You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2015/04/16 15:10:13 UTC
ambari git commit: AMBARI-10522. Cannot install Ranger Admin on
non-root + umask 027 (aonishuk)
Repository: ambari
Updated Branches:
refs/heads/trunk 7d62dbb7b -> d445eed53
AMBARI-10522. Cannot install Ranger Admin on non-root + umask 027 (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d445eed5
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d445eed5
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d445eed5
Branch: refs/heads/trunk
Commit: d445eed53ba2bc3981a62669320ee94a490f10b9
Parents: 7d62dbb
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Thu Apr 16 16:10:02 2015 +0300
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Thu Apr 16 16:10:02 2015 +0300
----------------------------------------------------------------------
.../resource_management/TestFileResource.py | 12 +-
.../TestPropertiesFileResource.py | 10 +-
.../TestXmlConfigResource.py | 8 +-
.../core/providers/system.py | 9 +-
.../python/resource_management/core/sudo.py | 14 +-
.../libraries/providers/__init__.py | 3 +-
.../providers/modify_properties_file.py | 70 +++++
.../libraries/resources/__init__.py | 3 +-
.../resources/modify_properties_file.py | 40 +++
.../RANGER/0.4.0/configuration/ranger-site.xml | 14 +-
.../RANGER/0.4.0/package/scripts/params.py | 63 +----
.../0.4.0/package/scripts/ranger_admin.py | 4 +-
.../0.4.0/package/scripts/ranger_service.py | 4 +-
.../0.4.0/package/scripts/ranger_usersync.py | 39 +--
.../0.4.0/package/scripts/setup_ranger.py | 256 ++++---------------
.../stacks/2.2/RANGER/test_ranger_admin.py | 152 +++++++++--
.../stacks/2.2/RANGER/test_ranger_usersync.py | 131 +++++++++-
.../test/python/stacks/2.2/configs/default.json | 83 ++++++
.../test/python/stacks/2.2/configs/secured.json | 94 +++++++
19 files changed, 656 insertions(+), 353 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-agent/src/test/python/resource_management/TestFileResource.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/resource_management/TestFileResource.py b/ambari-agent/src/test/python/resource_management/TestFileResource.py
index 703651c..4caa69c 100644
--- a/ambari-agent/src/test/python/resource_management/TestFileResource.py
+++ b/ambari-agent/src/test/python/resource_management/TestFileResource.py
@@ -95,7 +95,7 @@ class TestFileResource(TestCase):
)
- create_file_mock.assert_called_with('/directory/file', 'file-content')
+ create_file_mock.assert_called_with('/directory/file', 'file-content', encoding=None)
self.assertEqual(create_file_mock.call_count, 1)
ensure_mock.assert_called()
@@ -120,8 +120,8 @@ class TestFileResource(TestCase):
content='new-content'
)
- read_file_mock.assert_called_with('/directory/file')
- create_file_mock.assert_called_with('/directory/file', 'new-content')
+ read_file_mock.assert_called_with('/directory/file', encoding=None)
+ create_file_mock.assert_called_with('/directory/file', 'new-content', encoding=None)
@patch.object(sudo, "unlink")
@@ -297,7 +297,7 @@ class TestFileResource(TestCase):
)
- create_file_mock.assert_called_with('/directory/file', 'file-content')
+ create_file_mock.assert_called_with('/directory/file', 'file-content', encoding=None)
self.assertEqual(create_file_mock.call_count, 1)
stat_mock.assert_called_with('/directory/file')
self.assertEqual(chmod_mock.call_count, 1)
@@ -346,7 +346,5 @@ class TestFileResource(TestCase):
)
- read_file_mock.assert_called_with('/directory/file')
- content_mock.encode.assert_called_with('UTF-8')
- old_content_mock.decode.assert_called_with('UTF-8')
+ read_file_mock.assert_called_with('/directory/file', encoding='UTF-8')
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py b/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py
index 1147928..bb91159 100644
--- a/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py
+++ b/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py
@@ -65,7 +65,7 @@ class TestPropertiesFIleResource(TestCase):
properties={}
)
- create_file_mock.assert_called_with('/somewhere_in_system/one_file.properties', u'# Generated by Apache Ambari. Today is Wednesday\n \n \n')
+ create_file_mock.assert_called_with('/somewhere_in_system/one_file.properties', u'# Generated by Apache Ambari. Today is Wednesday\n \n \n', encoding=None)
ensure_mock.assert_called()
@@ -98,7 +98,7 @@ class TestPropertiesFIleResource(TestCase):
properties={},
)
- create_file_mock.assert_called_with('/dir/and/dir/file.txt', u'# Generated by Apache Ambari. Some other day\n \n \n')
+ create_file_mock.assert_called_with('/dir/and/dir/file.txt', u'# Generated by Apache Ambari. Some other day\n \n \n', encoding=None)
ensure_mock.assert_called()
@@ -131,7 +131,7 @@ class TestPropertiesFIleResource(TestCase):
properties={'property1': 'value1'},
)
- create_file_mock.assert_called_with('/dir/new_file', u'# Generated by Apache Ambari. 777\n \nproperty1=value1\n \n')
+ create_file_mock.assert_called_with('/dir/new_file', u'# Generated by Apache Ambari. 777\n \nproperty1=value1\n \n', encoding=None)
ensure_mock.assert_called()
@@ -169,7 +169,7 @@ class TestPropertiesFIleResource(TestCase):
},
)
- create_file_mock.assert_called_with('/dir/new_file', u"# Generated by Apache Ambari. 777\n \n=\nprop.1='.'yyyy-MM-dd-HH\nprop.2=INFO, openjpa\nprop.3=%d{ISO8601} %5p %c{1}:%L - %m%n\nprop.4=${oozie.log.dir}/oozie.log\nprop.empty=\n \n")
+ create_file_mock.assert_called_with('/dir/new_file', u"# Generated by Apache Ambari. 777\n \n=\nprop.1='.'yyyy-MM-dd-HH\nprop.2=INFO, openjpa\nprop.3=%d{ISO8601} %5p %c{1}:%L - %m%n\nprop.4=${oozie.log.dir}/oozie.log\nprop.empty=\n \n", encoding=None)
ensure_mock.assert_called()
@@ -206,5 +206,5 @@ class TestPropertiesFIleResource(TestCase):
)
read_file_mock.assert_called()
- create_file_mock.assert_called_with('/dir1/new_file', u'# Generated by Apache Ambari. 777\n \nproperty_1=value1\n \n')
+ create_file_mock.assert_called_with('/dir1/new_file', u'# Generated by Apache Ambari. 777\n \nproperty_1=value1\n \n', encoding=None)
ensure_mock.assert_called()
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py b/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py
index 041fc9a..a7eaae9 100644
--- a/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py
