You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2015/11/10 05:07:27 UTC
[1/4] incubator-ranger git commit: RANGER-714: Enhancements to the db
admin setup scripts
Repository: incubator-ranger
Updated Branches:
refs/heads/master febe19357 -> c462d0ea9
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 11b72b4..36696a0 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -22,7 +22,6 @@
PROPFILE=$PWD/install.properties
propertyValue=''
-#. $PROPFILE
if [ ! $? = "0" ];then
log "$PROPFILE file not found....!!";
exit 1;
@@ -42,12 +41,16 @@ get_prop(){
validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
value=$(echo $validateProperty | cut -d "=" -f2-)
- echo $value
+ if [[ $1 == *password* ]]
+ then
+ echo $value
+ else
+ echo $value | tr -d \'\"
+ fi
}
PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE)
DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE)
-SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE)
SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE)
db_root_user=$(get_prop 'db_root_user' $PROPFILE)
db_root_password=$(get_prop 'db_root_password' $PROPFILE)
@@ -169,18 +172,6 @@ getPropertyFromFile(){
#Update Properties to File
#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
-updatePropertyToFile(){
- sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
- #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
- validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
- #echo 'V1:'$validate
- if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
- log "[I] File $3 Updated successfully : {'$1'}"
-}
-
-
-#Update Properties to File
-#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
updatePropertyToFilePy(){
python update_property.py $1 $2 $3
check_ret_status $? "Update property failed for: " $1
@@ -195,78 +186,18 @@ init_logfiles () {
init_variables(){
curDt=`date '+%Y%m%d%H%M%S'`
-
VERSION=`cat ${PWD}/version`
-
XAPOLICYMGR_DIR=$PWD
-
RANGER_ADMIN_INITD=ranger-admin-initd
-
RANGER_ADMIN=ranger-admin
-
INSTALL_DIR=${XAPOLICYMGR_DIR}
-
WEBAPP_ROOT=${INSTALL_DIR}/ews/webapp
-
DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
if [ "${DB_FLAVOR}" == "" ]
then
DB_FLAVOR="MYSQL"
fi
log "[I] DB_FLAVOR=${DB_FLAVOR}"
-
- #getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
- #getPropertyFromFile 'db_root_password' $PROPFILE db_user
- #getPropertyFromFile 'db_user' $PROPFILE db_user
- #getPropertyFromFile 'db_password' $PROPFILE db_password
- #if [ "${audit_store}" == "solr" ]
- #then
- # getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls
- # getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user
- # getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password
- # getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers
- #else
- # getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
- # getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
- #fi
-}
-
-wait_for_tomcat_shutdown() {
- i=1
- touch $TMPFILE
- while [ $i -le 20 ]
- do
- ps -ef | grep catalina.startup.Bootstrap | grep -v grep > $TMPFILE
- if [ $? -eq 1 ]; then
- log "[I] Tomcat stopped"
- i=21
- else
- log "[I] stopping Tomcat.."
- i=`expr $i + 1`
- sleep 1
- fi
- done
-}
-
-check_db_version() {
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- if is_command ${SQL_COMMAND_INVOKER} ; then
- log "[I] '${SQL_COMMAND_INVOKER}' command found"
- else
- log "[E] '${SQL_COMMAND_INVOKER}' command not found"
- exit 1;
- fi
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- if is_command ${SQL_COMMAND_INVOKER} ; then
- log "[I] '${SQL_COMMAND_INVOKER}' command found"
- else
- log "[E] '${SQL_COMMAND_INVOKER}' command not found"
- exit 1;
- fi
- fi
}
check_python_command() {
@@ -319,13 +250,6 @@ check_java_version() {
log "[E] Java 1.7 is required, current java version is $version"
exit 1;
fi
-
-
- #$JAVA_BIN -version 2>&1 | grep -q "$JAVA_ORACLE"
- #if [ $? != 0 ] ; then
- #log "[E] Oracle Java is required"
- #exit 1;
- #fi
}
sanity_check_files() {
@@ -389,436 +313,6 @@ create_rollback_point() {
cp "$APP" "$BAK_FILE"
}
-create_db_user(){
- check_db_user_password
- strError="ERROR"
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Creating ${DB_FLAVOR} user '${db_user}'"
- for thost in '%' localhost
- do
- usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$db_user' and host = '$thost';"`
- if [ ${usercount} -eq 0 ]
- then
- $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$db_user'@'$thost' identified by '$db_password';"
- log "[I] Creating user '$db_user' for host $thost done"
- fi
- dbquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$db_user'@'$thost';FLUSH PRIVILEGES;"
- echo "${dbquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$DB_FLAVOR' revoke *.* privileges from user '$db_user'@'$thost' failed"
- done
- log "[I] Creating ${DB_FLAVOR} user '${db_user}' DONE"
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- #check user exist or not
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- #if does not contains username so create user
- if test "${result3#*$username}" == "$result3"
- then
- #create user
- result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- #if user is not created print error message
- if test "${result3#*$username}" == "$result3"
- then
- log "[E] Creating User: ${db_user} Failed";
- log "[E] $result4"
- exit 1
- else
- log "[I] Creating User: ${db_user} Success";
- fi
- fi
- result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
- if test "${result5#*$strError}" == "$result5"
- then
- log "[I] Granting User: ${db_user} Success";
- else
- log "[E] Granting User: ${db_user} Failed";
- log "[E] $result5"
- exit 1
- fi
- log "[I] Creating $DB_FLAVOR user '${db_user}' DONE"
- fi
-}
-
-check_db_admin_password () {
- count=0
- msg=''
- cmdStatus=''
- strError="ERROR"
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Checking ${DB_FLAVOR} $db_root_user password"
- msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
- cmdStatus=$?
- fi
-
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Checking ${DB_FLAVOR} $db_root_user password"
- msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA>&1`
- cmdStatus=$?
- fi
- if test "${msg#*$strError}" != "$msg"
- then
- cmdStatus=1
- else
- cmdStatus=0 # $substring is not in $string
- fi
- while :
- do
- if [ $cmdStatus != 0 ]; then
- if [ $count != 0 ]
- then
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] COMMAND: mysql -u $db_root_user --password=...... -h $DB_HOST : FAILED with error message:"
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] COMMAND: sqlplus $db_root_user/...... @$DB_HOST AS SYSDBA : FAILED with error message:"
- fi
- log "*******************************************${sg}*******************************************"
- fi
- if [ $count -gt 2 ]
- then
- log "[E] Unable to continue as db connectivity fails."
- exit 1
- fi
- trap 'stty echo; exit 1' 2 3 15
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- printf "Please enter password for mysql user-id, $db_root_user@${DB_HOST} : "
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log="[msg] ${msg}"
- printf "Please enter password for oracle user-id, $db_root_user@${DB_HOST} AS SYSDBA: "
- fi
- stty -echo
- read db_root_password
- stty echo
- printf "\n"
- trap '' 2 3 15
- count=`expr ${count} + 1`
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
- cmdStatus=$?
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"{$DB_HOST}" AS SYSDBA >&1`
- cmdStatus=$?
- fi
- if test "${msg#*$strError}" != "$msg"
- then
- cmdStatus=1
- else
- cmdStatus=0 # $substring is not in $string
- fi
- else
- log "[I] Checking DB password DONE"
- break;
- fi
- done
- return 0;
-}
-
-check_db_user_password() {
- count=0
- muser=${db_user}@${DB_HOST}
- while [ "${db_password}" = "" ]
- do
- if [ $count -gt 0 ]
- then
- log "[I] You can not have a empty password for user: (${muser})."
- fi
- if [ ${count} -gt 2 ]
- then
- log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
- fi
- printf "Please enter password for the Ranger schema owner (${muser}): "
- trap 'stty echo; exit 1' 2 3 15
- stty -echo
- read db_password
- stty echo
- printf "\n"
- trap '' 2 3 15
- count=`expr ${count} + 1`
- done
-}
-
-
-check_audit_user_password() {
- count=0
- muser=${audit_db_user}@${DB_HOST}
- while [ "${audit_db_password}" = "" ]
- do
- if [ $count -gt 0 ]
- then
- log "[I] You can not have a empty password for user: (${muser})."
- fi
- if [ ${count} -gt 2 ]
- then
- log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
- fi
- printf "Please enter password for the Ranger Audit Table owner (${muser}): "
- trap 'stty echo; exit 1' 2 3 15
- stty -echo
- read audit_db_password
- stty echo
- printf "\n"
- trap '' 2 3 15
- count=`expr ${count} + 1`
- done
-}
-
-upgrade_db() {
- log "[I] - starting upgradedb ... "
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- DBVERSION_CATALOG_CREATION=db/mysql/create_dbversion_catalog.sql
- if [ -f ${DBVERSION_CATALOG_CREATION} ]
- then
- log "[I] Verifying database version catalog table .... "
- ${mysqlexec} < ${DBVERSION_CATALOG_CREATION}
- `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${DBVERSION_CATALOG_CREATION}`
- check_ret_status $? "Verifying database version catalog table Failed."
