurations/hbase-env/hbase_user_keytab', None)
hbase_principal_name = default('/configurations/hbase-env/hbase_principal_name', None)
-enable_ranger_hbase = False
# ToDo: Kafka port to Atlas
# Used while upgrading the stack in a kerberized cluster and running kafka-acls.sh
@@ -287,7 +273,29 @@ if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, version_for_stack_fea
namenode_host = set(default("/clusterHostInfo/namenode_host", []))
has_namenode = not len(namenode_host) == 0
-if has_ranger_admin and stack_supports_atlas_ranger_plugin:
+# ranger altas plugin section start
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+
+retry_enabled = default("/commandParams/command_retry_enabled", False)
+
+stack_supports_atlas_ranger_plugin = check_stack_feature(StackFeature.ATLAS_RANGER_PLUGIN_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ranger atlas plugin enabled property
+enable_ranger_atlas = default("/configurations/ranger-atlas-plugin-properties/ranger-atlas-plugin-enabled", "No")
+enable_ranger_atlas = True if enable_ranger_atlas.lower() == "yes" else False
+
+# ranger hbase plugin enabled property
+enable_ranger_hbase = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled", "No")
+enable_ranger_hbase = True if enable_ranger_hbase.lower() == 'yes' else False
+
+if stack_supports_atlas_ranger_plugin and enable_ranger_atlas:
# for create_hdfs_directory
hdfs_user = config['configurations']['hadoop-env']['hdfs_user'] if has_namenode else None
hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab'] if has_namenode else None
@@ -318,27 +326,42 @@ if has_ranger_admin and stack_supports_atlas_ranger_plugin:
dfs_type = dfs_type
)
+ # ranger atlas service/repository name
repo_name = str(config['clusterName']) + '_atlas'
repo_name_value = config['configurations']['ranger-atlas-security']['ranger.plugin.atlas.service.name']
if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
repo_name = repo_name_value
- ssl_keystore_password = unicode(config['configurations']['ranger-atlas-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
- ssl_truststore_password = unicode(config['configurations']['ranger-atlas-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
+
+ ssl_keystore_password = config['configurations']['ranger-atlas-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']
+ ssl_truststore_password = config['configurations']['ranger-atlas-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']
credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
xa_audit_hdfs_is_enabled = default('/configurations/ranger-atlas-audit/xasecure.audit.destination.hdfs', False)
- enable_ranger_atlas = config['configurations']['ranger-atlas-plugin-properties']['ranger-atlas-plugin-enabled']
- enable_ranger_atlas = not is_empty(enable_ranger_atlas) and enable_ranger_atlas.lower() == 'yes'
- enable_ranger_hbase = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']
- enable_ranger_hbase = not is_empty(enable_ranger_hbase) and enable_ranger_hbase.lower() == 'yes'
- policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['ranger-atlas-security']['ranger.plugin.atlas.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
downloaded_custom_connector = None
driver_curl_source = None
driver_curl_target = None
ranger_env = config['configurations']['ranger-env']
- ranger_plugin_properties = config['configurations']['ranger-atlas-plugin-properties']
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_atlas:
+ external_admin_username = default('/configurations/ranger-atlas-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-atlas-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-atlas-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-atlas-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-atlas-plugin-properties']
ranger_atlas_audit = config['configurations']['ranger-atlas-audit']
ranger_atlas_audit_attrs = config['configuration_attributes']['ranger-atlas-audit']
ranger_atlas_security = config['configurations']['ranger-atlas-security']
@@ -355,6 +378,7 @@ if has_ranger_admin and stack_supports_atlas_ranger_plugin:
'commonNameForCertificate' : config['configurations']['ranger-atlas-plugin-properties']['common.name.for.certificate'],
'ambari.service.check.user' : policy_user
}
+
if security_enabled:
atlas_repository_configuration['policy.download.auth.users'] = metadata_user
atlas_repository_configuration['tag.download.auth.users'] = metadata_user
@@ -366,3 +390,4 @@ if has_ranger_admin and stack_supports_atlas_ranger_plugin:
'name': repo_name,
'type': 'atlas',
}
+# ranger atlas plugin section end
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/setup_ranger_atlas.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/setup_ranger_atlas.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/setup_ranger_atlas.py
index f5d7f38..c47c75c 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/setup_ranger_atlas.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/setup_ranger_atlas.py
@@ -19,7 +19,7 @@ from resource_management.core.logger import Logger
def setup_ranger_atlas(upgrade_type=None):
import params
- if params.has_ranger_admin:
+ if params.enable_ranger_atlas:
from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin
@@ -67,4 +67,4 @@ def setup_ranger_atlas(upgrade_type=None):
component_user_principal=params.atlas_jaas_principal if params.security_enabled else None,
component_user_keytab=params.atlas_keytab_path if params.security_enabled else None)
else:
- Logger.info('Ranger admin not installed')
\ No newline at end of file
+ Logger.info('Ranger Atlas plugin is not enabled')
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index 8eed2d5..ab8a4d9 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -41,6 +41,7 @@ from resource_management.libraries.functions.get_not_managed_resources import ge
from resource_management.libraries.script.script import Script
from resource_management.libraries.functions.expect import expect
from ambari_commons.ambari_metrics_helper import select_metric_collector_hosts_from_hostnames
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
# server configurations
config = Script.get_config()
@@ -232,8 +233,6 @@ hdfs_user_keytab = config['configurations']['hadoop-env']['hdfs_user_keytab']
hdfs_user = config['configurations']['hadoop-env']['hdfs_user']
hdfs_principal_name = config['configurations']['hadoop-env']['hdfs_principal_name']
-
-
hdfs_site = config['configurations']['hdfs-site']
default_fs = config['configurations']['core-site']['fs.defaultFS']
@@ -258,87 +257,90 @@ HdfsResource = functools.partial(
dfs_type = dfs_type
)
-# ranger host
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
-
-# ranger hbase properties
-policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
-if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
-xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
-xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
-xa_db_host = config['configurations']['admin-properties']['db_host']