+++ b/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py
@@ -62,7 +62,7 @@ class TestXmlConfigResource(TestCase):
configuration_attributes={}
)
- create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n </configuration>\n')
+ create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n </configuration>\n', encoding='UTF-8')
@patch("resource_management.core.providers.system._ensure_metadata")
@@ -91,7 +91,7 @@ class TestXmlConfigResource(TestCase):
configuration_attributes={'attr': {'property1': 'attr_value'}}
)
- create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name>property1</name>\n <value>value1</value>\n <attr>attr_value</attr>\n </property>\n \n </configuration>\n')
+ create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name>property1</name>\n <value>value1</value>\n <attr>attr_value</attr>\n </property>\n \n </configuration>\n', encoding='UTF-8')
@patch("resource_management.core.providers.system._ensure_metadata")
@@ -144,7 +144,7 @@ class TestXmlConfigResource(TestCase):
}
})
- create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>prop.1</name>\n <value>'.'yyyy-MM-dd-HH</value>\n <attr1>x</attr1>\n </property>\n \n <property>\n <name>prop.2</name>\n <value>INFO, openjpa</value>\n </property>\n \n <property>\n <name>prop.3</name>\n <value>%d{ISO8601} %5p %c{1}:%L - %m%n</value>\n <attr2>value3</attr2>\n </property>\n \n <property>\n <name>prop.4</name>\n <value>${oozie.log.dir}/oozie.log</value>\n <attr_value_empty></attr_value_empty>\n <attr2>value4</attr2>\n </property>\n \n <property>\n <name>prop.empty</name>\n <value></value>\n <attr_value_empty></attr_value_empty>\n </property>\n \n </configuration>\n')
+ create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>prop.1</name>\n <value>'.'yyyy-MM-dd-HH</value>\n <attr1>x</attr1>\n </property>\n \n <property>\n <name>prop.2</name>\n <value>INFO, openjpa</value>\n </property>\n \n <property>\n <name>prop.3</name>\n <value>%d{ISO8601} %5p %c{1}:%L - %m%n</value>\n <attr2>value3</attr2>\n </property>\n \n <property>\n <name>prop.4</name>\n <value>${oozie.log.dir}/oozie.log</value>\n <attr_value_empty></attr_value_empty>\n <attr2>value4</attr2>\n </property>\n \n <property>\n <name>prop.empty</name>\n <value></value>\n <attr_value_empty></attr_value_empty>\n </property>\n \n </configuration>\n', encoding='UTF-8')
@patch("resource_management.core.providers.system._ensure_metadata")
@patch.object(sudo, "create_file")
@@ -177,7 +177,7 @@ class TestXmlConfigResource(TestCase):
configuration_attributes={}
)
- create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>first</name>\n <value>should be first</value>\n </property>\n \n <property>\n <name>second</name>\n <value>should be second</value>\n </property>\n \n <property>\n <name>third</name>\n <value>should be third</value>\n </property>\n \n <property>\n <name>z_last</name>\n <value>should be last</value>\n </property>\n \n </configuration>\n')
+ create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>first</name>\n <value>should be first</value>\n </property>\n \n <property>\n <name>second</name>\n <value>should be second</value>\n </property>\n \n <property>\n <name>third</name>\n <value>should be third</value>\n </property>\n \n <property>\n <name>z_last</name>\n <value>should be last</value>\n </property>\n \n </configuration>\n', encoding='UTF-8')
@patch("resource_management.libraries.providers.xml_config.File")
@patch.object(sudo, "path_exists")
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/core/providers/system.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/core/providers/system.py b/ambari-common/src/main/python/resource_management/core/providers/system.py
index 95ba80d..1e4ce90 100644
--- a/ambari-common/src/main/python/resource_management/core/providers/system.py
+++ b/ambari-common/src/main/python/resource_management/core/providers/system.py
@@ -111,8 +111,7 @@ class FileProvider(Provider):
reason = "it doesn't exist"
elif self.resource.replace:
if content is not None:
- old_content = sudo.read_file(path)
- old_content = old_content.decode(self.resource.encoding) if self.resource.encoding else old_content
+ old_content = sudo.read_file(path, encoding=self.resource.encoding)
if content != old_content:
write = True
reason = "contents don't match"
@@ -121,11 +120,7 @@ class FileProvider(Provider):
if write:
Logger.info("Writing %s because %s" % (self.resource, reason))
-
- if content:
- content = content.encode(self.resource.encoding) if self.resource.encoding else content
-
- sudo.create_file(path, content)
+ sudo.create_file(path, content, encoding=self.resource.encoding)
_ensure_metadata(self.resource.path, self.resource.owner,
self.resource.group, mode=self.resource.mode, cd_access=self.resource.cd_access)
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/core/sudo.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/core/sudo.py b/ambari-common/src/main/python/resource_management/core/sudo.py
index 13c32a1..d481ecc 100644
--- a/ambari-common/src/main/python/resource_management/core/sudo.py
+++ b/ambari-common/src/main/python/resource_management/core/sudo.py
@@ -65,13 +65,14 @@ def rmtree(path):
shell.checked_call(["rm","-rf", path], sudo=True)
# fp.write replacement
-def create_file(filename, content):
+def create_file(filename, content, encoding='utf-8'):
"""
if content is None, create empty file
"""
tmpf = tempfile.NamedTemporaryFile()
if content:
+ content = content.encode(encoding) if encoding else content
with open(tmpf.name, "wb") as fp:
fp.write(content)
@@ -82,13 +83,16 @@ def create_file(filename, content):
chmod(filename, 0644)
# fp.read replacement
-def read_file(filename):
+def read_file(filename, encoding='utf-8'):
tmpf = tempfile.NamedTemporaryFile()
shell.checked_call(["cp", "-f", filename, tmpf.name], sudo=True)
with tmpf:
with open(tmpf.name, "rb") as fp:
- return fp.read()
+ content = fp.read()
+
+ content = content.decode(encoding) if encoding else content
+ return content
# os.path.exists
def path_exists(path):
@@ -102,6 +106,10 @@ def path_isdir(path):
def path_lexists(path):
return (shell.call(["test", "-L", path], sudo=True)[0] == 0)
+# os.path.isfile
+def path_isfile(path):
+ return (shell.call(["test", "-f", path], sudo=True)[0] == 0)
+
# os.stat
def stat(path):