- fi
-
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- sqlfiles=`ls -1 db/mysql/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/mysql/patches/%s\n",$2) ; }'`
- for sql in ${sqlfiles}
- do
- if [ -f ${sql} ]
- then
- bn=`basename ${sql}`
- version=`echo ${bn} | awk -F'-' '{ print $1 }'`
- if [ "${version}" != "" ]
- then
- c=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
- check_ret_status $? "DBVerionCheck - ${version} Failed."
- if [ ${c} -eq 0 ]
- then
- cat ${sql} > ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
- log "[I] - patch [${version}] is being applied."
- `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${tempFile}`
- check_ret_status $? "Update patch - ${version} Failed. See sql file : [${tempFile}]"
- rm -f ${tempFile}
- else
- log "[I] - patch [${version}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
- ####
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- strError="ERROR"
- DBVERSION_CATALOG_CREATION=db/oracle/create_dbversion_catalog.sql
- VERSION_TABLE=x_db_version_h
- log "[I] Verifying table $VERSION_TABLE in database $db_name";
- if [ -f ${DBVERSION_CATALOG_CREATION} ]
- then
- result1=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('${db_name}') and UPPER(table_name)=UPPER('${VERSION_TABLE}');"`
- tablename=`echo $VERSION_TABLE | tr '[:lower:]' '[:upper:]'`
- if test "${result1#*$tablename}" == "$result1" #does not contains tablename so create table
- then
- log "[I] Importing Version Catalog file: $DBVERSION_CATALOG_CREATION..."
- result2=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$DBVERSION_CATALOG_CREATION`
- if test "${result2#*$strError}" == "$result2"
- then
- log "[I] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION DONE";
- else
- log "[E] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION Failed";
- log "[E] $result2"
- fi
- else
- log "[I] Table $VERSION_TABLE already exists in database ${db_name}"
- fi
- fi
-
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- sqlfiles=`ls -1 db/oracle/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/oracle/patches/%s\n",$2) ; }'`
- for sql in ${sqlfiles}
- do
- if [ -f ${sql} ]
- then
- bn=`basename ${sql}`
- version=`echo ${bn} | awk -F'-' '{ print $1 }'`
- if [ "${version}" != "" ]
- then
- result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- #does not contains record so insert
- if test "${result2#*$version}" == "$result2"
- then
- cat ${sql} > ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
- log "[I] - patch [${version}] is being applied. $tempFile"
- result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile`
- log "[+]$result3"
- if test "${result3#*$strError}" == "$result3"
- then
- log "[I] Update patch - ${version} applied. See sql file : [${tempFile}]"
- else
- log "[E] Update patch - ${version} Failed. See sql file : [${tempFile}]"
- fi
- rm -f ${tempFile}
- elif test "${result2#*$strError}" != "$result2"
- then
- log "[E] - patch [${version}] could not applied. Skipping ..."
- exit 1
- else
- log "[I] - patch [${version}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
- log "[I] - upgradedb completed."
-}
-
-import_db(){
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Verifying Database: ${db_name}";
- existdb=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h $DB_HOST -B --skip-column-names -e "show databases like '${db_name}' ;"`
- if [ "${existdb}" = "${db_name}" ]
- then
- log "[I] - database ${db_name} already exists. Ignoring import_db ..."
- else
- log "[I] Creating Database: $db_name";
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $db_name"
- check_ret_status $? "Creating database Failed.."
- log "[I] Importing Core Database file: $mysql_core_file "
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $db_name < $mysql_core_file
- check_ret_status $? "Importing Database Failed.."
- if [ -f "${mysql_asset_file}" ]
- then
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST ${db_name} < ${mysql_asset_file}
- check_ret_status $? "Reset of DB repositories failed"
- fi
- log "[I] Importing Database file : $mysql_core_file DONE";
- fi
- for thost in '%' localhost
- do
- mysqlquery="GRANT ALL ON $db_name.* TO '$db_user'@'$thost' ;
- GRANT ALL PRIVILEGES ON $db_name.* to '$db_user'@'$thost' WITH GRANT OPTION;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$db_user' grant privileges on '$db_name' failed"
- log "[I] Granting MYSQL user '$db_user' for host $thost DONE"
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Importing TABLESPACE: ${db_name}";
- strError="ERROR"
- existdb="false"
-
- #Verifying Users
- log "[I] Verifying DB User: ${db_user}";
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so create user
- then
- #create user
- result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so create user
- then
- log "[E] Creating User: ${db_user} Failed";
- log "[E] ${result4}";
- exit 1
- else
- log "[I] Creating User: ${db_user} Success";
- fi
- else
- log "[I] User: ${db_user} exist";
- fi
-
- #creating db/tablespace
- result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
- tablespace=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
- if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
- then
- log "[I] Creating TABLESPACE: ${db_name}";
- result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace ${db_name} datafile '${db_name}.dat' size 10M autoextend on;"`
- if test "${result2#*$strError}" == "$result2"
- then
- log "[I] TABLESPACE ${db_name} created.";
- existdb="true"
- else
- log "[E] Creating TABLESPACE: ${db_name} Failed";
- log "[E] $result2";
- exit 1
- fi
- else
- log "[I] TABLESPACE ${db_name} already exists.";
- fi
-
- #verify table space
- result1a=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
- tablespace1a=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
- if test "${result1a#*$tablespace1a}" == "$result1a" #does not contains tablespace so exit
- then
- log "[E] TABLESPACE: ${db_name} Does not exist!!";
- exit 1
- fi
-
- #verify user
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so exit
- then
- log "[E] User: ${db_user} Does not exist!!";
- exit 1
- fi
-
- # ASSIGN DEFAULT TABLESPACE ${db_name}
- result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${db_user} identified by \"${db_password}\" DEFAULT TABLESPACE ${db_name};"`
-
- #grant user
- result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
- if test "${result5#*$strError}" == "$result5"
- then
- log "[I] Granting User: ${db_user} Success";
- else
- log "[E] Granting User: ${db_user} Failed";
- log "[E] $result5";
- exit 1
- fi
-
- #if does not contains tables create tables
- if [ "${existdb}" == "true" ]
- then
- log "[I] Importing XA Database file: ${oracle_core_file}..."
- result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @${oracle_core_file}`
- if test "${result7#*$strError}" == "$result7"
- then
- log "[I] Importing XA Database file : ${oracle_core_file} DONE";
- else
- log "[E] Importing XA Database file : ${oracle_core_file} Failed";
- log "[E] $result7";
- exit 1
- fi
- else
- log "[I] - database ${db_name} already exists. Ignoring import_db ..." ;
- fi
- fi
-}
-
copy_db_connector(){
log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib ";
cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib
@@ -874,11 +368,18 @@ update_properties() {
if [ "${DB_FLAVOR}" == "ORACLE" ]
then
propertyName=ranger.jpa.jdbc.url
- newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+ count=$(grep -o ":" <<< "$DB_HOST" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${DB_HOST}"
+ fi
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
propertyName=ranger.jpa.audit.jdbc.url
- newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
propertyName=ranger.jpa.jdbc.dialect
@@ -994,7 +495,6 @@ update_properties() {
newPropertyValue=${audit_store}
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
-
propertyName=ranger.externalurl
newPropertyValue="${policymgr_external_url}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -1022,7 +522,6 @@ update_properties() {
then
mkdir -p `dirname "${keystore}"`
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$db_password_alias" -v "$db_password" -c 1
- #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
propertyName=ranger.credential.provider.path
newPropertyValue="${keystore}"
@@ -1065,18 +564,10 @@ update_properties() {
if [ "${keystore}" != "" ]
then
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_db_password_alias" -v "$audit_db_password" -c 1
- #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
propertyName=ranger.jpa.audit.jdbc.credential.alias
newPropertyValue="${audit_db_password_alias}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-
- #Use the same provider file for both audit/admin db
- # propertyName=audit.jdbc.credential.provider.path
- #propertyName=ranger.credential.provider.path
- #newPropertyValue="${keystore}"
- #updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
-
propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="_"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -1117,7 +608,6 @@ update_properties() {
audit_solr_password_alias=ranger.solr.password
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_solr_password_alias" -v "$audit_solr_password" -c 1
-# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore
propertyName=ranger.solr.audit.credential.alias
newPropertyValue="${audit_solr_password_alias}"
@@ -1143,183 +633,6 @@ update_properties() {
fi
}
-create_audit_db_user(){
- check_audit_user_password
- AUDIT_DB="${audit_db_name}"
- AUDIT_USER="${audit_db_user}"
- AUDIT_PASSWORD="${audit_db_password}"
- strError="ERROR"
- #Verifying Database
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Verifying Database: $AUDIT_DB";
- existdb=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -B --skip-column-names -e "show databases like '$AUDIT_DB' ;"`
- if [ "${existdb}" = "$AUDIT_DB" ]
- then
- log "[I] Database $AUDIT_DB already exists."
