You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/10/19 15:54:03 UTC
[17/50] [abbrv] ambari git commit: AMBARI-13438. Ranger Audit
properties for all services should be recommended to be same as in ranger
service. (jaimin)
AMBARI-13438. Ranger Audit properties for all services should be recommended to be same as in ranger service. (jaimin)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d834d3a3
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d834d3a3
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d834d3a3
Branch: refs/heads/branch-dev-patch-upgrade
Commit: d834d3a3756d42def793aa487e6abab8c27297c6
Parents: 86fb757
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Thu Oct 15 16:45:23 2015 -0700
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Thu Oct 15 17:23:32 2015 -0700
----------------------------------------------------------------------
.../RANGER/0.4.0/configuration/ranger-env.xml | 20 +++---
.../stacks/HDP/2.0.6/services/stack_advisor.py | 33 +++++++++
.../HBASE/configuration/ranger-hbase-audit.xml | 43 +++++++++++-
.../HDFS/configuration/ranger-hdfs-audit.xml | 43 +++++++++++-
.../HIVE/configuration/ranger-hive-audit.xml | 43 +++++++++++-
.../KAFKA/configuration/ranger-kafka-audit.xml | 45 +++++++++++-
.../KNOX/configuration/ranger-knox-audit.xml | 43 +++++++++++-
.../RANGER/configuration/ranger-admin-site.xml | 10 ++-
.../RANGER/configuration/ranger-env.xml | 32 +++++----
.../RANGER/configuration/ranger-ugsync-site.xml | 8 +--
.../services/RANGER/themes/theme_version_2.json | 72 ++++++++++----------
.../STORM/configuration/ranger-storm-audit.xml | 43 +++++++++++-
.../YARN/configuration/ranger-yarn-audit.xml | 43 +++++++++++-
.../stacks/HDP/2.3/services/stack_advisor.py | 47 +++++++++++++
.../stacks/2.0.6/common/test_stack_advisor.py | 65 ++++++++++++++++++
15 files changed, 510 insertions(+), 80 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml
index 0a2a3db..59b7d9e 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml
@@ -116,11 +116,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -138,11 +138,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -160,11 +160,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -182,11 +182,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -204,11 +204,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
index 9bb21ea..7fb9884 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
@@ -483,6 +483,18 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
pass
+ def getHostNamesWithComponent(self, serviceName, componentName, services):
+ """
+ Returns the list of hostnames on which service component is installed
+ """
+ if services is not None and serviceName in [service["StackServices"]["service_name"] for service in services["services"]]:
+ service = [serviceEntry for serviceEntry in services["services"] if serviceEntry["StackServices"]["service_name"] == serviceName][0]
+ components = [componentEntry for componentEntry in service["components"] if componentEntry["StackServiceComponents"]["component_name"] == componentName]
+ if (len(components) > 0 and len(components[0]["StackServiceComponents"]["hostnames"]) > 0):
+ componentHostnames = components[0]["StackServiceComponents"]["hostnames"]
+ return componentHostnames
+ return []
+
def getHostsWithComponent(self, serviceName, componentName, services, hosts):
if services is not None and hosts is not None and serviceName in [service["StackServices"]["service_name"] for service in services["services"]]:
service = [serviceEntry for serviceEntry in services["services"] if serviceEntry["StackServices"]["service_name"] == serviceName][0]
@@ -508,6 +520,27 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
and hostname in componentEntry["StackServiceComponents"]["hostnames"]])
return components
+ def getZKHostPortString(self, services):
+ """
+ Returns the comma delimited string of zookeeper server host with the configure port installed in a cluster
+ Example: zk.host1.org:2181,zk.host2.org:2181,zk.host3.org:2181
+ """
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ include_zookeeper = "ZOOKEEPER" in servicesList
+ zookeeper_host_port = ''
+
+ if include_zookeeper:
+ zookeeper_hosts = self.getHostNamesWithComponent("ZOOKEEPER", "ZOOKEEPER_SERVER", services)
+ zookeeper_port = 2181 #default port
+ if 'zoo.cfg' in services['configurations'] and ('clientPort' in services['configurations']['zoo.cfg']['properties']):
+ zookeeper_port = services['configurations']['zoo.cfg']['properties']['clientPort']
+
+ zookeeper_host_port_arr = []
+ for i in range(len(zookeeper_hosts)):