class Stat:
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py b/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py
index 0038800..34b10a9 100644
--- a/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py
+++ b/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py
@@ -43,6 +43,7 @@ PROVIDERS = dict(
PropertiesFile="resource_management.libraries.providers.properties_file.PropertiesFileProvider",
MonitorWebserver="resource_management.libraries.providers.monitor_webserver.MonitorWebserverProvider",
HdfsDirectory="resource_management.libraries.providers.hdfs_directory.HdfsDirectoryProvider",
- CopyFromLocal="resource_management.libraries.providers.copy_from_local.CopyFromLocalProvider"
+ CopyFromLocal="resource_management.libraries.providers.copy_from_local.CopyFromLocalProvider",
+ ModifyPropertiesFile="resource_management.libraries.providers.modify_properties_file.ModifyPropertiesFileProvider"
),
)
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py b/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py
new file mode 100644
index 0000000..03d9028
--- /dev/null
+++ b/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+from resource_management.core.resources import File
+from resource_management.core.providers import Provider
+from resource_management.libraries.functions.format import format
+from resource_management.core.environment import Environment
+from resource_management.core.logger import Logger
+from resource_management import sudo
+
+
+class ModifyPropertiesFileProvider(Provider):
+ def action_create(self):
+ filename = self.resource.filename
+ comment_symbols = self.resource.comment_symbols
+ delimiter = self.resource.key_value_delimiter
+ properties = self.resource.properties
+ unsaved_values = properties.keys()
+ new_content_lines = []
+
+ if sudo.path_isfile(filename):
+ file_content = sudo.read_file(filename)
+ new_content_lines += file_content.split('\n')
+
+ Logger.info(format("Modifying existing properties file: {filename}"))
+
+ for line_num in range(len(new_content_lines)):
+ line = new_content_lines[line_num]
+
+ if line.lstrip() and not line.lstrip()[0] in comment_symbols and delimiter in line:
+ in_var_name = line.split(delimiter)[0].strip()
+ in_var_value = line.split(delimiter)[1].strip()
+
+ if in_var_name in properties:
+ new_content_lines[line_num] = u"{0}{1}{2}".format(unicode(in_var_name), delimiter, unicode(properties[in_var_name]))
+ unsaved_values.remove(in_var_name)
+ else:
+ Logger.info(format("Creating new properties file as {filename} doesn't exist"))
+
+ for property_name in unsaved_values:
+ line = u"{0}{1}{2}".format(unicode(property_name), delimiter, unicode(properties[property_name]))
+ new_content_lines.append(line)
+
+ with Environment.get_instance_copy() as env:
+ File (filename,
+ content = u"\n".join(new_content_lines) + "\n",
+ owner = self.resource.owner,
+ group = self.resource.group,
+ mode = self.resource.mode,
+ encoding = self.resource.encoding,
+ )
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py b/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py
index a0b533c..596c2e2 100644
--- a/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py
+++ b/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py
@@ -28,4 +28,5 @@ from resource_management.libraries.resources.repository import *
from resource_management.libraries.resources.monitor_webserver import *
from resource_management.libraries.resources.hdfs_directory import *
from resource_management.libraries.resources.copy_from_local import *
-from resource_management.libraries.resources.msi import *
\ No newline at end of file
+from resource_management.libraries.resources.msi import *
+from resource_management.libraries.resources.modify_properties_file import *
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py b/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py
new file mode 100644
index 0000000..d80d596
--- /dev/null
+++ b/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+_all__ = ["ModifyPropertiesFile"]
+from resource_management.core.base import Resource, ForcedListArgument, ResourceArgument, BooleanArgument
+
+class ModifyPropertiesFile(Resource):
+ action = ForcedListArgument(default="create")
+ filename = ResourceArgument(default=lambda obj: obj.name)
+
+ properties = ResourceArgument()
+
+ mode = ResourceArgument()
+ owner = ResourceArgument()
+ group = ResourceArgument()
+
+ key_value_delimiter = ResourceArgument(default='=')
+ comment_symbols = ForcedListArgument(default=['#'])
+ encoding = ResourceArgument(default='utf-8')
+
+ actions = Resource.actions + ["create"]
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
index 648a1d5..293c925 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml
@@ -22,43 +22,43 @@
<configuration supports_final="false">
<property>
- <name>HTTP_SERVICE_PORT</name>
+ <name>http.service.port</name>
<value>6080</value>
<description>The http port to be used</description>
</property>
<property>
- <name>HTTPS_SERVICE_PORT</name>
+ <name>https.service.port</name>
<value>6182</value>
<description>The secured https port to be used</description>
</property>
<property>
- <name>HTTPS_KEYSTORE_FILE</name>
+ <name>https.attrib.keystoreFile</name>
<value>/etc/ranger/admin/keys/server.jks</value>
<description>The keystore file location</description>
</property>
<property>
- <name>HTTPS_KEYSTORE_PASS</name>
+ <name>https.attrib.keystorePass</name>
<value>ranger</value>
<description>The keystore pass to be used </description>
</property>
<property>
- <name>HTTPS_KEY_ALIAS</name>
+ <name>https.attrib.keyAlias</name>
<value>myKey</value>
<description>The key alias to be used </description>
</property>
<property>
- <name>HTTPS_CLIENT_AUTH</name>
+ <name>https.attrib.clientAuth</name>
<value>want</value>
<description>The client auth to be used </description>
</property>
<property>
- <name>HTTP_ENABLED</name>
+ <name>http.enabled</name>
<value>true</value>
<description>http enabled or https enabled </description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index ac2bc0a..718c3c1 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -46,64 +46,17 @@ if stack_is_hdp22_or_further:
usersync_services_file = "/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh"