- else
- log "[I] Creating Database: $audit_db_name";
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $AUDIT_DB"
- check_ret_status $? "Creating database $AUDIT_DB Failed.."
- fi
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Verifying TABLESPACE: $AUDIT_DB";
- result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT distinct UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${AUDIT_DB}');"`
- tablespace=`echo $AUDIT_DB | tr '[:lower:]' '[:upper:]'`
- if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
- then
- log "[I] Creating TABLESPACE: $AUDIT_DB";
- result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace $AUDIT_DB datafile '$AUDIT_DB.dat' size 10M autoextend on;"`
- if test "${result2#*$strError}" == "$result2"
- then
- log "[I] TABLESPACE $AUDIT_DB created."
- else
- log "[E] Creating TABLESPACE: $AUDIT_DB Failed";
- log "[E] $result2"
- exit 1
- fi
- else
- log "[I] TABLESPACE $AUDIT_DB already exists."
- fi
- fi
-
- #Verifying Users
- log "[I] Verifying Audit User: $AUDIT_USER";
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- for thost in '%' localhost
- do
- usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$AUDIT_USER' and host = '$thost';"`
- if [ ${usercount} -eq 0 ]
- then
- log "[I] Creating ${DB_FLAVOR} user '$AUDIT_USER'@'$thost'"
- $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$AUDIT_USER'@'$thost' identified by '$AUDIT_PASSWORD';"
- check_ret_status $? "${DB_FLAVOR} create user failed"
- fi
- if [ "${AUDIT_USER}" != "${db_user}" ]
- then
- mysqlquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$AUDIT_USER'@'$thost' ;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$DB_FLAVOR' revoke privileges from user '$AUDIT_USER'@'$thost' failed"
- log "[I] '$DB_FLAVOR' revoke all privileges from user '$AUDIT_USER'@'$thost' DONE"
- fi
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${AUDIT_USER}');"`
- username=`echo $AUDIT_USER | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so create user
- then
- #create user
- result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
- if test "${result4#*$strError}" == "$result4"
- then
- log "[I] Creating User: ${AUDIT_USER} Success";
- else
- log "[E] Creating User: ${AUDIT_USER} Failed";
- log "[E] $result4"
- exit 1
- fi
- else
- log "[I] User: ${AUDIT_USER} exist";
- fi
- result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION TO ${AUDIT_USER};"`
- if test "${result5#*$strError}" == "$result5"
- then
- log "[I] Granting User: $AUDIT_USER Success";
- else
- log "[E] Granting User: $AUDIT_USER Failed";
- log "[E] $result5"
- exit 1
- fi
- fi
-
- #Verifying audit table
- AUDIT_TABLE=xa_access_audit
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Verifying table $AUDIT_TABLE in audit database $AUDIT_DB";
- existtbl=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -D $AUDIT_DB -h $DB_HOST -B --skip-column-names -e "show tables like '$AUDIT_TABLE' ;"`
- if [ "${existtbl}" != "$AUDIT_TABLE" ]
- then
- log "[I] Importing Audit Database file: $mysql_audit_file..."
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $AUDIT_DB < $mysql_audit_file
- check_ret_status $? "Importing Audit Database Failed.."
- log "[I] Importing Audit Database file : $mysql_audit_file DONE";
- else
- log "[I] Table $AUDIT_TABLE already exists in audit database $AUDIT_DB"
- fi
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Verifying table $AUDIT_TABLE in TABLESPACE $db_name";
- # ASSIGN DEFAULT TABLESPACE ${db_name}
- result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
- result6=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('$db_name') and UPPER(table_name)=UPPER('${AUDIT_TABLE}');"`
- tablename=`echo $AUDIT_TABLE | tr '[:lower:]' '[:upper:]'`
- if test "${result6#*$tablename}" == "$result6" #does not contains tablename so create table
- then
- log "[I] Importing Audit Database file: $oracle_audit_file..."
- result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$oracle_audit_file`
- if test "${result7#*$strError}" == "$result7"
- then
- log "[I] Importing Audit Database file : $oracle_audit_file DONE";
- else
- log "[E] Importing Audit Database file : $oracle_audit_file failed";
- log "[E] $result7"
- fi
- else
- log "[I] Table $AUDIT_TABLE already exists in TABLESPACE $db_name"
- fi
- fi
-
- #Granting Users
- log "[I] Granting Privileges to User: $AUDIT_USER";
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- for thost in '%' localhost
- do
- mysqlquery="GRANT ALL ON $AUDIT_DB.* TO '$db_user'@'$thost' ;
- GRANT ALL PRIVILEGES ON $AUDIT_DB.* to '$db_user'@'$thost' WITH GRANT OPTION;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$db_user' grant privileges on '$AUDIT_DB' failed"
- log "[I] Creating MYSQL user '$AUDIT_USER' for host $thost DONE"
-
- mysqlquery="GRANT INSERT ON $AUDIT_DB.$AUDIT_TABLE TO '$AUDIT_USER'@'$thost' ;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE failed"
- log "[I] '$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE DONE"
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- if [ "${AUDIT_USER}" != "${db_user}" ]
- then
- result11=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT SELECT ON ${db_user}.XA_ACCESS_AUDIT_SEQ TO ${AUDIT_USER};"`
- result12=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT INSERT ON ${db_user}.${AUDIT_TABLE} TO ${AUDIT_USER};"`
- if test "${result11#*$strError}" != "$result11"
- then
- log "[E] Granting User: $AUDIT_USER Failed";
- log "[E] $result11";
- exit1
- elif test "${result12#*$strError}" != "$result12"
- then
- log "[E] Granting User: $AUDIT_USER Failed";
- log "[E] $result12";
- exit 1
- else
- log "[I] Granting User: $AUDIT_USER Success";
- fi
- fi
- fi
-}
-
do_unixauth_setup() {
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
@@ -1356,40 +669,33 @@ do_authentication_setup(){
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
-# propertyName=xa_ldap_url
propertyName=ranger.ldap.url
newPropertyValue="${xa_ldap_url}"
-
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_userDNpattern
propertyName=ranger.ldap.user.dnpattern
newPropertyValue="${xa_ldap_userDNpattern}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_groupSearchBase
propertyName=ranger.ldap.group.searchbase
newPropertyValue="${xa_ldap_groupSearchBase}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_groupSearchFilter
propertyName=ranger.ldap.group.searchfilter
newPropertyValue="${xa_ldap_groupSearchFilter}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_groupRoleAttribute
propertyName=ranger.ldap.group.roleattribute
newPropertyValue="${xa_ldap_groupRoleAttribute}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=authentication_method
propertyName=ranger.authentication.method
newPropertyValue="${authentication_method}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
if [ "${xa_ldap_base_dn}" != "" ] && [ "${xa_ldap_bind_dn}" != "" ] && [ "${xa_ldap_bind_password}" != "" ]
then
- $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP'
+ $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP' 'password_validation'
if [ "$?" != "0" ]
then
exit 1
@@ -1419,7 +725,6 @@ do_authentication_setup(){
ldap_password_alias=ranger.ldap.binddn.password
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ldap_password_alias" -v "$xa_ldap_bind_password" -c 1
-# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ldap_password_alias" -value "$xa_ldap_bind_password" -provider jceks://file$keystore
to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
@@ -1464,24 +769,21 @@ do_authentication_setup(){
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
-# propertyName=xa_ldap_ad_url
propertyName=ranger.ldap.ad.url
newPropertyValue="${xa_ldap_ad_url}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_ad_domain
propertyName=ranger.ldap.ad.domain
newPropertyValue="${xa_ldap_ad_domain}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=authentication_method
propertyName=ranger.authentication.method
newPropertyValue="${authentication_method}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
if [ "${xa_ldap_ad_base_dn}" != "" ] && [ "${xa_ldap_ad_bind_dn}" != "" ] && [ "${xa_ldap_ad_bind_password}" != "" ]
then
- $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD'
+ $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD' 'password_validation'
if [ "$?" != "0" ]
then
exit 1
@@ -1510,7 +812,6 @@ do_authentication_setup(){
ad_password_alias=ranger.ad.binddn.password
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ad_password_alias" -v "$xa_ldap_ad_bind_password" -c 1
-# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ad_password_alias" -value "$xa_ldap_ad_bind_password" -provider jceks://file$keystore
to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
@@ -1564,18 +865,12 @@ do_authentication_setup(){
log "[I] Finished setup based on user authentication method=$authentication_method";
}
-
#=====================================================================
-
setup_unix_user_group(){
-
log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}";
-
groupadd ${unix_group}
check_ret_status_for_groupadd $? "Creating group ${unix_group} failed"
-
id -u ${unix_user} > /dev/null 2>&1
-
if [ $? -ne 0 ]
then
log "[I] Creating new user and adding to group";
@@ -1585,14 +880,11 @@ setup_unix_user_group(){
log "[I] User already exists, adding it to group";
usermod -g ${unix_group} ${unix_user}
fi
-
log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE";
}
setup_install_files(){
-
log "[I] Setting up installation files and directory";
-
if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf
@@ -1684,88 +976,6 @@ setup_install_files(){
fi
}
-execute_java_patches(){
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- #mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}"
- javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
- for javaPatch in ${javaFiles}
- do
- if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then
- className=$(basename "$javaPatch" .class)
- version=`echo ${className} | awk -F'_' '{ print $2 }'`
- if [ "${version}" != "" ]
- then
- #c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
- c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- check_ret_status $? "DBVerionCheck - ${version} Failed."