-repo_name = str(config['clusterName']) + '_hbase'
-repo_name_value = config['configurations']['ranger-hbase-security']['ranger.plugin.hbase.service.name']
-if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
-
-common_name_for_certificate = config['configurations']['ranger-hbase-plugin-properties']['common.name.for.certificate']
-
zookeeper_znode_parent = config['configurations']['hbase-site']['zookeeper.znode.parent']
hbase_zookeeper_quorum = config['configurations']['hbase-site']['hbase.zookeeper.quorum']
hbase_zookeeper_property_clientPort = config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
hbase_security_authentication = config['configurations']['hbase-site']['hbase.security.authentication']
hadoop_security_authentication = config['configurations']['core-site']['hadoop.security.authentication']
-repo_config_username = config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+# ranger hbase plugin section start
-ranger_env = config['configurations']['ranger-env']
-ranger_plugin_properties = config['configurations']['ranger-hbase-plugin-properties']
-policy_user = config['configurations']['ranger-hbase-plugin-properties']['policy_user']
-
-#For curl command in ranger plugin to get db connector
+# to get db connector jar
jdk_location = config['hostLevelParams']['jdk_location']
-java_share_dir = '/usr/share/java'
-enable_ranger_hbase = False
-if has_ranger_admin:
- enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes')
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env introduced, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ambari-server hostname
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+# ranger hbase plugin enabled property
+enable_ranger_hbase = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled", "No")
+enable_ranger_hbase = True if enable_ranger_hbase.lower() == 'yes' else False
+
+# ranger hbase properties
+if enable_ranger_hbase:
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if xml_configurations_supported:
+ policymgr_mgr_url = config['configurations']['ranger-hbase-security']['ranger.plugin.hbase.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+
+ # ranger audit db user
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
+ # ranger hbase service/repository name
+ repo_name = str(config['clusterName']) + '_hbase'
+ repo_name_value = config['configurations']['ranger-hbase-security']['ranger.plugin.hbase.service.name']
+ if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+
+ common_name_for_certificate = config['configurations']['ranger-hbase-plugin-properties']['common.name.for.certificate']
+ repo_config_username = config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+ ranger_plugin_properties = config['configurations']['ranger-hbase-plugin-properties']
+ policy_user = config['configurations']['ranger-hbase-plugin-properties']['policy_user']
+ repo_config_password = config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+
+ # ranger-env config
+ ranger_env = config['configurations']['ranger-env']
+
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_hbase:
+ external_admin_username = default('/configurations/ranger-hbase-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-hbase-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-hbase-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-hbase-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- repo_config_password = unicode(config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+
+ downloaded_custom_connector = None
previous_jdbc_jar_name = None
+ driver_curl_source = None
+ driver_curl_target = None
+ previous_jdbc_jar = None
+
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_target = format("{stack_root}/current/{component_directory}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- previous_jdbc_jar = format("{stack_root}/current/{component_directory}/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- sql_connector_jar = ''
+ downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_target = format("{stack_root}/current/{component_directory}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ previous_jdbc_jar = format("{stack_root}/current/{component_directory}/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ sql_connector_jar = ''
if security_enabled:
master_principal = config['configurations']['hbase-site']['hbase.master.kerberos.principal']
@@ -385,23 +387,24 @@ if has_ranger_admin:
if stack_supports_ranger_kerberos and security_enabled and 'hbase-master' in component_directory.lower():
ranger_hbase_principal = master_jaas_princ
ranger_hbase_keytab = master_keytab_path
- elif stack_supports_ranger_kerberos and security_enabled and 'hbase-regionserver' in component_directory.lower():
+ elif stack_supports_ranger_kerberos and security_enabled and 'hbase-regionserver' in component_directory.lower():
ranger_hbase_principal = regionserver_jaas_princ
ranger_hbase_keytab = regionserver_keytab_path
xa_audit_db_is_enabled = False
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
if xml_configurations_supported and stack_supports_ranger_audit_db:
xa_audit_db_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.destination.db']
- xa_audit_hdfs_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None
- ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
+ xa_audit_hdfs_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else False
+ ssl_keystore_password = config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla':
xa_audit_db_is_enabled = False
+# ranger hbase plugin section end
create_hbase_home_directory = check_stack_feature(StackFeature.HBASE_HOME_DIRECTORY, stack_version_formatted)
hbase_home_directory = format("/user/{hbase_user}")
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
index 0d73e39..d32dce1 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
@@ -22,7 +22,7 @@ from resource_management.core.logger import Logger
def setup_ranger_hbase(upgrade_type=None, service_name="hbase-master"):
import params
- if params.has_ranger_admin:
+ if params.enable_ranger_hbase:
stack_version = None
@@ -103,4 +103,4 @@ def setup_ranger_hbase(upgrade_type=None, service_name="hbase-master"):
ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password,
stack_version_override = stack_version, skip_if_rangeradmin_down= not params.retryAble)
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger HBase plugin is not enabled')
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
index f804851..22e2ee6 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
@@ -44,7 +44,7 @@ from resource_management.libraries.functions.get_lzo_packages import get_lzo_pac
from resource_management.libraries.functions.hdfs_utils import is_https_enabled_in_hdfs
from resource_management.libraries.functions import is_empty
from resource_management.libraries.functions.get_architecture import get_architecture
-
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
config = Script.get_config()
tmp_dir = Script.get_tmp_dir()