+ zookeeper_host_port_arr.append(zookeeper_hosts[i] + ':' + zookeeper_port)
+ zookeeper_host_port = ",".join(zookeeper_host_port_arr)
+ return zookeeper_host_port
+
def getConfigurationClusterSummary(self, servicesList, hosts, components, services):
hBaseInstalled = False
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
index a45414d..0de24b6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -103,18 +121,39 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
index aba0357..888b135 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -103,18 +121,39 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
index c22d5ee..0610dd1 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -103,18 +121,39 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
index b181f29..3ba44e6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -97,24 +115,45 @@
<property>
<name>xasecure.audit.destination.solr</name>
- <value>true</value>
+ <value>false</value>
<display-name>Audit to SOLR</display-name>
<description>Is Solr audit enabled?</description>
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
index cce87e3..07f1adf 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -103,18 +121,39 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
index 6d48ca5..0a246a6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
@@ -418,8 +418,14 @@
<property>
<name>ranger.audit.solr.zookeepers</name>
- <value></value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>zoo.cfg</type>
+ <name>clientPort</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -430,7 +436,7 @@
<property>
<name>ranger.audit.solr.password</name>
- <value></value>
+ <value>NONE</value>
<property-type>PASSWORD</property-type>
<description>Solr password</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml
index 1ca8a65..0f1c837 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml
@@ -106,11 +106,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -128,11 +128,11 @@
<entries>
<entry>
<value>Yes</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>No</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -150,11 +150,11 @@
<entries>
<entry>
<value>true</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>false</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -172,11 +172,11 @@
<entries>
<entry>
<value>true</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>false</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -194,11 +194,11 @@
<entries>
<entry>
<value>true</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>false</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -217,11 +217,11 @@
<entries>
<entry>
<value>true</value>
- <label>Enabled</label>
+ <label>ON</label>
</entry>
<entry>
<value>false</value>
- <label>Disabled</label>
+ <label>OFF</label>
</entry>
</entries>
<selection-cardinality>1</selection-cardinality>
@@ -230,9 +230,15 @@
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
- <value>hdfs://localhost:8020/ranger/audit</value>
+ <value>hdfs://localhost:8020</value>
<display-name>Destination HDFS Directory</display-name>
<description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
index f180957..c8bd2db 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -65,7 +65,7 @@
<property>
<name>ranger.usersync.enabled</name>
<display-name>Enable User Sync</display-name>
- <value>true</value>
+ <value>false</value>
<description>Usersync enabled?</description>
<value-attributes>
<empty-value-valid>true</empty-value-valid>
@@ -185,8 +185,8 @@
<property>
<name>ranger.usersync.ldap.binddn</name>
<display-name>​Bind User</display-name>
- <value>cn=admin,dc=xasecure,dc=net</value>
- <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+ <value></value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. Example: cn=admin,dc=xasecure,dc=net</description>
</property>
<property>
@@ -263,7 +263,7 @@
<property>
<name>ranger.usersync.ldap.user.nameattribute</name>
<display-name>Username Attribute</display-name>
- <value>cn</value>
+ <value></value>
<description>LDAP user name attribute</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
index 6fe7e90..187942c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
@@ -272,43 +272,36 @@
"tab-rows": "2",
"sections": [
{
- "name": "section-ranger-audit-db",
- "display-name": "Audit to DB",
+ "name": "section-ranger-audit-solr",
+ "display-name": "Audit to Solr",
"row-index": "0",
"column-index": "0",
"row-span": "1",
- "column-span": "2",
- "section-columns": "2",
+ "column-span": "1",
+ "section-columns": "1",
"section-rows": "1",
"subsections": [
{
- "name": "subsection-ranger-audit-db-row1-col1",