java_home = config['hostLevelParams']['java_home']
-unix_user = default("/configurations/ranger-env/ranger_user", "ranger")
-unix_group = default("/configurations/ranger-env/ranger_group", "ranger")
+unix_user = config['configurations']['ranger-env']['ranger_user']
+unix_group = config['configurations']['ranger-env']['ranger_group']
ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
-# admin-properties
-db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
-sql_command_invoker = default("/configurations/admin-properties/SQL_COMMAND_INVOKER", "mysql")
-sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
-db_root_user = default("/configurations/admin-properties/db_root_user", "root")
-db_root_password = unicode(default("/configurations/admin-properties/db_root_password", " "))
-db_host = default("/configurations/admin-properties/db_host", "localhost")
-db_name = default("/configurations/admin-properties/db_name", "ranger")
-db_user = default("/configurations/admin-properties/db_user", "rangeradmin")
-db_password = unicode(default("/configurations/admin-properties/db_password", "rangeradmin"))
-audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
-audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
-audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
-policymgr_external_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
-policymgr_http_enabled = default("/configurations/admin-properties/policymgr_http_enabled", "true")
-authentication_method = default("/configurations/admin-properties/authentication_method", "UNIX")
-remoteLoginEnabled = default("/configurations/admin-properties/remoteLoginEnabled", "true")
-authServiceHostName = default("/configurations/admin-properties/authServiceHostName", "localhost")
-authServicePort = default("/configurations/admin-properties/authServicePort", "5151")
-xa_ldap_url = default("/configurations/admin-properties/xa_ldap_url", "ldap://71.127.43.33:389")
-xa_ldap_userDNpattern = default("/configurations/admin-properties/xa_ldap_userDNpattern", "uid={0},ou=users,dc=xasecure,dc=net")
-xa_ldap_groupSearchBase = default("/configurations/admin-properties/xa_ldap_groupSearchBase", "ou=groups,dc=xasecure,dc=net")
-xa_ldap_groupSearchFilter = default("/configurations/admin-properties/xa_ldap_groupSearchFilter", "(member=uid={0},ou=users,dc=xasecure,dc=net)")
-xa_ldap_groupRoleAttribute = default("/configurations/admin-properties/xa_ldap_groupRoleAttribute", "cn")
-xa_ldap_ad_domain = default("/configurations/admin-properties/xa_ldap_ad_domain", "xasecure.net")
-xa_ldap_ad_url = default("/configurations/admin-properties/xa_ldap_ad_url", "ldap://ad.xasecure.net:389")
-
-# usersync-properties
-sync_source = default("/configurations/usersync-properties/SYNC_SOURCE", "unix")
-min_unix_user_id_to_sync = default("/configurations/usersync-properties/MIN_UNIX_USER_ID_TO_SYNC", "1000")
-sync_interval = default("/configurations/usersync-properties/SYNC_INTERVAL", "1")
-sync_ldap_url = default("/configurations/usersync-properties/SYNC_LDAP_URL", "ldap://localhost:389")
-sync_ldap_bind_dn = default("/configurations/usersync-properties/SYNC_LDAP_BIND_DN", "cn=admin,dc=xasecure,dc=net")
-sync_ldap_bind_password = default("/configurations/usersync-properties/SYNC_LDAP_BIND_PASSWORD", "admin321")
-cred_keystore_filename = default("/configurations/usersync-properties/CRED_KEYSTORE_FILENAME", "/usr/lib/xausersync/.jceks/xausersync.jceks")
-sync_ldap_user_search_base = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_BASE", "ou=users,dc=xasecure,dc=net")
-sync_ldap_user_search_scope = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE", "sub")
-sync_ldap_user_object_class = default("/configurations/usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS", "person")
-sync_ldap_user_search_filter = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER", "-")
-sync_ldap_user_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE", "cn")
-sync_ldap_user_group_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE", "memberof,ismemberof")
-sync_ldap_username_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_USERNAME_CASE_CONVERSION", "lower")
-sync_ldap_groupname_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_GROUPNAME_CASE_CONVERSION", "lower")
-logdir = default("/configurations/usersync-properties/logdir", "logs")
-
-# ranger-site
-http_enabled = default("/configurations/ranger-site/HTTP_ENABLED", "true")
-http_service_port = default("/configurations/ranger-site/HTTP_SERVICE_PORT", "6080")
-https_service_port = default("/configurations/ranger-site/HTTPS_SERVICE_PORT", "6182")
-https_attrib_keystoreFile = default("/configurations/ranger-site/HTTPS_KEYSTORE_FILE", "/etc/ranger/admin/keys/server.jks")
-https_attrib_keystorePass = default("/configurations/ranger-site/HTTPS_KEYSTORE_PASS", "ranger")
-https_attrib_keyAlias = default("/configurations/ranger-site/HTTPS_KEY_ALIAS", "mykey")
-https_attrib_clientAuth = default("/configurations/ranger-site/HTTPS_CLIENT_AUTH", "want")
+db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
+
+sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+db_root_user = config['configurations']['admin-properties']['db_root_user']
+db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
+db_host = config['configurations']['admin-properties']['db_host']
#ranger-env properties
oracle_home = default("/configurations/ranger-env/oracle_home", "-")
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
index 7314a83..f88625e 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
@@ -23,7 +23,7 @@ from resource_management.core.exceptions import ComponentIsNotRunning
from resource_management.libraries.functions.format import format
from resource_management.core.logger import Logger
from resource_management.core import shell
-from setup_ranger import setup_ranger
+from setup_ranger import setup_ranger_admin
from ranger_service import ranger_service
import upgrade
@@ -67,7 +67,7 @@ class RangerAdmin(Script):
import params
env.set_params(params)
- setup_ranger()
+ setup_ranger_admin()
if __name__ == "__main__":
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py
index f3b9603..8fda5f4 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py
@@ -19,12 +19,12 @@ limitations under the License.