- #if [ ${c} -eq 0 ]
- if [ "${c}" != "${version}" ]
- then
- log "[I] patch ${javaPatch} is being applied..";
- msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF:$SQL_CONNECTOR_JAR" org.apache.ranger.patch.${className}`
- check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
- touch ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
- #${mysqlexec} < ${tempFile}
- c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}`
- check_ret_status $? "Update patch - ${javaPatch} has failed."
- rm -f ${tempFile}
- log "[I] patch ${javaPatch} has been applied!!";
- else
- log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
- for javaPatch in ${javaFiles}
- do
- if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then
- className=$(basename "$javaPatch" .class)
- version=`echo ${className} | awk -F'_' '{ print $2 }'`
- if [ "${version}" != "" ]
- then
- #result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- result2=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- #does not contains record so insert
- if test "${result2#*$version}" == "$result2"
- then
- log "[I] patch ${javaPatch} is being applied..";
- msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" org.apache.ranger.patch.${className}`
- check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
- touch ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
- #result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile`
- result3=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}`
- if test "${result3#*$strError}" == "$result3"
- then
- log "[I] patch ${javaPatch} has been applied!!";
- else
- log "[E] patch ${javaPatch} has failed."
- fi
- rm -f ${tempFile}
- elif test "${result2#*$strError}" != "$result2"
- then
- log "[E] - patch [${javaPatch}] could not applied. Skipping ..."
- exit 1
- else
- log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
-}
init_logfiles
log " --------- Running Ranger PolicyManager Web Application Install Script --------- "
log "[I] uname=`uname`"
@@ -1773,17 +983,11 @@ log "[I] hostname=`hostname`"
init_variables
get_distro
check_java_version
-#check_db_version
check_db_connector
setup_unix_user_group
setup_install_files
sanity_check_files
-#check_db_admin_password
-#create_db_user
copy_db_connector
-#import_db
-#upgrade_db
-#create_audit_db_user
check_python_command
run_dba_steps
if [ "$?" == "0" ]
@@ -1800,7 +1004,6 @@ else
log "[E] DB schema setup failed! Please contact Administrator."
exit 1
fi
-#execute_java_patches
$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
if [ "$?" == "0" ]
then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index 294f0da..0cbe43d 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -43,6 +43,8 @@ conf_dict={}
def log(msg,type):
if type == 'info':
logging.info(" %s",msg)
+ if type == 'error':
+ logging.error(" %s",msg)
if type == 'debug':
logging.debug(" %s",msg)
if type == 'warning':
@@ -50,21 +52,16 @@ def log(msg,type):
if type == 'exception':
logging.exception(" %s",msg)
-#def check_mysql_connector():
-# global MYSQL_CONNECTOR_JAR
-# ### From properties file
-# MYSQL_CONNECTOR_JAR = os.getenv("MYSQL_CONNECTOR_JAR")
-# debugMsg = "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR
-# log(debugMsg, 'debug')
-# log( "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR, "debug")
-# ### From properties file
-# if os.path.isfile(MYSQL_CONNECTOR_JAR):
-# log(" MYSQL CONNECTOR FILE :" + MYSQL_CONNECTOR_JAR + "file found",'info')
-# else:
-# log(" MYSQL CONNECTOR FILE : "+MYSQL_CONNECTOR_JAR+" file does not exist",'info')
-#pass
-
-
+def password_validation(password, userType):
+ if password:
+ if re.search("[\\\`'\"]",password):
+ log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error")
+ sys.exit(1)
+ else:
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
def resolve_sym_link(path):
path = os.path.realpath(path)
@@ -738,70 +735,78 @@ def update_properties():
log("SQL_HOST is : " + MYSQL_HOST,"debug")
if RANGER_DB_FLAVOR == "MYSQL":
- propertyName="ranger.jpa.jdbc.url"
- newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+ propertyName="ranger.jpa.jdbc.url"
+ newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.user"
+ newPropertyValue=db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
- propertyName="ranger.jpa.jdbc.user"
- newPropertyValue=db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+ propertyName="ranger.jpa.audit.jdbc.user"
+ newPropertyValue=audit_db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.url"
+ newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.audit.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.jdbc.driver"
+ newPropertyValue="net.sf.log4jdbc.DriverSpy"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.driver"
+ newPropertyValue="net.sf.log4jdbc.DriverSpy"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
- propertyName="ranger.jpa.audit.jdbc.user"
- newPropertyValue=audit_db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.url"
- newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.audit.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.jdbc.driver"
- newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.driver"
- newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
elif RANGER_DB_FLAVOR == "ORACLE":
- propertyName="ranger.jpa.jdbc.url"
- newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.jdbc.user"
- newPropertyValue=db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.user"
- newPropertyValue=audit_db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.url"
- newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.audit.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.jdbc.driver"
- newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.driver"
- newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+ propertyName="ranger.jpa.jdbc.url"
+ #if MYSQL_HOST.count(":") == 2:
+ if MYSQL_HOST.count(":") == 2 or MYSQL_HOST.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(MYSQL_HOST)
+
+ newPropertyValue=cstring
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.user"
+ newPropertyValue=db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.user"
+ newPropertyValue=audit_db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.url"
+ newPropertyValue=cstring
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.audit.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.jdbc.driver"
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.driver"
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif RANGER_DB_FLAVOR == "POSTGRES":
propertyName="ranger.jpa.jdbc.url"
@@ -905,6 +910,9 @@ def update_properties():
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP":
+
+ password_validation(os.getenv("RANGER_LDAP_BIND_PASSWORD"), "LDAP_BIND")
+
propertyName="ranger.authentication.method"
newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
@@ -950,6 +958,9 @@ def update_properties():
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY":
+
+ password_validation(os.getenv("RANGER_LDAP_AD_BIND_PASSWORD"), "AD_BIND")
+
propertyName="ranger.authentication.method"
newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 572323f..2d43379 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -175,7 +175,12 @@ public class XUserMgr extends XUserMgrBase {
}
public VXUser getXUserByUserName(String userName) {
- return xUserService.getXUserByUserName(userName);
+ VXUser vXUser=null;
+ vXUser=xUserService.getXUserByUserName(userName);
+ if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ vXUser=getMaskedVXUser(vXUser);
+ }
+ return vXUser;
}
public VXUser createXUser(VXUser vXUser) {
@@ -533,8 +538,12 @@ public class XUserMgr extends XUserMgrBase {
}
public VXUser getXUser(Long id) {
- return xUserService.readResourceWithOutLogin(id);
-
+ VXUser vXUser=null;
+ vXUser=xUserService.readResourceWithOutLogin(id);
+ if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ vXUser=getMaskedVXUser(vXUser);
+ }
+ return vXUser;
}
public VXGroupUser getXGroupUser(Long id) {
@@ -543,8 +552,12 @@ public class XUserMgr extends XUserMgrBase {
}
public VXGroup getXGroup(Long id) {
- return xGroupService.readResourceWithOutLogin(id);
-
+ VXGroup vXGroup=null;
+ vXGroup=xGroupService.readResourceWithOutLogin(id);
+ if(vXGroup!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ vXGroup=getMaskedVXGroup(vXGroup);
+ }
+ return vXGroup;
}
/**
@@ -1305,4 +1318,94 @@ public class XUserMgr extends XUserMgrBase {
return vXStringList;
}
+ public boolean hasAccess(String loginID) {
+ UserSessionBase session = ContextUtil.getCurrentUserSession();
+ if (session != null) {
+ if(session.isUserAdmin() || session.getLoginId().equalsIgnoreCase(loginID)){
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public VXUser getMaskedVXUser(VXUser vXUser) {
+ if(vXUser!=null){
+ if(vXUser.getGroupIdList()!=null && vXUser.getGroupIdList().size()>0){
+ vXUser.setGroupIdList(new ArrayList<Long>());
+ }
+ if(vXUser.getGroupNameList()!=null && vXUser.getGroupNameList().size()>0){
+ vXUser.setGroupNameList(getMaskedCollection(vXUser.getGroupNameList()));
+ }
+ if(vXUser.getUserRoleList()!=null && vXUser.getUserRoleList().size()>0){
+ vXUser.setUserRoleList(getMaskedCollection(vXUser.getUserRoleList()));
+ }
+ vXUser.setUpdatedBy(AppConstants.Masked_String);
+ }
+ return vXUser;
+ }
+
+ public VXGroup getMaskedVXGroup(VXGroup vXGroup) {
+ if(vXGroup!=null){
+ vXGroup.setUpdatedBy(AppConstants.Masked_String);
+ }
+ return vXGroup;
+ }
+
+ @Override
+ public VXUserList searchXUsers(SearchCriteria searchCriteria) {
+ VXUserList vXUserList = new VXUserList();
+ vXUserList=xUserService.searchXUsers(searchCriteria);
+ if(vXUserList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ List<VXUser> vXUsers = new ArrayList<VXUser>();
+ if(vXUserList!=null && vXUserList.getListSize()>0){
+ for(VXUser vXUser:vXUserList.getList()){
+ vXUser=getMaskedVXUser(vXUser);
+ vXUsers.add(vXUser);
+ }
+ vXUserList.setVXUsers(vXUsers);
+ }
+ }
+ return vXUserList;
+ }
+
+ @Override
+ public VXGroupList searchXGroups(SearchCriteria searchCriteria) {
+ VXGroupList vXGroupList=null;
+ vXGroupList=xGroupService.searchXGroups(searchCriteria);
+ if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ if(vXGroupList!=null && vXGroupList.getListSize()>0){
+ List<VXGroup> listMasked=new ArrayList<VXGroup>();
+ for(VXGroup vXGroup:vXGroupList.getList()){
+ vXGroup=getMaskedVXGroup(vXGroup);
+ listMasked.add(vXGroup);
+ }
+ vXGroupList.setVXGroups(listMasked);
+ }
+ }
+ return vXGroupList;
+ }
+
+ public Collection<String> getMaskedCollection(Collection<String> listunMasked){
+ List<String> listMasked=new ArrayList<String>();
+ if(listunMasked!=null && listunMasked.size()>0){
+ for(String content:listunMasked){
+ listMasked.add(AppConstants.Masked_String);
+ }
+ }
+ return listMasked;
+ }
+
+ public boolean hasAccessToModule(String moduleName){
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId()!=null){