+ "name": "subsection-ranger-solr-row1-col1",
"row-index": "0",
"column-index": "0",
"row-span": "1",
"column-span": "1"
- },
- {
- "name": "subsection-ranger-audit-db-row1-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
}
]
},
{
- "name": "section-ranger-audit-solr",
- "display-name": "Audit to Solr",
- "row-index": "1",
- "column-index": "0",
+ "name": "section-ranger-audit-hdfs",
+ "display-name": "Audit to HDFS",
+ "row-index": "0",
+ "column-index": "1",
"row-span": "1",
"column-span": "1",
"section-columns": "1",
"section-rows": "1",
"subsections": [
{
- "name": "subsection-ranger-solr-row2-col1",
+ "name": "subsection-ranger-hdfs-row1-col2",
"row-index": "0",
"column-index": "0",
"row-span": "1",
@@ -317,21 +310,28 @@
]
},
{
- "name": "section-ranger-audit-hdfs",
- "display-name": "Audit to HDFS",
+ "name": "section-ranger-audit-db",
+ "display-name": "Audit to DB",
"row-index": "1",
- "column-index": "1",
+ "column-index": "0",
"row-span": "1",
- "column-span": "1",
- "section-columns": "1",
+ "column-span": "2",
+ "section-columns": "2",
"section-rows": "1",
"subsections": [
{
- "name": "subsection-ranger-hdfs-row2-col2",
+ "name": "subsection-ranger-audit-db-row2-col1",
"row-index": "0",
"column-index": "0",
"row-span": "1",
"column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-audit-db-row2-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
}
]
}
@@ -1006,27 +1006,27 @@
},
{
"config": "ranger-env/xasecure.audit.destination.db",
- "subsection-name": "subsection-ranger-audit-db-row1-col1"
+ "subsection-name": "subsection-ranger-audit-db-row2-col1"
},
{
"config": "admin-properties/audit_db_user",
- "subsection-name": "subsection-ranger-audit-db-row1-col1"
+ "subsection-name": "subsection-ranger-audit-db-row2-col1"
},
{
"config": "admin-properties/audit_db_name",
- "subsection-name": "subsection-ranger-audit-db-row1-col2"
+ "subsection-name": "subsection-ranger-audit-db-row2-col2"
},
{
"config": "admin-properties/audit_db_password",
- "subsection-name": "subsection-ranger-audit-db-row1-col2"
+ "subsection-name": "subsection-ranger-audit-db-row2-col2"
},
{
"config": "ranger-env/xasecure.audit.destination.solr",
- "subsection-name": "subsection-ranger-solr-row2-col1"
+ "subsection-name": "subsection-ranger-solr-row1-col1"
},
{
"config": "ranger-env/is_solrCloud_enabled",
- "subsection-name": "subsection-ranger-solr-row2-col1",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
"depends-on": [
{
"configs":[
@@ -1048,7 +1048,7 @@
},
{
"config": "ranger-admin-site/ranger.audit.solr.urls",
- "subsection-name": "subsection-ranger-solr-row2-col1",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
"depends-on": [
{
"configs":[
@@ -1071,7 +1071,7 @@
},
{
"config": "ranger-admin-site/ranger.audit.solr.zookeepers",
- "subsection-name": "subsection-ranger-solr-row2-col1",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
"depends-on": [
{
"configs":[
@@ -1094,7 +1094,7 @@
},
{
"config": "ranger-admin-site/ranger.audit.solr.username",
- "subsection-name": "subsection-ranger-solr-row2-col1",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
"depends-on": [
{
"configs":[
@@ -1116,7 +1116,7 @@
},
{
"config": "ranger-admin-site/ranger.audit.solr.password",
- "subsection-name": "subsection-ranger-solr-row2-col1",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
"depends-on": [
{
"configs":[
@@ -1138,11 +1138,11 @@
},
{
"config": "ranger-env/xasecure.audit.destination.hdfs",
- "subsection-name": "subsection-ranger-hdfs-row2-col2"
+ "subsection-name": "subsection-ranger-hdfs-row1-col2"
},
{
"config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "subsection-name": "subsection-ranger-hdfs-row2-col2",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2",
"depends-on": [
{
"configs":[
@@ -1516,7 +1516,7 @@
{
"config": "ranger-admin-site/ranger.audit.solr.password",
"widget": {
- "type": "password"
+ "type": "text-field"
}
},
{
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
index 6c2d7c8..c04ba74 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -103,18 +121,39 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
index 71c8cce..87a48d7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
@@ -34,6 +34,12 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -81,12 +87,24 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
<value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
<description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -103,18 +121,39 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
+ <value></value>
<description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