@@ -393,95 +393,100 @@ dtnode_heapsize = config['configurations']['hadoop-env']['dtnode_heapsize']
mapred_pid_dir_prefix = default("/configurations/mapred-env/mapred_pid_dir_prefix","/var/run/hadoop-mapreduce")
mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefix","/var/log/hadoop-mapreduce")
-# ranger host
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
-
-#ranger hdfs properties
-policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
-if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
-xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
-xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
-xa_db_host = config['configurations']['admin-properties']['db_host']
-repo_name = str(config['clusterName']) + '_hadoop'
-repo_name_value = config['configurations']['ranger-hdfs-security']['ranger.plugin.hdfs.service.name']
-if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
-
hadoop_security_authentication = config['configurations']['core-site']['hadoop.security.authentication']
hadoop_security_authorization = config['configurations']['core-site']['hadoop.security.authorization']
fs_default_name = config['configurations']['core-site']['fs.defaultFS']
hadoop_security_auth_to_local = config['configurations']['core-site']['hadoop.security.auth_to_local']
-hadoop_rpc_protection = config['configurations']['ranger-hdfs-plugin-properties']['hadoop.rpc.protection']
-common_name_for_certificate = config['configurations']['ranger-hdfs-plugin-properties']['common.name.for.certificate']
-
-repo_config_username = config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
if security_enabled:
sn_principal_name = default("/configurations/hdfs-site/dfs.secondary.namenode.kerberos.principal", "nn/_HOST@EXAMPLE.COM")
sn_principal_name = sn_principal_name.replace('_HOST',hostname.lower())
-ranger_env = config['configurations']['ranger-env']
-ranger_plugin_properties = config['configurations']['ranger-hdfs-plugin-properties']
-policy_user = config['configurations']['ranger-hdfs-plugin-properties']['policy_user']
-
-#For curl command in ranger plugin to get db connector
+# for curl command in ranger plugin to get db connector
jdk_location = config['hostLevelParams']['jdk_location']
java_share_dir = '/usr/share/java'
is_https_enabled = is_https_enabled_in_hdfs(config['configurations']['hdfs-site']['dfs.http.policy'],
config['configurations']['hdfs-site']['dfs.https.enable'])
-if has_ranger_admin:
- enable_ranger_hdfs = (config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled'].lower() == 'yes')
+# ranger hdfs plugin section start
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ambari-server hostname
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+# ranger hdfs plugin enabled property
+enable_ranger_hdfs = default("/configurations/ranger-hdfs-plugin-properties/ranger-hdfs-plugin-enabled", "No")
+enable_ranger_hdfs = True if enable_ranger_hdfs.lower() == 'yes' else False
+
+# get ranger hdfs properties if enable_ranger_hdfs is True
+if enable_ranger_hdfs:
+ # ranger policy url
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if xml_configurations_supported:
+ policymgr_mgr_url = config['configurations']['ranger-hdfs-security']['ranger.plugin.hdfs.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+
+ # ranger audit db user
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
+ # ranger hdfs service name
+ repo_name = str(config['clusterName']) + '_hadoop'
+ repo_name_value = config['configurations']['ranger-hdfs-security']['ranger.plugin.hdfs.service.name']
+ if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+
+ hadoop_rpc_protection = config['configurations']['ranger-hdfs-plugin-properties']['hadoop.rpc.protection']
+ common_name_for_certificate = config['configurations']['ranger-hdfs-plugin-properties']['common.name.for.certificate']
+ repo_config_username = config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+
+ # ranger-env config
+ ranger_env = config['configurations']['ranger-env']
+
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_hdfs:
+ external_admin_username = default('/configurations/ranger-hdfs-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-hdfs-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-hdfs-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-hdfs-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-hdfs-plugin-properties']
+ policy_user = config['configurations']['ranger-hdfs-plugin-properties']['policy_user']
+ repo_config_password = config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+
xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- repo_config_password = unicode(config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+
+ downloaded_custom_connector = None
previous_jdbc_jar_name = None
+ driver_curl_source = None
+ driver_curl_target = None
+ previous_jdbc_jar = None
+
+ # to get db connector related properties
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
- if stack_supports_ranger_audit_db:
-
- if xa_audit_db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_target = format("{hadoop_lib_home}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- previous_jdbc_jar = format("{hadoop_lib_home}/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
-
- sql_connector_jar = ''
+ downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_target = format("{hadoop_lib_home}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ previous_jdbc_jar = format("{hadoop_lib_home}/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ sql_connector_jar = ''
hdfs_ranger_plugin_config = {
'username': repo_config_username,
@@ -505,6 +510,7 @@ if has_ranger_admin:
'repositoryType': 'hdfs',
'assetType': '1'
}
+
if stack_supports_ranger_kerberos and security_enabled:
hdfs_ranger_plugin_config['policy.download.auth.users'] = hdfs_user
hdfs_ranger_plugin_config['tag.download.auth.users'] = hdfs_user
@@ -521,14 +527,16 @@ if has_ranger_admin:
}
xa_audit_db_is_enabled = False
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
if xml_configurations_supported and stack_supports_ranger_audit_db:
xa_audit_db_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.destination.db']
- xa_audit_hdfs_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None
- ssl_keystore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
+ xa_audit_hdfs_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else False
+ ssl_keystore_password = config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla':
xa_audit_db_is_enabled = False
+
+# ranger hdfs plugin section end
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
index e3aff9d..47c6e35 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
@@ -29,8 +29,7 @@ from resource_management.libraries.functions.format import format
def setup_ranger_hdfs(upgrade_type=None):
import params
- if params.has_ranger_admin:
-
+ if params.enable_ranger_hdfs:
stack_version = None
@@ -93,29 +92,28 @@ def setup_ranger_hdfs(upgrade_type=None):
target_file = source_file + ".bak"