+ VXUser vxUser = xUserService.getXUserByUserName(userSession.getLoginId());
+ if(vxUser!=null){
+ List<String> permissionList = daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSession.getUserId(), vxUser.getId());
+ if(permissionList!=null && permissionList.contains(moduleName)){
+ return true;
+ }
+ }
+ }
+ return false;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index 488ba8f..e47d10b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -595,6 +595,7 @@ public class AppConstants extends RangerCommonEnums {
public static final int HIST_OBJ_STATUS_DELETED = 3;
public static final int MAX_HIST_OBJ_STATUS = 3;
+ public static final String Masked_String = "*****";
static public String getLabelFor_AssetType( int elementValue ) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index abf4db4..40b08c4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -505,6 +505,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication= authenticator.authenticate(finalAuthentication);
return authentication;
+ }else{
+ if(authentication!=null&&!authentication.isAuthenticated()){
+ throw new BadCredentialsException("Bad credentials");
+ }
}
} catch (BadCredentialsException e) {
throw e;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
index 3d33d86..c226d63 100644
--- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
+++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
@@ -33,18 +33,19 @@ if (!Array.indexOf) {
function doLogin() {
- if ($("#username").val() === '' || $('#password').val() === '') {
+ var userName = $('#username').val().trim();
+ var passwd = $('#password').val().trim();
+
+ if (userName === '' || passwd === '') {
$('#errorBox').show();
$('#signInLoading').hide();
$('#signIn').removeAttr('disabled');
$('#errorBox .errorMsg').text("The username or password you entered is incorrect..");
return false;
}
- var userName = $('#username').val().trim();
- var passwd = $('#password').val().trim();
var regexEmail = /^([a-zA-Z0-9_\.\-\+])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
- var regexPlain = /^([a-zA-Z0-9_\.\-\+])+$/;
+ var regexPlain = /^([a-zA-Z0-9_\.\-\+ ])+$/;
if(!regexPlain.test(userName)){
if(!regexEmail.test(userName)){
$('#errorBox').show();
@@ -63,8 +64,8 @@ function doLogin() {
$.ajax({
data : {
- j_username : userName,
- j_password : passwd
+ j_username : $('#username').val(),
+ j_password : $('#password').val()
},
url : url,
type : 'POST',
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/storm-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh
index ab57bb9..955ceb5 100644
--- a/storm-agent/scripts/install.sh
+++ b/storm-agent/scripts/install.sh
@@ -228,7 +228,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
then
audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
updatePropertyToFile $propertyName $newPropertyValue $to_file
propertyName=XAAUDIT.DB.JDBC_DRIVER
[3/4] incubator-ranger git commit: RANGER-714: Enhancements to the db
admin setup scripts
Posted by ga...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index b08588d..1a74b4a 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -31,6 +31,8 @@ globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
+jisql_debug=True
+
if os_name == "LINUX":
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
if RANGER_ADMIN_HOME is None:
@@ -78,23 +80,14 @@ def populate_global_dict():
value = value.strip()
globalDict[key] = value
-def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
- finalLibPath = libpath.replace('\\','/').replace('//','/')
- finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
- if getorcreate == 'create':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
- p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode
- elif getorcreate == 'get':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
- p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode, output
- else:
- print 'proper command not received for input need get or create'
+def jisql_log(query, db_password):
+ if jisql_debug == True:
+ if os_name == "WINDOWS":
+ query = query.replace(' -p "'+db_password+'"' , ' -p "********"')
+ log("[JISQL] "+query, "info")
+ else:
+ query = query.replace(" -p '"+db_password+"'" , " -p '********'")
+ log("[JISQL] "+query, "info")
class BaseDB(object):
@@ -163,7 +156,7 @@ class MysqlConf(BaseDB):
if os_name == "LINUX":
jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -173,6 +166,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"SELECT version();\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT version();\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Checking connection passed.", "info")
@@ -190,9 +184,11 @@ class MysqlConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\" -c ;" %(audit_db_name,TABLE_NAME,audit_db_user,host)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info")
@@ -207,9 +203,11 @@ class MysqlConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -230,6 +228,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -237,17 +236,21 @@ class MysqlConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\"" %(version)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\" -c ;" %(version)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -271,6 +274,7 @@ class MysqlConf(BaseDB):
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -278,17 +282,21 @@ class MysqlConf(BaseDB):
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if os_name == "LINUX":
query = get_cmd2 + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\"" %(version)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\" -c ;" %(version)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -308,6 +316,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"show tables like '%s';\" -c ;" %(TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table " + TABLE_NAME +" already exists in database '" + db_name + "'","info")
@@ -361,6 +370,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Java patch "+ className +" is already applied" ,"info")
@@ -379,9 +389,11 @@ class MysqlConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', now(), user(), now(), user()) ;\"" %(version)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', now(), user(), now(), user()) ;\" -c ;" %(version)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is applied..","info")
@@ -401,11 +413,21 @@ class OracleConf(BaseDB):
def get_jisql_cmd(self, user, password):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
- self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+ if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
+ self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+
+ #if self.host.count(":") == 2:
+ if self.host.count(":") == 2 or self.host.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(self.host)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(self.host)
+
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
return jisql_cmd
@@ -416,6 +438,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select * from v$version;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from v$version;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Connection success", "info")
@@ -428,25 +451,31 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" % (audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;\" -c ;" % (db_user,audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;'" % (db_user,audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;\" -c ;" % (db_user,audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -458,9 +487,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd + " -input %s -c \;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " imported successfully","info")
@@ -473,17 +504,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;'" % (audit_db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;\" -c ;" % (audit_db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;'" % (audit_db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;\" -c ;" % (audit_db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -498,6 +533,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -505,17 +541,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd + " -input %s -c /" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c /" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s');\"" %(version, db_user, db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s');\" -c ;" %(version, db_user, db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -539,6 +579,7 @@ class OracleConf(BaseDB):
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -546,17 +587,21 @@ class OracleConf(BaseDB):
get_cmd2 = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd2 + " -input %s -c /" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s -c /" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd1 + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s');\"" %(version, db_user, db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s');\" -c ;" %(version, db_user, db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -576,6 +621,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query).strip()
output = output.strip(' |')
db_name = db_name.upper()
@@ -587,6 +633,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\" -c ;" %(db_name ,TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME.upper() + ' |'):
log("[I] Table " + TABLE_NAME +" already exists in tablespace " + db_name + "","info")
@@ -647,6 +694,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] java patch "+ className +" is already applied" ,"info")
@@ -665,9 +713,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'J%s', sysdate, '%s', sysdate, '%s');\"" %(version, db_user, db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'J%s', sysdate, '%s', sysdate, '%s');\" -c ;" %(version, db_user, db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] java patch "+ className +" applied", "info")
@@ -690,9 +740,9 @@ class PostgresConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -702,6 +752,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] connection success", "info")
@@ -717,9 +768,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -733,9 +786,11 @@ class PostgresConf(BaseDB):
log("[I] Granting select and usage privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT_SEQ", "info")
if os_name == "LINUX":
query = get_cmd + " -query 'GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;'" % (audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;\" -c ;" % (audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting select privileges to Postgres user '" + audit_db_user + "' failed", "error")
@@ -744,9 +799,11 @@ class PostgresConf(BaseDB):
log("[I] Granting insert privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT table", "info")
if os_name == "LINUX":
query = get_cmd + " -query 'GRANT INSERT ON XA_ACCESS_AUDIT TO %s;'" % (audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON XA_ACCESS_AUDIT TO %s;\" -c ;" % (audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error")