+ <value>localhost:2181</value>
<description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index a2bae0f..501517f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -261,6 +261,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
def recommendRangerConfigurations(self, configurations, clusterData, services, hosts):
super(HDP23StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData, services, hosts)
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
@@ -297,6 +298,52 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
for key in rangerPrivelegeDbProperties:
putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key))
+ # Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir
+ include_hdfs = "HDFS" in servicesList
+ zookeeper_host_port = self.getZKHostPortString(services)
+ if zookeeper_host_port:
+ putRangerAdminProperty('ranger.audit.solr.zookeepers', zookeeper_host_port)
+
+ if include_hdfs:
+ if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
+ default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
+ putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs)
+
+ # Recommend Ranger supported service's audit properties
+ ranger_services = [
+ {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'},
+ {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'},
+ {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'},
+ {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'},
+ {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'},
+ {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'},
+ {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'}
+ ]
+
+ for item in range(len(ranger_services)):
+ if ranger_services[item]['service_name'] in servicesList:
+ component_audit_file = ranger_services[item]['audit_file']
+ if component_audit_file in services["configurations"]:
+ ranger_audit_dict = [
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'xasecure.audit.destination.db'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'xasecure.audit.destination.hdfs'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'xasecure.audit.destination.hdfs.dir'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.solr', 'target_configname': 'xasecure.audit.destination.solr'},
+ {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'},
+ {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'}
+ ]
+ putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
+
+ for item in ranger_audit_dict:
+ if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
+ if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
+ rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
+ else:
+ rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
+ putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
+
+
+
def recommendYARNConfigurations(self, configurations, clusterData, services, hosts):
super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts)
if "ranger-env" in services["configurations"] and "ranger-yarn-plugin-properties" in services["configurations"] and \
http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
index 8ba37c0..abddc71 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
@@ -966,6 +966,71 @@ class TestHDP206StackAdvisor(TestCase):
self.stackAdvisor.recommendHDFSConfigurations(configurations, clusterData, services, hosts)
self.assertEquals(configurations, expected)
+
+
+ def test_getHostNamesWithComponent(self):
+
+ services = {
+ "services": [
+ {
+ "StackServices": {
+ "service_name": "SERVICE"
+ },
+ "components": [
+ {
+ "StackServiceComponents": {
+ "component_name": "COMPONENT",
+ "hostnames": ["host1","host2","host3"]
+ }
+ }
+ ]
+ }
+ ],
+ "configurations": {}
+ }
+
+ result = self.stackAdvisor.getHostNamesWithComponent("SERVICE","COMPONENT", services)
+ expected = ["host1","host2","host3"]
+ self.assertEquals(result, expected)
+
+
+ def test_getZKHostPortString(self):
+ configurations = {
+ "zoo.cfg": {
+ "properties": {
+ 'clientPort': "2183"
+ }
+ }
+ }
+
+ services = {
+ "services": [
+ {
+ "StackServices": {
+ "service_name": "ZOOKEEPER"
+ },
+ "components": [
+ {
+ "StackServiceComponents": {
+ "component_name": "ZOOKEEPER_SERVER",
+ "hostnames": ["zk.host1","zk.host2","zk.host3"]
+ }
+ }, {
+ "StackServiceComponents": {
+ "component_name": "ZOOKEEPER_CLIENT",
+ "hostnames": ["host1"]
+ }
+ }
+ ]
+ }
+ ],
+ "configurations": configurations
+ }
+
+ result = self.stackAdvisor.getZKHostPortString(services)
+ expected = "zk.host1:2183,zk.host2:2183,zk.host3:2183"
+ self.assertEquals(result, expected)
+
def test_validateHDFSConfigurationsEnv(self):
configurations = {}