Execute(("mv", source_file, target_file), sudo=True, only_if=format("test -f {source_file}"))
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Hdfs plugin is not enabled')
def create_ranger_audit_hdfs_directories():
import params
- if params.has_ranger_admin:
- if params.xml_configurations_supported and params.enable_ranger_hdfs and params.xa_audit_hdfs_is_enabled:
- params.HdfsResource("/ranger/audit",
- type="directory",
- action="create_on_execute",
- owner=params.hdfs_user,
- group=params.hdfs_user,
- mode=0755,
- recursive_chmod=True,
- )
- params.HdfsResource("/ranger/audit/hdfs",
- type="directory",
- action="create_on_execute",
- owner=params.hdfs_user,
- group=params.hdfs_user,
- mode=0700,
- recursive_chmod=True,
- )
- params.HdfsResource(None, action="execute")
+ if params.enable_ranger_hdfs and params.xml_configurations_supported and params.xa_audit_hdfs_is_enabled:
+ params.HdfsResource("/ranger/audit",
+ type="directory",
+ action="create_on_execute",
+ owner=params.hdfs_user,
+ group=params.hdfs_user,
+ mode=0755,
+ recursive_chmod=True,
+ )
+ params.HdfsResource("/ranger/audit/hdfs",
+ type="directory",
+ action="create_on_execute",
+ owner=params.hdfs_user,
+ group=params.hdfs_user,
+ mode=0700,
+ recursive_chmod=True,
+ )
+ params.HdfsResource(None, action="execute")
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Hdfs plugin is not enabled')
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
index c55287e..ba347b8 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
@@ -43,6 +43,7 @@ from resource_management.libraries.functions.expect import expect
from resource_management.libraries import functions
from resource_management.libraries.functions.setup_atlas_hook import has_atlas_in_cluster
from ambari_commons.ambari_metrics_helper import select_metric_collector_hosts_from_hostnames
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
# Default log4j version; put config files under /etc/hive/conf
log4j_version = '1'
@@ -640,84 +641,85 @@ if has_hive_interactive:
hive_server2_zookeeper_namespace = config['configurations']['hive-site']['hive.server2.zookeeper.namespace']
hive_zookeeper_quorum = config['configurations']['hive-site']['hive.zookeeper.quorum']
-# ranger host
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-
-#ranger hive properties
-policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
-if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
-xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
-xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
-xa_db_host = config['configurations']['admin-properties']['db_host']
-repo_name = str(config['clusterName']) + '_hive'
-repo_name_value = config['configurations']['ranger-hive-security']['ranger.plugin.hive.service.name']
-if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
-
-jdbc_driver_class_name = config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName']
-common_name_for_certificate = config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate']
-
-repo_config_username = config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-
-ranger_env = config['configurations']['ranger-env']
-ranger_plugin_properties = config['configurations']['ranger-hive-plugin-properties']
-policy_user = config['configurations']['ranger-hive-plugin-properties']['policy_user']
+if security_enabled:
+ hive_principal = hive_server_principal.replace('_HOST',hostname.lower())
+ hive_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
hive_cluster_token_zkstore = default("/configurations/hive-site/hive.cluster.delegation.token.store.zookeeper.znode", None)
jaas_file = os.path.join(hive_config_dir, 'zkmigrator_jaas.conf')
zkdtsm_pattern = '/zkdtsm_*'
hive_zk_namespace = default("/configurations/hive-site/hive.zookeeper.namespace", None)
-if security_enabled:
- hive_principal = hive_server_principal.replace('_HOST',hostname.lower())
- hive_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
+# ranger hive plugin section start
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
-#For curl command in ranger plugin to get db connector
-if has_ranger_admin:
- enable_ranger_hive = (config['configurations']['hive-env']['hive_security_authorization'].lower() == 'ranger')
- repo_config_password = unicode(config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+# ranger hive plugin enabled property
+enable_ranger_hive = config['configurations']['hive-env']['hive_security_authorization'].lower() == 'ranger'
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# get ranger hive properties if enable_ranger_hive is True
+if enable_ranger_hive:
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if xml_configurations_supported:
+ policymgr_mgr_url = config['configurations']['ranger-hive-security']['ranger.plugin.hive.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+
+ # ranger audit db user
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
+ # ranger hive service name
+ repo_name = str(config['clusterName']) + '_hive'
+ repo_name_value = config['configurations']['ranger-hive-security']['ranger.plugin.hive.service.name']
+ if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+
+ jdbc_driver_class_name = config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName']
+ common_name_for_certificate = config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate']
+ repo_config_username = config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+
+ # ranger-env config
+ ranger_env = config['configurations']['ranger-env']
+
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_hive:
+ external_admin_username = default('/configurations/ranger-hive-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-hive-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-hive-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-hive-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-hive-plugin-properties']
+ policy_user = config['configurations']['ranger-hive-plugin-properties']['policy_user']
+ repo_config_password = config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+
+ ranger_downloaded_custom_connector = None
ranger_previous_jdbc_jar_name = None
+ ranger_driver_curl_source = None
+ ranger_driver_curl_target = None
+ ranger_previous_jdbc_jar = None
+
+ # to get db connector related properties
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ ranger_jdbc_jar_name, ranger_previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql':
- ranger_jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- ranger_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle':
- ranger_jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- ranger_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres':
- ranger_jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- ranger_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql':
- ranger_jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- ranger_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla':