@@ -762,23 +819,28 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', current_timestamp, '%s', current_timestamp, '%s') ;\"" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', current_timestamp, '%s', current_timestamp, '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -802,6 +864,7 @@ class PostgresConf(BaseDB):
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -809,17 +872,21 @@ class PostgresConf(BaseDB):
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if os_name == "LINUX":
query = get_cmd2 + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', current_timestamp, '%s', current_timestamp, '%s') ;\"" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', current_timestamp, '%s', current_timestamp, '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -840,6 +907,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\"" %(db_name , TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\" -c ;" %(db_name , TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME +" |"):
log("[I] Table " + TABLE_NAME +" already exists in database " + db_name, "info")
@@ -895,6 +963,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] java patch "+ className +" is already applied" ,"info")
@@ -913,9 +982,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', current_timestamp, '%s', current_timestamp, '%s') ;\"" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', current_timestamp, '%s', current_timestamp, '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] java patch "+ className +" applied", "info")
@@ -939,9 +1010,9 @@ class SqlServerConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -951,6 +1022,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -966,9 +1038,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -982,6 +1056,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\" -c ;" %(TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
@@ -995,9 +1070,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"USE %s GRANT SELECT,INSERT to %s;\"" %(audit_db_name ,audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"USE %s GRANT SELECT,INSERT to %s;\" -c ;" %(audit_db_name ,audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0 :
sys.exit(1)
@@ -1014,23 +1091,28 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', CURRENT_TIMESTAMP, '%s', CURRENT_TIMESTAMP, '%s') ;\" -c \;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', CURRENT_TIMESTAMP, '%s', CURRENT_TIMESTAMP, '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -1054,6 +1136,7 @@ class SqlServerConf(BaseDB):
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -1061,17 +1144,21 @@ class SqlServerConf(BaseDB):
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if os_name == "LINUX":
query = get_cmd2 + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd1 + " -c \; -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', CURRENT_TIMESTAMP, '%s', CURRENT_TIMESTAMP, '%s') ;\"" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', CURRENT_TIMESTAMP, '%s', CURRENT_TIMESTAMP, '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -1131,6 +1218,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] java patch "+ className +" is already applied" ,"info")
@@ -1149,9 +1237,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', CURRENT_TIMESTAMP, '%s', CURRENT_TIMESTAMP, '%s') ;\" -c \;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', CURRENT_TIMESTAMP, '%s', CURRENT_TIMESTAMP, '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] java patch "+ className +" applied", "info")
@@ -1185,6 +1275,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -1200,9 +1291,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -1217,6 +1310,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\" -c ;" %(TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
@@ -1230,9 +1324,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\"" %(audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\" -c ;" %(audit_db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0 :
sys.exit(1)
@@ -1249,23 +1345,28 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s', GETDATE(), '%s') ;\" -c \;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s', GETDATE(), '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -1289,6 +1390,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
@@ -1296,17 +1398,21 @@ class SqlAnywhereConf(BaseDB):
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if os_name == "LINUX":
query = get_cmd2 + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if os_name == "LINUX":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s', GETDATE(), '%s') ;\" -c \;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s', GETDATE(), '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
@@ -1367,6 +1473,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] java patch "+ className +" is already applied" ,"info")
@@ -1385,9 +1492,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', GETDATE(), '%s', GETDATE(), '%s') ;\" -c \;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', GETDATE(), '%s', GETDATE(), '%s') ;\" -c ;" %(version,db_user,db_user)
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] java patch "+ className +" applied", "info")
@@ -1404,16 +1513,19 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"set option public.reserved_keywords='LIMIT';\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.reserved_keywords='LIMIT';\" -c ;"
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"set option public.max_statement_count=0;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.max_statement_count=0;\" -c;"
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"set option public.max_cursor_count=0;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.max_cursor_count=0;\" -c;"
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
def main(argv):
@@ -1568,7 +1680,6 @@ def main(argv):
else:
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
-# '''
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
@@ -1605,7 +1716,7 @@ def main(argv):
audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
log("[I] --------- Applying Audit DB patches ---------","info")
audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
-# '''
+
if len(argv)>1:
for i in range(len(argv)):
if str(argv[i]) == "-javapatch":
[4/4] incubator-ranger git commit: RANGER-714: Enhancements to the db
admin setup scripts
Posted by ga...@apache.org.
RANGER-714: Enhancements to the db admin setup scripts
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c462d0ea
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c462d0ea
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c462d0ea
Branch: refs/heads/master
Commit: c462d0ea9e65c19c5fc38d9d7dd10ed251f51412
Parents: febe193
Author: Gautam Borad <ga...@apache.org>
Authored: Mon Nov 9 15:08:53 2015 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Tue Nov 10 09:37:11 2015 +0530
----------------------------------------------------------------------
agents-common/scripts/enable-agent.sh | 11 +-
hbase-agent/scripts/install.sh | 10 +-
hdfs-agent/scripts/install.sh | 10 +-
hive-agent/scripts/install.sh | 10 +-
kms/scripts/db_setup.py | 72 +-
kms/scripts/dba_script.py | 322 ++++---
kms/scripts/install.properties | 10 +-
kms/scripts/setup.sh | 16 +-
knox-agent/scripts/install.sh | 10 +-
plugin-kms/scripts/enable-kms-plugin.sh | 11 +-
security-admin/scripts/db_setup.py | 165 +++-
security-admin/scripts/dba_script.py | 478 +++++++----
security-admin/scripts/install.properties | 34 +-
security-admin/scripts/setup.sh | 831 +------------------
security-admin/src/bin/ranger_install.py | 163 ++--
.../java/org/apache/ranger/biz/XUserMgr.java | 113 ++-
.../org/apache/ranger/common/AppConstants.java | 1 +
.../handler/RangerAuthenticationProvider.java | 4 +
.../main/webapp/scripts/prelogin/XAPrelogin.js | 13 +-
storm-agent/scripts/install.sh | 10 +-
20 files changed, 1067 insertions(+), 1227 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 32e922d..b9511d2 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -403,7 +403,16 @@ then
export XAAUDIT_DB_JDBC_DRIVER="com.mysql.jdbc.Driver"
elif [ "${db_flavor}" = "ORACLE" ]
then
- export XAAUDIT_DB_JDBC_URL="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
+ export XAAUDIT_DB_JDBC_URL=${newPropertyValue}
export XAAUDIT_DB_JDBC_DRIVER="oracle.jdbc.OracleDriver"
elif [ "${db_flavor}" = "POSTGRES" ]
then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/hbase-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.sh b/hbase-agent/scripts/install.sh
index a7b67f3..265be1d 100644
--- a/hbase-agent/scripts/install.sh
+++ b/hbase-agent/scripts/install.sh
@@ -281,7 +281,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
then
audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
updatePropertyToFile $propertyName $newPropertyValue $to_file
propertyName=XAAUDIT.DB.JDBC_DRIVER
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/hdfs-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.sh b/hdfs-agent/scripts/install.sh
index 9eef8da..ea88546 100644
--- a/hdfs-agent/scripts/install.sh
+++ b/hdfs-agent/scripts/install.sh
@@ -289,7 +289,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
then
audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
updatePropertyToFile $propertyName $newPropertyValue $to_file
propertyName=XAAUDIT.DB.JDBC_DRIVER
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/hive-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.sh b/hive-agent/scripts/install.sh
index cf7180d..fa19634 100644
--- a/hive-agent/scripts/install.sh
+++ b/hive-agent/scripts/install.sh
@@ -266,7 +266,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
then
audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
updatePropertyToFile $propertyName $newPropertyValue $to_file
propertyName=XAAUDIT.DB.JDBC_DRIVER
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index bdac333..1484fa1 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -31,6 +31,8 @@ globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
+jisql_debug=True
+
if os_name == "LINUX":
RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
if RANGER_KMS_HOME is None:
@@ -76,6 +78,15 @@ def populate_global_dict():
value = value.strip()
globalDict[key] = value
+def jisql_log(query, db_password):
+ if jisql_debug == True:
+ if os_name == "WINDOWS":
+ query = query.replace(' -p "'+db_password+'"' , ' -p "********"')
+ log("[JISQL] "+query, "info")
+ else:
+ query = query.replace(" -p '"+db_password+"'" , " -p '********'")
+ log("[JISQL] "+query, "info")
+
class BaseDB(object):
def check_connection(self, db_name, db_user, db_password):
@@ -96,13 +107,12 @@ class MysqlConf(BaseDB):
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password ,db_name):
- #path = os.getcwd()