"""
from resource_management import *
-def ranger_service(name):
+def ranger_service(name, action=None):
import params
if name == 'ranger_admin':
no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
- Execute(format('{params.ranger_start}'), user=params.unix_user, not_if=no_op_test)
+ Execute(params.ranger_start, user=params.unix_user, not_if=no_op_test)
elif name == 'ranger_usersync':
no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py
index afb86c1..a31a369 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py
@@ -23,37 +23,35 @@ from resource_management.core.exceptions import ComponentIsNotRunning
from resource_management.libraries.functions.format import format
from resource_management.core.logger import Logger
from resource_management.core import shell
-from setup_ranger import setup_usersync
from ranger_service import ranger_service
+from setup_ranger import setup_usersync
import upgrade
class RangerUsersync(Script):
-
- def get_stack_to_component(self):
- return {"HDP": "ranger-usersync"}
-
+
def install(self, env):
self.install_packages(env)
self.configure(env)
-
- def stop(self, env, rolling_restart=False):
- import params
-
- env.set_params(params)
- Execute((params.usersync_stop,), sudo=True)
-
- def pre_rolling_restart(self, env):
+
+ def configure(self, env):
import params
env.set_params(params)
- upgrade.prestart(env, "ranger-usersync")
-
+
+ setup_usersync()
+
def start(self, env, rolling_restart=False):
import params
env.set_params(params)
+
self.configure(env)
ranger_service('ranger_usersync')
-
-
+
+ def stop(self, env, rolling_restart=False):
+ import params
+ env.set_params(params)
+
+ Execute((params.usersync_stop,), sudo=True)
+
def status(self, env):
cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
code, output = shell.call(cmd, timeout=20)
@@ -63,10 +61,13 @@ class RangerUsersync(Script):
raise ComponentIsNotRunning()
pass
- def configure(self, env):
+ def pre_rolling_restart(self, env):
import params
env.set_params(params)
- setup_usersync()
+ upgrade.prestart(env, "ranger-usersync")
+
+ def get_stack_to_component(self):
+ return {"HDP": "ranger-usersync"}
if __name__ == "__main__":
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
index c1f365c..f54ba01 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py
@@ -23,234 +23,74 @@ import os
from resource_management import *
from resource_management.core.logger import Logger
-def setup_ranger():
+def setup_ranger_admin():
import params
- if check_db_connnection():
- File(params.downloaded_custom_connector,
- content = DownloadSource(params.driver_curl_source)
- )
-
- if not os.path.isfile(params.driver_curl_target):
- Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- file_path = format("{ranger_home}/install.properties")
- bk_file_path = format("{ranger_home}/install-bk.properties")
-
- File(bk_file_path,
- content = StaticFile(file_path),
- )
-
- write_properties_to_file(file_path, admin_properties())
- ##if db flavor == oracle - set oracle home env variable
- if params.db_flavor.lower() == 'oracle' and params.oracle_home:
- env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
- else:
- env_dict = {'JAVA_HOME': params.java_home}
- setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
-
- try:
- Execute(setup_sh,
- environment=env_dict,
- logoutput=True,
- )
- except Fail, e:
- if os.path.isfile(bk_file_path):
- File(file_path,
- action = "delete",
- )
- Execute(('mv', bk_file_path, file_path),
- sudo = True,
- )
- raise Fail('Ranger installation Failed, {0}'.format(str(e)))
-
- do_post_installation()
-
- if os.path.isfile(bk_file_path):
- File(file_path,
- action = "delete",
- )
- Execute(('mv', bk_file_path, file_path),
- sudo = True,
- )
- else:
- raise Fail('Ranger admin install.properties backup file doesnot exist')
-
-def do_post_installation():
- import params
-
- Logger.info('Performing Ranger post installation')
+ check_db_connnection()
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source)
+ )
- file_path = format("{ranger_conf}/ranger_webserver.properties")
- ranger_site = dict()
- ranger_site['http.service.port'] = params.http_service_port
- ranger_site['https.service.port'] = params.https_service_port
- ranger_site['https.attrib.keystoreFile'] = params.https_attrib_keystoreFile
- ranger_site['https.attrib.keystorePass'] = params.https_attrib_keystorePass
- ranger_site['https.attrib.keyAlias'] = params.https_attrib_keyAlias
- ranger_site['https.attrib.clientAuth'] = params.https_attrib_clientAuth
- write_properties_to_file(file_path, ranger_site)
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+ path=["/bin", "/usr/bin/"],
+ not_if=format("test -f {driver_curl_target}"),
+ sudo=True)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = params.config['configurations']['admin-properties']
+ )
- ranger_site.clear()
+ ##if db flavor == oracle - set oracle home env variable
+ if params.db_flavor.lower() == 'oracle' and params.oracle_home:
+ env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
+ else:
+ env_dict = {'JAVA_HOME': params.java_home}
+
+ setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
+ Execute(setup_sh,
+ environment=env_dict,
+ logoutput=True,
+ )
+
+ ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"),
+ properties = params.config['configurations']['ranger-site'],
+ )
- file_path = format("{ranger_conf}/xa_system.properties")
- ranger_site['http.enabled'] = params.http_enabled
- write_properties_to_file(file_path, ranger_site)
- Logger.info('Performing Ranger post installation DONE')
- File(format('{params.ranger_conf}/ranger_webserver.properties'), mode=0744)
+ ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"),
+ properties = params.config['configurations']['ranger-site'],
+ mode=0744
+ )
def setup_usersync():
import params
- file_path = format("{usersync_home}/install.properties")
- write_properties_to_file(file_path, usersync_properties())
+ PropertiesFile(format("{usersync_home}/install.properties"),
+ properties = params.config['configurations']['usersync-properties'],
+ )
cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')])
Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
- Execute(('chown', params.unix_user, params.usersync_start),
- sudo = True,
- )
- Execute(('chown', params.unix_user, params.usersync_stop),
- sudo = True,
+
+ File([params.usersync_start, params.usersync_stop],
+ owner = params.unix_user
)
File(params.usersync_services_file,
mode = 0755,
)
-def write_properties_to_file(file_path, value):
- for key in value:
- modify_config(file_path, key, value[key])
-
-def modify_config(filepath, variable, setting):
- var_found = False
- already_set = False
- V = str(variable)
- S = str(setting)
-
- if ' ' in S:
- S = '%s' % S
-
- tmp_filepath = format("{tmp_dir}/temporary_ranger_config.properties")
- # we need to copy so non-root user is able to read it.