- ranger_jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- ranger_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- ranger_driver_curl_target = format("{hive_lib}/{ranger_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- ranger_previous_jdbc_jar = format("{hive_lib}/{ranger_previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- sql_connector_jar = ''
+ ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}")
+ ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}")
+ ranger_driver_curl_target = format("{hive_lib}/{ranger_jdbc_jar_name}")
+ ranger_previous_jdbc_jar = format("{hive_lib}/{ranger_previous_jdbc_jar_name}")
+ sql_connector_jar = ''
ranger_hive_url = format("{hive_url}/default;principal={hive_principal}") if security_enabled else hive_url
if stack_supports_ranger_hive_jdbc_url_change:
@@ -756,20 +758,21 @@ if has_ranger_admin:
'type': 'hive'
}
+ xa_audit_db_password = ''
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
xa_audit_db_is_enabled = False
- xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
if xml_configurations_supported and stack_supports_ranger_audit_db:
xa_audit_db_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.destination.db']
- xa_audit_hdfs_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None
- ssl_keystore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
+ xa_audit_hdfs_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else False
+ ssl_keystore_password = config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla':
xa_audit_db_is_enabled = False
+# ranger hive plugin section end
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
index 81a4e3e..80bd7c8 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
@@ -22,7 +22,7 @@ from resource_management.core.logger import Logger
def setup_ranger_hive(upgrade_type = None):
import params
- if params.has_ranger_admin:
+ if params.enable_ranger_hive:
stack_version = None
@@ -34,7 +34,7 @@ def setup_ranger_hive(upgrade_type = None):
else:
Logger.info("Hive: Setup ranger: command retry not enabled thus skipping if ranger admin is down !")
- if params.xml_configurations_supported and params.enable_ranger_hive and params.xa_audit_hdfs_is_enabled:
+ if params.xml_configurations_supported and params.xa_audit_hdfs_is_enabled:
params.HdfsResource("/ranger/audit",
type="directory",
action="create_on_execute",
@@ -95,4 +95,4 @@ def setup_ranger_hive(upgrade_type = None):
ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password,
stack_version_override = stack_version, skip_if_rangeradmin_down= not params.retryAble)
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Hive plugin is not enabled')
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
index 82849c8..6c7ff69 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
@@ -34,6 +34,7 @@ from resource_management.libraries.functions import stack_select
from resource_management.libraries.functions import conf_select
from resource_management.libraries.functions import get_kinit_path
from resource_management.libraries.functions.get_not_managed_resources import get_not_managed_resources
+from resource_management.libraries.functions.setup_ranger_plugin_xml import get_audit_configs
# server configurations
config = Script.get_config()
@@ -166,41 +167,66 @@ else:
kafka_jaas_principal = None
kafka_keytab_path = None
-# *********************** RANGER PLUGIN CHANGES ***********************
+# for curl command in ranger plugin to get db connector
+jdk_location = config['hostLevelParams']['jdk_location']
+
+# ranger kafka plugin section start
+
# ranger host
-# **********************************************************************
ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
has_ranger_admin = not len(ranger_admin_hosts) == 0
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
+
+# ranger support xml_configuration flag, instead of depending on ranger xml_configurations_supported/ranger-env, using stack feature
+xml_configurations_supported = check_stack_feature(StackFeature.RANGER_XML_CONFIGURATION, version_for_stack_feature_checks)
+
+# ambari-server hostname
ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
ranger_admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir","/var/log/ranger/admin")
-is_supported_kafka_ranger = config['configurations']['kafka-env']['is_supported_kafka_ranger']
-#ranger kafka properties
-if has_ranger_admin and is_supported_kafka_ranger:
+# ranger kafka plugin enabled property
+enable_ranger_kafka = default("configurations/ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled", "No")
+enable_ranger_kafka = True if enable_ranger_kafka.lower() == 'yes' else False
- enable_ranger_kafka = config['configurations']['ranger-kafka-plugin-properties']['ranger-kafka-plugin-enabled']
- enable_ranger_kafka = not is_empty(enable_ranger_kafka) and enable_ranger_kafka.lower() == 'yes'
- policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
- if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+# ranger kafka-plugin supported flag, instead of dependending on is_supported_kafka_ranger/kafka-env.xml, using stack feature
+is_supported_kafka_ranger = check_stack_feature(StackFeature.KAFKA_RANGER_PLUGIN_SUPPORT, version_for_stack_feature_checks)
+
+# ranger kafka properties
+if enable_ranger_kafka and is_supported_kafka_ranger:
+ # get ranger policy url
+ policymgr_mgr_url = config['configurations']['ranger-kafka-security']['ranger.plugin.kafka.policy.rest.url']
+
+ if not is_empty(policymgr_mgr_url) and policymgr_mgr_url.endswith('/'):
policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
- xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
- xa_audit_db_flavor = xa_audit_db_flavor.lower() if xa_audit_db_flavor else None
- xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+
+ # ranger audit db user
xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+
xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
- xa_db_host = config['configurations']['admin-properties']['db_host']
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db and has_ranger_admin:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+
+ # ranger kafka service/repository name
repo_name = str(config['clusterName']) + '_kafka'
repo_name_value = config['configurations']['ranger-kafka-security']['ranger.plugin.kafka.service.name']
if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
repo_name = repo_name_value
ranger_env = config['configurations']['ranger-env']
- ranger_plugin_properties = config['configurations']['ranger-kafka-plugin-properties']
+ # create ranger-env config having external ranger credential properties
+ if not has_ranger_admin and enable_ranger_kafka:
+ external_admin_username = default('/configurations/ranger-kafka-plugin-properties/external_admin_username', 'admin')
+ external_admin_password = default('/configurations/ranger-kafka-plugin-properties/external_admin_password', 'admin')
+ external_ranger_admin_username = default('/configurations/ranger-kafka-plugin-properties/external_ranger_admin_username', 'amb_ranger_admin')