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -112,6 +122,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"SELECT version();\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT version();\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Checking connection passed.", "info")
@@ -129,9 +140,11 @@ class MysqlConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -149,6 +162,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"show tables like '%s';\" -c ;" %(TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table " + TABLE_NAME +" already exists in database '" + db_name + "'","info")
@@ -166,17 +180,25 @@ class OracleConf(BaseDB):
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password):
- #path = os.getcwd()
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
- self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+ if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
+ self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+
+ #if self.host.count(":") == 2:
+ if self.host.count(":") == 2 or self.host.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(self.host)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(self.host)
+
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, cstring, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
return jisql_cmd
-
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password)
@@ -184,6 +206,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select * from v$version;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from v$version;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Connection success", "info")
@@ -200,9 +223,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
query = get_cmd + " -input %s -c \;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " imported successfully","info")
@@ -220,6 +245,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query).strip()
output = output.strip(' |')
db_name = db_name.upper()
@@ -231,6 +257,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\" -c ;" %(db_name ,TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME.upper() + ' |'):
log("[I] Table " + TABLE_NAME +" already exists in tablespace " + db_name + "","info")
@@ -253,13 +280,12 @@ class PostgresConf(BaseDB):
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
- #path = os.getcwd()
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -269,6 +295,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] connection success", "info")
@@ -284,9 +311,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -305,6 +334,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\"" %(db_name , TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\" -c ;" %(db_name , TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME +" |"):
log("[I] Table " + TABLE_NAME +" already exists in database " + db_name, "info")
@@ -323,13 +353,12 @@ class SqlServerConf(BaseDB):
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
- #path = os.getcwd()
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -339,6 +368,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -354,9 +384,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -373,6 +405,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\" -c ;" %(TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
@@ -392,9 +425,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -404,6 +437,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -419,9 +453,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
+ jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
@@ -439,6 +475,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\" -c ;" %(TABLE_NAME)
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
@@ -453,16 +490,19 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"set option public.reserved_keywords='LIMIT';\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.reserved_keywords='LIMIT';\" -c ;"
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"set option public.max_statement_count=0;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.max_statement_count=0;\" -c;"
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"set option public.max_cursor_count=0;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.max_cursor_count=0;\" -c;"
+ jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
def main(argv):
@@ -551,8 +591,6 @@ def main(argv):
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
-# '''
-
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index d1da5d1..06a6a8c 100755
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -30,6 +30,8 @@ globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
+jisql_debug=True
+
if os_name == "LINUX":
RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
if RANGER_KMS_HOME is None:
@@ -102,8 +104,20 @@ def password_validation(password, userType):
else:
log("[I] "+userType+" user password validated","info")
else:
- log("[E] Blank password is not allowed,please enter valid password.","error")
- sys.exit(1)
+ if userType == "DBA root":
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
+
+def jisql_log(query, db_root_password):
+ if jisql_debug == True:
+ if os_name == "WINDOWS":
+ query = query.replace(' -p "'+db_root_password+'"' , ' -p "********"')
+ log("[JISQL] "+query, "info")
+ else:
+ query = query.replace(" -p '"+db_root_password+"'" , " -p '********'")
+ log("[JISQL] "+query, "info")
class BaseDB(object):
@@ -116,8 +130,6 @@ class BaseDB(object):
def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
log("[I] ---------- Verifying database ----------", "info")
-
-
class MysqlConf(BaseDB):
# Constructor
def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
@@ -129,10 +141,10 @@ class MysqlConf(BaseDB):
#TODO: User array for forming command
path = RANGER_KMS_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
self.JAVA_BIN = self.JAVA_BIN.strip("'")
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -142,6 +154,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -155,6 +168,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"SELECT version();\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT version();\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
#log("[I] Checking connection passed.", "info")
@@ -178,9 +192,11 @@ class MysqlConf(BaseDB):
log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if os_name == "LINUX":
query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -195,9 +211,11 @@ class MysqlConf(BaseDB):
log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if os_name == "LINUX":
query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\" -c ;" %(db_user, host, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -220,13 +238,13 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
else:
return False
-
def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
if self.verify_db(root_user, db_root_password, db_name,dryMode):
if dryMode == False:
@@ -239,6 +257,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name)
if dryMode == False:
log("[I] Database does not exist, Creating database " + db_name,"info")
+ jisql_log(query, db_root_password)
if os_name == "LINUX":
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
@@ -256,42 +275,30 @@ class MysqlConf(BaseDB):
else:
logFile("create database %s;" %(db_name))
-
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
hosts_arr =["%", "localhost"]
hosts_arr.append(self.host)
- '''
- if is_revoke:
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- '''
-
for host in hosts_arr:
if dryMode == False:
log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
if os_name == "LINUX":
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] ---------- FLUSH PRIVILEGES ----------" , "info")
if os_name == "LINUX":
query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;"
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
@@ -304,6 +311,17 @@ class MysqlConf(BaseDB):
else:
logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;" %(db_name,db_user, host))
+ def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name):
+ logFile("# Login to MySQL Server from a MySQL dba user(i.e 'root') to execute below sql statements.")
+ hosts_arr =["%", "localhost"]
+ if not self.host == "localhost": hosts_arr.append(self.host)
+ for host in hosts_arr:
+ logFile("create user '%s'@'%s' identified by '%s';" %(db_user, host, db_password))
+ logFile("create database %s;"%(db_name))
+ for host in hosts_arr:
+ logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(db_name, db_user, host))
+ logFile("FLUSH PRIVILEGES;")
+
class OracleConf(BaseDB):
# Constructor
@@ -315,11 +333,21 @@ class OracleConf(BaseDB):
def get_jisql_cmd(self, user, password):
#TODO: User array for forming command
path = RANGER_KMS_HOME
- self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+ if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
+ self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+
+ #if self.host.count(":") == 2:
+ if self.host.count(":") == 2 or self.host.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(self.host)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(self.host)
+
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, cstring, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -329,6 +357,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select * from v$version;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from v$version;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Connection success", "info")
@@ -345,6 +374,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select username from all_users where upper(username)=upper('%s');\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -362,9 +392,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_user, db_root_password,dryMode):
@@ -372,9 +404,11 @@ class OracleConf(BaseDB):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
@@ -390,7 +424,6 @@ class OracleConf(BaseDB):
else:
logFile("create user %s identified by \"%s\";" %(db_user, db_password))
-
def verify_tablespace(self, root_user, db_root_password, db_name,dryMode):
if dryMode == False:
log("[I] Verifying tablespace " + db_name, "info")
@@ -399,6 +432,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name+' |'):
return True
@@ -415,6 +449,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query).strip()
db_name = db_name.upper() +' |'
if output == db_name:
@@ -430,9 +465,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_tablespace(root_user, db_root_password, db_name,dryMode):
@@ -456,17 +493,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user , db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting Oracle user '" + db_user + "' done", "info")
@@ -487,9 +528,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granted permission to " + db_user, "info")
@@ -500,7 +543,13 @@ class OracleConf(BaseDB):
else:
logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
-
+ def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name):
+ logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.")