- File(tmp_filepath,
- content = StaticFile(filepath),
- )
-
- for line in fileinput.input(tmp_filepath, inplace=1):
- if not line.lstrip(' ').startswith('#') and '=' in line:
- _infile_var = str(line.split('=')[0].rstrip(' '))
- _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
- if var_found == False and _infile_var.rstrip(' ') == V:
- var_found = True
- if _infile_set.lstrip(' ') == S:
- already_set = True
- else:
- line = format("{V}={S}\n")
-
- sys.stdout.write(line)
-
- # copy it back
- File(filepath,
- content = StaticFile(tmp_filepath),
- )
-
- if not var_found:
- Execute(format("echo '{V}={S}\\n' | ") + as_sudo(['tee', '-a', filepath]))
- elif already_set == True:
- pass
- else:
- pass
-
- return
-
-def admin_properties():
- import params
-
- admin_properties = dict()
-
- admin_properties['DB_FLAVOR'] = params.db_flavor
- admin_properties['SQL_COMMAND_INVOKER'] = params.sql_command_invoker
- admin_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
- admin_properties['db_root_user'] = params.db_root_user
- admin_properties['db_root_password'] = params.db_root_password
- admin_properties['db_host'] = params.db_host
- admin_properties['db_name'] = params.db_name
- admin_properties['db_user'] = params.db_user
- admin_properties['db_password'] = params.db_password
- admin_properties['audit_db_name'] = params.audit_db_name
- admin_properties['audit_db_user'] = params.audit_db_user
- admin_properties['audit_db_password'] = params.audit_db_password
- admin_properties['policymgr_external_url'] = params.policymgr_external_url
- admin_properties['policymgr_http_enabled'] = params.policymgr_http_enabled
- admin_properties['authentication_method'] = params.authentication_method
- admin_properties['remoteLoginEnabled'] = params.remoteLoginEnabled
- admin_properties['authServiceHostName'] = params.authServiceHostName
- admin_properties['authServicePort'] = params.authServicePort
- admin_properties['xa_ldap_url'] = params.xa_ldap_url
- admin_properties['xa_ldap_userDNpattern'] = params.xa_ldap_userDNpattern
- admin_properties['xa_ldap_groupSearchBase'] = params.xa_ldap_groupSearchBase
- admin_properties['xa_ldap_groupSearchFilter'] = params.xa_ldap_groupSearchFilter
- admin_properties['xa_ldap_groupRoleAttribute'] = params.xa_ldap_groupRoleAttribute
- admin_properties['xa_ldap_ad_domain'] = params.xa_ldap_ad_domain
- admin_properties['xa_ldap_ad_url'] = params.xa_ldap_ad_url
-
- return admin_properties
-
-def usersync_properties():
- import params
-
- usersync_properties = dict()
-
- usersync_properties['POLICY_MGR_URL'] = params.policymgr_external_url
-
- usersync_properties['SYNC_SOURCE'] = params.sync_source
- usersync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = params.min_unix_user_id_to_sync
- usersync_properties['SYNC_INTERVAL'] = params.sync_interval
- usersync_properties['SYNC_LDAP_URL'] = params.sync_ldap_url
- usersync_properties['SYNC_LDAP_BIND_DN'] = params.sync_ldap_bind_dn
- usersync_properties['SYNC_LDAP_BIND_PASSWORD'] = params.sync_ldap_bind_password
- usersync_properties['CRED_KEYSTORE_FILENAME'] = params.cred_keystore_filename
- usersync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = params.sync_ldap_user_search_base
- usersync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.sync_ldap_user_search_scope
- usersync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = params.sync_ldap_user_object_class
- usersync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = params.sync_ldap_user_search_filter
- usersync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.sync_ldap_user_name_attribute
- usersync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.sync_ldap_user_group_name_attribute
- usersync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.sync_ldap_username_case_conversion
- usersync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.sync_ldap_groupname_case_conversion
- usersync_properties['logdir'] = params.logdir
-
- return usersync_properties
-
def check_db_connnection():
import params
- db_root_password = params.db_root_password
- db_root_user = params.db_root_user
- db_host = params.db_host
- sql_command_invoker = params.sql_command_invoker
- db_flavor = params.db_flavor
- cmd_str = ""
Logger.info('Checking DB connection')
- if db_flavor and db_flavor.lower() == 'mysql':
- cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\""
- elif db_flavor and db_flavor.lower() == 'oracle':
- cmd_str = sql_command_invoker +" " + db_root_user + "/" + db_root_password + "@" + db_host + " AS SYSDBA"
- status, output = get_status_output(cmd_str)
-
- if status == 0:
- Logger.info('Checking DB connection DONE')
- return True
- else:
- Logger.info(
- 'Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host, DB administrative privileges configured for connectivity from the Ranger Admin host to the configured DB host/instance and the DB server up and running on the DB host.')
- sys.exit(1)
-
-def get_status_output(cmd):
- import subprocess
+ if params.db_flavor.lower() == 'mysql':
+ cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password} -h {db_host} -s -e "select version();"')
+ elif params.db_flavor.lower() == 'oracle':
+ cmd = format('{sql_command_invoker} {db_root_user}/{db_root_password}@{db_host} AS SYSDBA')
- ret = subprocess.call(cmd, shell=True)
- return ret, ret
+ try:
+ Execute(cmd)
+ except Fail as ex:
+ Logger.info(ex)
+ raise Fail('Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host, DB administrative privileges configured for connectivity from the Ranger Admin host to the configured DB host/instance and the DB server up and running on the DB host.')
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
index 84ffa01..4bff50f 100644
--- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
+++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
@@ -17,29 +17,143 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
'''
-
-import sys
-import os
-from stacks.utils.RMFTestCase import RMFTestCase
-from mock.mock import patch
-
+from mock.mock import MagicMock, patch
+from stacks.utils.RMFTestCase import *
class TestRangerAdmin(RMFTestCase):
COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package"
STACK_VERSION = "2.2"
- def setUp(self):
- sys.path.insert(0, os.path.join(os.getcwd(), "../../main/resources/common-services", self.COMMON_SERVICES_PACKAGE_DIR, "scripts"))
-
- @patch("setup_ranger.setup_ranger")
- def test_upgrade(self, setup_ranger_mock):
+ def test_configure_default(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+ classname = "RangerAdmin",
+ command = "configure",
+ config_file="default.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_default()
+ self.assertNoMoreResources()
+
+ def test_start_default(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+ classname = "RangerAdmin",
+ command = "start",
+ config_file="default.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_default()
+ self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start',
+ not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep',
+ user = 'ranger',
+ )
+ self.assertNoMoreResources()
+
+ def test_stop_default(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+ classname = "RangerAdmin",
+ command = "stop",
+ config_file="default.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-stop',
+ user = 'ranger',
+ )
+ self.assertNoMoreResources()
+
+ def test_configure_secured(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+ classname = "RangerAdmin",
+ command = "configure",
+ config_file="secured.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_secured()
+ self.assertNoMoreResources()
+
+ def test_start_secured(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+ classname = "RangerAdmin",