+ external_ranger_admin_password = default('/configurations/ranger-kafka-plugin-properties/external_ranger_admin_password', 'amb_ranger_admin')
+ ranger_env = {}
+ ranger_env['admin_username'] = external_admin_username
+ ranger_env['admin_password'] = external_admin_password
+ ranger_env['ranger_admin_username'] = external_ranger_admin_username
+ ranger_env['ranger_admin_password'] = external_ranger_admin_password
+
+ ranger_plugin_properties = config['configurations']['ranger-kafka-plugin-properties']
ranger_kafka_audit = config['configurations']['ranger-kafka-audit']
ranger_kafka_audit_attrs = config['configuration_attributes']['ranger-kafka-audit']
ranger_kafka_security = config['configurations']['ranger-kafka-security']
@@ -212,7 +238,7 @@ if has_ranger_admin and is_supported_kafka_ranger:
ranger_plugin_config = {
'username' : config['configurations']['ranger-kafka-plugin-properties']['REPOSITORY_CONFIG_USERNAME'],
- 'password' : unicode(config['configurations']['ranger-kafka-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']),
+ 'password' : config['configurations']['ranger-kafka-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'],
'zookeeper.connect' : config['configurations']['ranger-kafka-plugin-properties']['zookeeper.connect'],
'commonNameForCertificate' : config['configurations']['ranger-kafka-plugin-properties']['common.name.for.certificate']
}
@@ -232,64 +258,40 @@ if has_ranger_admin and is_supported_kafka_ranger:
ranger_plugin_config['tag.download.auth.users'] = kafka_user
ranger_plugin_config['ambari.service.check.user'] = policy_user
- #For curl command in ranger plugin to get db connector
- jdk_location = config['hostLevelParams']['jdk_location']
- java_share_dir = '/usr/share/java'
+ downloaded_custom_connector = None
previous_jdbc_jar_name = None
+ driver_curl_source = None
+ driver_curl_target = None
+ previous_jdbc_jar = None
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- driver_curl_target = format("{kafka_home}/libs/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
- previous_jdbc_jar = format("{kafka_home}/libs/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ if has_ranger_admin and stack_supports_ranger_audit_db:
+ xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+ jdbc_jar_name, previous_jdbc_jar_name, audit_jdbc_url, jdbc_driver = get_audit_configs(config)
+
+ downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ driver_curl_target = format("{kafka_home}/libs/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+ previous_jdbc_jar = format("{kafka_home}/libs/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
xa_audit_db_is_enabled = False
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
if xml_configurations_supported and stack_supports_ranger_audit_db:
xa_audit_db_is_enabled = config['configurations']['ranger-kafka-audit']['xasecure.audit.destination.db']
+
xa_audit_hdfs_is_enabled = default('/configurations/ranger-kafka-audit/xasecure.audit.destination.hdfs', False)
- ssl_keystore_password = unicode(config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
- ssl_truststore_password = unicode(config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
- credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
+ ssl_keystore_password = config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'] if xml_configurations_supported else None
+ ssl_truststore_password = config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'] if xml_configurations_supported else None
+ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
stack_version = get_stack_version('kafka-broker')
setup_ranger_env_sh_source = format('{stack_root}/{stack_version}/ranger-kafka-plugin/install/conf.templates/enable/kafka-ranger-env.sh')
setup_ranger_env_sh_target = format("{conf_dir}/kafka-ranger-env.sh")
- #For SQLA explicitly disable audit to DB for Ranger
- if xa_audit_db_flavor == 'sqla':
+ # for SQLA explicitly disable audit to DB for Ranger
+ if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla':
xa_audit_db_is_enabled = False
+# ranger kafka plugin section end
+
namenode_hosts = default("/clusterHostInfo/namenode_host", [])
has_namenode = not len(namenode_hosts) == 0
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/setup_ranger_kafka.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/setup_ranger_kafka.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/setup_ranger_kafka.py
index 528dec2..e9719aa 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/setup_ranger_kafka.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/setup_ranger_kafka.py
@@ -22,7 +22,7 @@ from resource_management.libraries.functions.setup_ranger_plugin_xml import setu
def setup_ranger_kafka():
import params
- if params.has_ranger_admin:
+ if params.enable_ranger_kafka:
from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin
@@ -87,4 +87,4 @@ def setup_ranger_kafka():
else:
Logger.info("Stack does not support core-site.xml creation for Ranger plugin, skipping core-site.xml configurations")
else:
- Logger.info('Ranger admin not installed')
+ Logger.info('Ranger Kafka plugin is not enabled')
[2/4] ambari git commit: AMBARI-19044 Install & configure Ranger
plugin components independently of Ranger admin components (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index d07134e..d1a76cc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -452,14 +452,6 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
if webhcat_queue is not None:
putWebhcatSiteProperty("templeton.hadoop.queue.name", webhcat_queue)
-
- # Recommend Ranger Hive authorization as per Ranger Hive plugin property
- if "ranger-env" in services["configurations"] and "hive-env" in services["configurations"] and \
- "ranger-hive-plugin-enabled" in services["configurations"]["ranger-env"]["properties"]:
- rangerEnvHivePluginProperty = services["configurations"]["ranger-env"]["properties"]["ranger-hive-plugin-enabled"]
- if (rangerEnvHivePluginProperty.lower() == "yes"):
- putHiveEnvProperty("hive_security_authorization", "RANGER")
-
# Security
if ("configurations" not in services) or ("hive-env" not in services["configurations"]) or \
("properties" not in services["configurations"]["hive-env"]) or \
@@ -1178,9 +1170,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateHDFSRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-hdfs-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-hdfs-plugin-enabled'] if ranger_plugin_properties else 'No'
- if (ranger_plugin_enabled.lower() == 'yes'):
+ if 'RANGER' in servicesList and (ranger_plugin_enabled.lower() == 'yes'):
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-hdfs-plugin-enabled' in ranger_env or \
@@ -1410,6 +1403,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
validationItems = []
hive_env = properties
hive_site = getSiteProperties(configurations, "hive-site")
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
if "hive_security_authorization" in hive_env and \
str(hive_env["hive_security_authorization"]).lower() == "none" \
and str(hive_site["hive.security.authorization.enabled"]).lower() == "true":
@@ -1419,12 +1413,13 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
if "hive_security_authorization" in hive_env and \
str(hive_env["hive_security_authorization"]).lower() == "ranger":
# ranger-hive-plugin must be enabled in ranger-env
- ranger_env = getServicesSiteProperties(services, 'ranger-env')
- if not ranger_env or not 'ranger-hive-plugin-enabled' in ranger_env or \
- ranger_env['ranger-hive-plugin-enabled'].lower() != 'yes':
- validationItems.append({"config-name": 'hive_security_authorization',
- "item": self.getWarnItem(
- "ranger-env/ranger-hive-plugin-enabled must be enabled when hive_security_authorization is set to Ranger")})
+ if 'RANGER' in servicesList:
+ ranger_env = getServicesSiteProperties(services, 'ranger-env')
+ if not ranger_env or not 'ranger-hive-plugin-enabled' in ranger_env or \
+ ranger_env['ranger-hive-plugin-enabled'].lower() != 'yes':
+ validationItems.append({"config-name": 'hive_security_authorization',
+ "item": self.getWarnItem(
+ "ranger-env/ranger-hive-plugin-enabled must be enabled when hive_security_authorization is set to Ranger")})
return self.toConfigurationValidationProblems(validationItems, "hive-env")
def validateHiveConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
@@ -1578,9 +1573,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateHBASERangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-hbase-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-hbase-plugin-enabled'] if ranger_plugin_properties else 'No'
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-hbase-plugin-enabled' in ranger_env or \
@@ -1592,9 +1588,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateKnoxRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-knox-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-knox-plugin-enabled'] if ranger_plugin_properties else 'No'
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-knox-plugin-enabled' in ranger_env or \
@@ -1610,7 +1607,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
ranger_plugin_enabled = ranger_plugin_properties['ranger-kafka-plugin-enabled'] if ranger_plugin_properties else 'No'
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
security_enabled = self.isSecurityEnabled(services)
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-kafka-plugin-enabled' in ranger_env or \
@@ -1631,7 +1628,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
ranger_plugin_enabled = ranger_plugin_properties['ranger-storm-plugin-enabled'] if ranger_plugin_properties else 'No'
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
security_enabled = self.isSecurityEnabled(services)
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-storm-plugin-enabled' in ranger_env or \
@@ -1664,9 +1661,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateYARNRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-yarn-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-yarn-plugin-enabled'] if ranger_plugin_properties else 'No'
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-yarn-plugin-enabled' in ranger_env or \
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
index 85c16c8..f670d7e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hbase/audit/db/spool</value>
<description>/var/log/hbase/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hbase/audit/hdfs/spool</value>
<description>/var/log/hbase/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hbase/audit/solr/spool</value>
<description>/var/log/hbase/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
index c761b26..79370bc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hbase-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hbase-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
index 1deb9e5..0ad5e60 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
@@ -23,37 +23,43 @@
<name>ranger.plugin.hbase.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing HBase policies</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.hbase.policy.rest.ssl.config.file</name>
<value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.hbase.update.xapolicies.on.grant.revoke</name>
@@ -63,6 +69,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
index 71ba3a6..e14a9e8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
index cfd8a4f..b2b8edb 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
@@ -23,42 +23,48 @@
<name>ranger.plugin.hdfs.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing Hdfs policies</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.hdfs.policy.rest.ssl.config.file</name>
<value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.add-hadoop-authorization</name>
<value>true</value>
<description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
index b210fca..874d0d5 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hive/audit/db/spool</value>
<description>/var/log/hive/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hive/audit/hdfs/spool</value>
<description>/var/log/hive/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hive/audit/solr/spool</value>
<description>/var/log/hive/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
index a538843..14e7b16 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hive-server2/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hive-server2/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
index ce4074a..a07972a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
@@ -23,37 +23,43 @@
<name>ranger.plugin.hive.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this HIVE instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.hive.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/hive-server2/conf/conf.server/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.hive.update.xapolicies.on.grant.revoke</name>
@@ -63,6 +69,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
index 24fd407..2f4c121 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
@@ -23,12 +23,12 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/kafka-broker/config/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/kafka-broker/config/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
index 1f3c1d1..abdf2bd 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/knox/audit/db/spool</value>
<description>/var/log/knox/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/knox/audit/hdfs/spool</value>
<description>/var/log/knox/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/knox/audit/solr/spool</value>
<description>/var/log/knox/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
index bb0878f..6cc2351 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/knox-server/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/knox-server/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
index 9bd1079..0f0d3a7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
@@ -23,36 +23,42 @@