+ command = "start",
+ config_file="secured.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_secured()
+ self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start',
+ not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep',
+ user = 'ranger',
+ )
+ self.assertNoMoreResources()
+
+ def test_stop_secured(self):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
- classname = "RangerAdmin",
- command = "restart",
- config_file="ranger-admin-upgrade.json",
- hdp_stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES)
+ classname = "RangerAdmin",
+ command = "stop",
+ config_file="secured.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-stop',
+ user = 'ranger',
+ )
+ self.assertNoMoreResources()
- self.assertTrue(setup_ranger_mock.called)
- self.assertResourceCalled("Execute", "/usr/bin/ranger-admin-stop", user="ranger")
- self.assertResourceCalled("Execute", "hdp-select set ranger-admin 2.2.2.0-2399")
\ No newline at end of file
+ def assert_configure_default(self):
+ self.assertResourceCalled('Execute', 'mysql -u root --password=aa -h localhost -s -e "select version();"',)
+ self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',
+ content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-jdbc-driver.jar'),
+ )
+ self.assertResourceCalled('Execute', ('cp',
+ '--remove-destination',
+ '/tmp/mysql-connector-java.jar',
+ '/usr/share/java/mysql-connector-java.jar'),
+ not_if = 'test -f /usr/share/java/mysql-connector-java.jar',
+ sudo = True,
+ path = ['/bin', '/usr/bin/'],
+ )
+ self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties',
+ properties = self.getConfig()['configurations']['admin-properties'],
+ )
+ self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh',
+ logoutput = True,
+ environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+ )
+ self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties',
+ properties = self.getConfig()['configurations']['ranger-site'],
+ )
+ self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties',
+ mode = 0744,
+ properties = self.getConfig()['configurations']['ranger-site']
+ )
+
+ def assert_configure_secured(self):
+ self.assertResourceCalled('Execute', 'mysql -u root --password=rootpassword -h localhost -s -e "select version();"',)
+ self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',
+ content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-jdbc-driver.jar'),
+ )
+ self.assertResourceCalled('Execute', ('cp',
+ '--remove-destination',
+ '/tmp/mysql-connector-java.jar',
+ '/usr/share/java/mysql-connector-java.jar'),
+ not_if = 'test -f /usr/share/java/mysql-connector-java.jar',
+ sudo = True,
+ path = ['/bin', '/usr/bin/'],
+ )
+ self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties',
+ properties = self.getConfig()['configurations']['admin-properties'],
+ )
+ self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh',
+ logoutput = True,
+ environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+ )
+ self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties',
+ properties = self.getConfig()['configurations']['ranger-site'],
+ )
+ self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties',
+ mode = 0744,
+ properties = self.getConfig()['configurations']['ranger-site']
+ )
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
index 74f9ce8..249ecbd 100644
--- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
+++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
@@ -17,22 +17,91 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
'''
+from mock.mock import MagicMock, patch
+from stacks.utils.RMFTestCase import *
-import sys
-import os
-from stacks.utils.RMFTestCase import RMFTestCase
-from mock.mock import patch
-
-
-class TestRangerUserSync(RMFTestCase):
+class TestRangerUsersync(RMFTestCase):
COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package"
STACK_VERSION = "2.2"
- def setUp(self):
- sys.path.insert(0, os.path.join(os.getcwd(),
- "../../main/resources/common-services", self.COMMON_SERVICES_PACKAGE_DIR,
- "scripts"))
-
+ def test_configure_default(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+ classname = "RangerUsersync",
+ command = "configure",
+ config_file="default.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_default()
+ self.assertNoMoreResources()
+
+ def test_start_default(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+ classname = "RangerUsersync",
+ command = "start",
+ config_file="default.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_default()
+ self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-start',),
+ not_if = 'ps -ef | grep proc_rangerusersync | grep -v grep',
+ sudo = True,
+ )
+ self.assertNoMoreResources()
+
+ def test_stop_default(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+ classname = "RangerUsersync",
+ command = "stop",
+ config_file="default.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-stop',),
+ sudo = True,
+ )
+ self.assertNoMoreResources()
+
+ def test_configure_secured(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+ classname = "RangerUsersync",
+ command = "configure",
+ config_file="secured.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_secured()
+ self.assertNoMoreResources()
+
+ def test_start_secured(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+ classname = "RangerUsersync",
+ command = "start",
+ config_file="secured.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assert_configure_secured()
+ self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-start',),
+ not_if = 'ps -ef | grep proc_rangerusersync | grep -v grep',
+ sudo = True,
+ )
+ self.assertNoMoreResources()
+
+ def test_stop_secured(self):
+ self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+ classname = "RangerUsersync",
+ command = "stop",
+ config_file="secured.json",
+ hdp_stack_version = self.STACK_VERSION,
+ target = RMFTestCase.TARGET_COMMON_SERVICES
+ )
+ self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-stop',),
+ sudo = True,
+ )
+ self.assertNoMoreResources()
+
@patch("setup_ranger.setup_usersync")
def test_upgrade(self, setup_usersync_mock):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
@@ -44,4 +113,40 @@ class TestRangerUserSync(RMFTestCase):
self.assertTrue(setup_usersync_mock.called)
self.assertResourceCalled("Execute", ("/usr/bin/ranger-usersync-stop",), sudo=True)
- self.assertResourceCalled("Execute", "hdp-select set ranger-usersync 2.2.2.0-2399")
\ No newline at end of file
+ self.assertResourceCalled("Execute", "hdp-select set ranger-usersync 2.2.2.0-2399")
+
+ def assert_configure_default(self):
+ self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties',
+ properties = self.getConfig()['configurations']['usersync-properties'],
+ )
+ self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh',
+ logoutput = True,
+ environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+ )
+ self.assertResourceCalled('File', '/usr/bin/ranger-usersync-start',
+ owner = 'ranger',
+ )
+ self.assertResourceCalled('File', '/usr/bin/ranger-usersync-stop',
+ owner = 'ranger',
+ )
+ self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh',
+ mode = 0755,
+ )
+
+ def assert_configure_secured(self):
+ self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties',
+ properties = self.getConfig()['configurations']['usersync-properties'],
+ )
+ self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh',
+ logoutput = True,
+ environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+ )
+ self.assertResourceCalled('File', '/usr/bin/ranger-usersync-start',
+ owner = 'ranger',
+ )
+ self.assertResourceCalled('File', '/usr/bin/ranger-usersync-stop',
+ owner = 'ranger',
+ )
+ self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh',