<name>ranger.plugin.knox.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this Knox instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminJersey2RESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.knox.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/knox-server/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
index 5672f04..21658e7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
@@ -23,12 +23,12 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/storm-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/storm-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
index f3d7530..8a3dd2e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
@@ -23,6 +23,6 @@
<name>ranger.plugin.storm.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/storm-client/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
index a6b1baa..8237f1c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/db/spool</value>
<description>/var/log/hadoop/yarn/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/hdfs/spool</value>
<description>/var/log/hadoop/yarn/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/solr/spool</value>
<description>/var/log/hadoop/yarn/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
index 97867cc..1899d44 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
@@ -24,7 +24,7 @@
<value>ambari-qa</value>
<display-name>Policy user for YARN</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>hadoop.rpc.protection</name>
@@ -33,7 +33,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>common.name.for.certificate</name>
@@ -42,7 +42,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger-yarn-plugin-enabled</name>
@@ -59,14 +59,14 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>yarn</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -77,6 +77,6 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
index 5410104..6ad6e62 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
index 5f69962..3c0b29f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
@@ -23,36 +23,42 @@
<name>ranger.plugin.yarn.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this Yarn instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.yarn.policy.rest.ssl.config.file</name>
<value>/etc/hadoop/conf/ranger-policymgr-ssl-yarn.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index d986f1a..03bbdbe 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -777,6 +777,40 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port']
putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port))
+ required_services = [
+ {'service_name': 'HDFS', 'config_type': 'ranger-hdfs-security'},
+ {'service_name': 'YARN', 'config_type': 'ranger-yarn-security'},
+ {'service_name': 'HBASE', 'config_type': 'ranger-hbase-security'},
+ {'service_name': 'HIVE', 'config_type': 'ranger-hive-security'},
+ {'service_name': 'KNOX', 'config_type': 'ranger-knox-security'},
+ {'service_name': 'KAFKA', 'config_type': 'ranger-kafka-security'},
+ {'service_name': 'RANGER_KMS','config_type': 'ranger-kms-security'},
+ {'service_name': 'STORM', 'config_type': 'ranger-storm-security'}
+ ]
+
+ # recommendation for ranger url for ranger-supported plugins
+ self.recommendRangerUrlConfigurations(configurations, services, required_services)
+
+ def recommendRangerUrlConfigurations(self, configurations, services, requiredServices):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+
+ policymgr_external_url = ""
+ if 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties']:
+ if 'admin-properties' in configurations and 'policymgr_external_url' in configurations['admin-properties']['properties']:
+ policymgr_external_url = configurations['admin-properties']['properties']['policymgr_external_url']
+ else:
+ policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url']
+
+ for index in range(len(requiredServices)):
+ if requiredServices[index]['service_name'] in servicesList:
+ component_config_type = requiredServices[index]['config_type']
+ component_name = requiredServices[index]['service_name']
+ component_config_property = 'ranger.plugin.{0}.policy.rest.url'.format(component_name.lower())
+ if requiredServices[index]['service_name'] == 'RANGER_KMS':
+ component_config_property = 'ranger.plugin.kms.policy.rest.url'
+ putRangerSecurityProperty = self.putProperty(configurations, component_config_type, services)
+ if component_config_type in services["configurations"] and component_config_property in services["configurations"][component_config_type]["properties"]:
+ putRangerSecurityProperty(component_config_property, policymgr_external_url)
def recommendYARNConfigurations(self, configurations, clusterData, services, hosts):
super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts)
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
index 36677a1..efeea5f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
@@ -78,7 +78,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -94,7 +94,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -107,7 +107,7 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
index fd623cb..977127c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
@@ -26,7 +26,7 @@
<display-name>Policy user for Atlas</display-name>
<description>This user must be system user and also present at Ranger
admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -36,7 +36,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -54,7 +54,7 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -63,7 +63,7 @@
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin
</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -76,7 +76,55 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
index dcffb63..349c829 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
@@ -24,7 +24,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/atlas-server/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -35,14 +35,14 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/atlas-server/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -53,21 +53,21 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
index ea0a026..c5588d1 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
@@ -23,49 +23,55 @@
<name>ranger.plugin.atlas.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing Atlas policies</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.atlas.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/atlas-server/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.add-hadoop-authorization</name>
<value>true</value>
<description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
index 77f7be2..953e42e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
@@ -26,6 +26,54 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false" />
+ <on-ambari-upgrade add="true" />
+ </property>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
index 1d1b0c2..640234b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
@@ -23,6 +23,6 @@
<name>ranger.plugin.hive.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/{{ranger_hive_component}}/conf/conf.server/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file