+ mode = 0755,
+ )
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/default.json b/ambari-server/src/test/python/stacks/2.2/configs/default.json
index 892cdd3..c67eda4 100644
--- a/ambari-server/src/test/python/stacks/2.2/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.2/configs/default.json
@@ -31,6 +31,89 @@
"taskId": 152,
"public_hostname": "c6401.ambari.apache.org",
"configurations": {
+ "admin-properties": {
+ "authentication_method": "UNIX",
+ "db_root_user": "root",
+ "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"",
+ "audit_db_name": "ranger_audit",
+ "xa_ldap_ad_domain": "\"xasecure.net\"",
+ "remoteLoginEnabled": "true",
+ "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar",
+ "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"",
+ "SQL_COMMAND_INVOKER": "mysql",
+ "db_user": "rangeradmin",
+ "db_password": "aa",
+ "authServicePort": "5151",
+ "audit_db_password": "aa",
+ "DB_FLAVOR": "MYSQL",
+ "audit_db_user": "rangerlogger",
+ "db_root_password": "aa",
+ "xa_ldap_url": "\"ldap://71.127.43.33:389\"",
+ "db_name": "ranger",
+ "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"",
+ "authServiceHostName": "localhost",
+ "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"",
+ "policymgr_external_url": "http://localhost:6080",
+ "policymgr_http_enabled": "true",
+ "db_host": "localhost",
+ "xa_ldap_groupRoleAttribute": "\"cn\""
+ },
+ "ranger-site": {
+ "http.enabled": "true",
+ "http.service.port": "6080",
+ "https.attrib.keystorePass": "ranger",
+ "https.attrib.clientAuth": "want",
+ "https.attrib.keystoreFile": "/etc/ranger/admin/keys/server.jks",
+ "https.service.port": "6182",
+ "https.attrib.keyAlias": "myKey"
+ },
+ "usersync-properties": {
+ "SYNC_INTERVAL": "1",
+ "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_FILTER": "-",
+ "SYNC_LDAP_URL": "ldap://localhost:389",
+ "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_SCOPE": "sub",
+ "SYNC_LDAP_BIND_PASSWORD": "admin321",
+ "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn",
+ "MIN_UNIX_USER_ID_TO_SYNC": "1000",
+ "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_OBJECT_CLASS": "person",
+ "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks",
+ "SYNC_SOURCE": "unix",
+ "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof",
+ "logdir": "logs"
+ },
+ "usersync-properties": {
+ "SYNC_INTERVAL": "1",
+ "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_FILTER": "-",
+ "SYNC_LDAP_URL": "ldap://localhost:389",
+ "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_SCOPE": "sub",
+ "SYNC_LDAP_BIND_PASSWORD": "admin321",
+ "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn",
+ "MIN_UNIX_USER_ID_TO_SYNC": "1000",
+ "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_OBJECT_CLASS": "person",
+ "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks",
+ "SYNC_SOURCE": "unix",
+ "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof",
+ "logdir": "logs"
+ },
+ "ranger-env": {
+ "ranger_group": "ranger",
+ "ranger_admin_log_dir": "/var/log/ranger/admin",
+ "oracle_home": "-",
+ "admin_username": "admin",
+ "ranger_user": "ranger",
+ "ranger_admin_username": "amb_ranger_admin",
+ "admin_password": "admin",
+ "ranger_admin_password": "aa",
+ "ranger_usersync_log_dir": "/var/log/ranger/usersync"
+ },
"spark-defaults": {
"spark.yarn.applicationMaster.waitTries": "10",
"spark.history.kerberos.keytab": "none",
http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/configs/secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/secured.json b/ambari-server/src/test/python/stacks/2.2/configs/secured.json
index 62f10a2..5bd8814 100644
--- a/ambari-server/src/test/python/stacks/2.2/configs/secured.json
+++ b/ambari-server/src/test/python/stacks/2.2/configs/secured.json
@@ -30,6 +30,100 @@
"taskId": 152,
"public_hostname": "c6401.ambari.apache.org",
"configurations": {
+ "ranger-env": {
+ "ranger_group": "ranger",
+ "ranger_admin_password": "ambari123",
+ "oracle_home": "-",
+ "admin_username": "admin",
+ "ranger_user": "ranger",
+ "ranger_admin_username": "amb_ranger_admin",
+ "admin_password": "admin",
+ "ranger_admin_log_dir": "/var/log/ranger/admin",
+ "ranger_usersync_log_dir": "/var/log/ranger/usersync"
+ },
+ "admin-properties": {
+ "db_password": "admin",
+ "db_root_user": "root",
+ "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"",
+ "xa_ldap_ad_domain": "\"xasecure.net\"",
+ "SQL_COMMAND_INVOKER": "mysql",
+ "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar",
+ "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"",
+ "remoteLoginEnabled": "true",
+ "audit_db_name": "ranger_audit",
+ "ambari_user_password": "admin",
+ "authServicePort": "5151",
+ "audit_db_password": "admin",
+ "DB_FLAVOR": "MYSQL",
+ "audit_db_user": "rangerlogger",
+ "xa_ldap_groupRoleAttribute": "\"cn\"",
+ "xa_ldap_url": "\"ldap://71.127.43.33:389\"",
+ "db_name": "ranger",
+ "authentication_method": "UNIX",
+ "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"",
+ "policymgr_http_enabled": "true",
+ "authServiceHostName": "localhost",
+ "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"",
+ "unix_group": "ranger",
+ "policymgr_external_url": "http://localhost:6080",
+ "db_user": "rangeradmin",
+ "db_host": "localhost",
+ "unix_user": "ranger",
+ "db_root_password": "rootpassword"
+ },
+ "ranger-hdfs-plugin-properties": {
+ "XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS": "900",
+ "XAAUDIT.HDFS.DESTINATION_DIRECTORY": "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%",
+ "POLICY_USER": "ambari-qa",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit",
+ "common.name.for.certificate": "-",
+ "XAAUDIT.HDFS.IS_ENABLED": "false",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
+ "SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
+ "XAAUDIT.DB.IS_ENABLED": "true",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS": "600",
+ "hadoop.rpc.protection": "-",
+ "ranger-hdfs-plugin-enabled": "No",
+ "SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
+ "XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
+ "policy_user": "ambari-qa",
+ "XAAUDIT.HDFS.DESTINTATION_FILE": "%hostname%-audit.log",
+ "XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS": "86400",
+ "XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT": "10",
+ "SSL_TRUSTSTORE_PASSWORD": "changeit",
+ "XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive",
+ "REPOSITORY_CONFIG_USERNAME": "hadoop",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS": "60",
+ "SSL_TRUSTSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-truststore.jks",
+ "REPOSITORY_CONFIG_PASSWORD": "hadoop"
+ },
+ "ranger-site": {
+ "HTTPS_KEYSTORE_FILE": "/etc/ranger/admin/keys/server.jks",
+ "HTTPS_CLIENT_AUTH": "want",
+ "HTTPS_SERVICE_PORT": "6182",
+ "HTTPS_KEY_ALIAS": "myKey",
+ "HTTPS_KEYSTORE_PASS": "ranger",
+ "HTTP_ENABLED": "true",
+ "HTTP_SERVICE_PORT": "6080"
+ },
+ "usersync-properties": {
+ "SYNC_INTERVAL": "1",
+ "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_FILTER": "-",
+ "SYNC_LDAP_URL": "ldap://localhost:389",
+ "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_SCOPE": "sub",
+ "SYNC_LDAP_BIND_PASSWORD": "admin321",
+ "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn",
+ "MIN_UNIX_USER_ID_TO_SYNC": "1000",
+ "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net",
+ "logdir": "logs",
+ "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks",
+ "SYNC_SOURCE": "unix",
+ "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof",
+ "SYNC_LDAP_USER_OBJECT_CLASS": "person"
+ },
"spark-defaults": {
"spark.yarn.applicationMaster.waitTries": "10",
"spark.history.kerberos.keytab": "/etc/security/keytabs/spark.service.keytab",