+ logFile('create user %s identified by "%s";'%(db_user, db_password))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user))
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
+ logFile('alter user %s identified by "%s" DEFAULT Tablespace %s;'%(db_user, db_password, db_name))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user))
class PostgresConf(BaseDB):
# Constructor
@@ -514,9 +563,9 @@ class PostgresConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -527,6 +576,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -540,6 +590,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
#log("[I] connection success", "info")
@@ -559,9 +610,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
if os_name == "LINUX":
query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -583,6 +636,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -600,9 +654,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
if os_name == "LINUX":
query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -623,9 +679,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting all privileges on database "+db_name+" to user "+db_user+" failed..", "error")
@@ -633,9 +691,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting all privileges on schema public to user "+db_user+" failed..", "error")
@@ -643,9 +703,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\""
+ jisql_log(query, db_root_password)
output = check_output(query)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query)
for each_line in output.split('\n'):
if len(each_line) == 0 : continue
@@ -654,12 +716,14 @@ class PostgresConf(BaseDB):
tablename = tablename.strip()
if os_name == "LINUX":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(shlex.split(query1))
if ret != 0:
log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
sys.exit(1)
elif os_name == "WINDOWS":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(query1)
if ret != 0:
log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
@@ -668,9 +732,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\""
+ jisql_log(query, db_root_password)
output = check_output(query)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query)
for each_line in output.split('\n'):
if len(each_line) == 0 : continue
@@ -679,12 +745,14 @@ class PostgresConf(BaseDB):
sequence_name = sequence_name.strip()
if os_name == "LINUX":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(shlex.split(query1))
if ret != 0:
log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
sys.exit(1)
elif os_name == "WINDOWS":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(query1)
if ret != 0:
log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
@@ -697,7 +765,13 @@ class PostgresConf(BaseDB):
logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;" %(db_user))
logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;" %(db_user))
-
+ def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name):
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password))
+ logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user))
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(db_name))
+ logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user))
+ logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user))
class SqlServerConf(BaseDB):
# Constructor
@@ -711,9 +785,9 @@ class SqlServerConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -724,6 +798,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from sys.sql_logins where name = '%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from sys.sql_logins where name = '%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -737,6 +812,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -756,9 +832,11 @@ class SqlServerConf(BaseDB):
log("[I] User does not exists, Creating Login user " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\" -c ;" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -780,6 +858,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name from sys.databases where name='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -796,9 +875,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -821,6 +902,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
if dryMode == False:
@@ -829,15 +911,18 @@ class SqlServerConf(BaseDB):
if dryMode == False:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"USE %s CREATE USER %s for LOGIN %s;\" -c ;" %(db_name ,db_user, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name ,db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
log("[I] User "+db_user+" exist ","info")
@@ -856,15 +941,25 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \" EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \" EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
else:
logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user))
+ def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name):
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(db_user, db_password))
+ logFile("create database %s;" %(db_name))
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(db_name))
+ logFile("USE %s CREATE USER %s for LOGIN %s;" %(db_name, db_user, db_user))
+ logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user))
+
class SqlAnywhereConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -877,10 +972,11 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
+
def verify_user(self, root_user, db_root_password, db_user,dryMode):
if dryMode == False:
log("[I] Verifying user " + db_user , "info")
@@ -889,6 +985,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from syslogins where name = '%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name = '%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -902,6 +999,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -920,9 +1018,11 @@ class SqlAnywhereConf(BaseDB):
log("[I] User does not exists, Creating Login user " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -944,6 +1044,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select alias from sa_db_info() where alias='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select alias from sa_db_info() where alias='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -959,9 +1060,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\"" %(db_name,db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\" -c ;" %(db_name,db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -984,6 +1087,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
if dryMode == False:
@@ -992,15 +1096,18 @@ class SqlAnywhereConf(BaseDB):
if dryMode == False:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
log("[I] User "+db_user+" exist ","info")
@@ -1012,15 +1119,18 @@ class SqlAnywhereConf(BaseDB):
sys.exit(1)
else:
logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password))
+
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
if dryMode == False:
log("[I] Granting permission to user '" + db_user + "' on db '" + db_name + "'" , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CONNECT to %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -1035,8 +1145,16 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"start database '%s' autostop off;\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"start database '%s' autostop off;\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
+ def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name):
+ logFile("# Login to SQL Anywhere Server from a SQLA dba user(i.e 'dba') to execute below sql statements.")
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password))
+ logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(db_name, db_user ,db_password))
+ logFile("start database '%s' autostop off;" %(db_name))
+ logFile("GRANT CONNECT to %s IDENTIFIED BY '%s';" %(db_user, db_password))
+
def main(argv):
FORMAT = '%(asctime)-15s %(message)s'
@@ -1047,10 +1165,6 @@ def main(argv):
dryMode=False
is_revoke=False
- if len(argv) == 3:
- password_validation(argv[1],argv[2]);
- return;
-
if len(argv) > 1:
for i in range(len(argv)):
if str(argv[i]) == "-q":
@@ -1100,20 +1214,23 @@ def main(argv):
else:
log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
sys.exit(1)
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
else:
- if os.environ['JAVA_HOME'] == "":
- log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
- sys.exit(1)
- JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
- if os_name == "WINDOWS" :
- JAVA_BIN = JAVA_BIN+'.exe'
- if os.path.isfile(JAVA_BIN):
- pass
- else :
- while os.path.isfile(JAVA_BIN) == False:
- log("Enter java executable path: :","info")
- JAVA_BIN=raw_input()
- log("[I] Using Java:" + str(JAVA_BIN),"info")
+ JAVA_BIN=''
+ if not dryMode:
+ if os.environ['JAVA_HOME'] == "":
+ log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
+ if os_name == "WINDOWS" :
+ JAVA_BIN = JAVA_BIN+'.exe'
+ if os.path.isfile(JAVA_BIN):
+ pass
+ else :
+ while os.path.isfile(JAVA_BIN) == False:
+ log("Enter java executable path: :","info")
+ JAVA_BIN=raw_input()
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
if (quiteMode):
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
@@ -1129,70 +1246,84 @@ def main(argv):
if (quiteMode):
CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
else:
- if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL":
- log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
- CONNECTOR_JAR=raw_input()
- while os.path.isfile(CONNECTOR_JAR) == False:
- log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=''
+ if not dryMode:
+ if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL":
+ log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
CONNECTOR_JAR=raw_input()
- else:
- log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
- sys.exit(1)
+ while os.path.isfile(CONNECTOR_JAR) == False:
+ log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=raw_input()
+ else:
+ log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
+ sys.exit(1)
if (quiteMode):
xa_db_host = globalDict['db_host']
+ log("[I] DB Host:" + str(xa_db_host),"info")
else:
- xa_db_host=''
- while xa_db_host == "":
- log("Enter DB Host :","info")
- xa_db_host=raw_input()
- log("[I] DB Host:" + str(xa_db_host),"info")
+ if (dryMode):
+ xa_db_host='127.0.0.1'
+ else:
+ xa_db_host=''
+ while xa_db_host == "":
+ log("Enter DB Host :","info")
+ xa_db_host=raw_input()
if (quiteMode):
xa_db_root_user = globalDict['db_root_user']
xa_db_root_password = globalDict['db_root_password']
else:
- xa_db_root_user=''
- while xa_db_root_user == "":
- log("Enter db root user:","info")
- xa_db_root_user=raw_input()
- log("Enter db root password:","info")
- xa_db_root_password = getpass.getpass("Enter db root password:")
+ if (dryMode):
+ xa_db_root_user='db_root_user'
+ xa_db_root_password='*****'
+ else:
+ xa_db_root_user=''
+ while xa_db_root_user == "":
+ log("Enter db root user:","info")
+ xa_db_root_user=raw_input()
+ log("Enter db root password:","info")
+ xa_db_root_password = getpass.getpass("Enter db root password:")
if (quiteMode):
db_name = globalDict['db_name']
else:
- db_name = ''
- while db_name == "":
- log("Enter DB Name :","info")
- db_name=raw_input()
+ if (dryMode):
+ db_name='ranger_kms_db'
+ else:
+ db_name = ''
+ while db_name == "":
+ log("Enter DB Name :","info")
+ db_name=raw_input()
if (quiteMode):
db_user = globalDict['db_user']
else:
- db_user=''
- while db_user == "":
- log("Enter db user name:","info")
- db_user=raw_input()
+ if (dryMode):
+ db_user='ranger_kms_user'
+ else:
+ db_user=''
+ while db_user == "":
+ log("Enter db user name:","info")
+ db_user=raw_input()
if (quiteMode):
db_password = globalDict['db_password']
else:
- db_password=''
- while db_password == "":
- log("Enter db user password:","info")
- db_password = getpass.getpass("Enter db user password:")
+ if (dryMode):
+ db_password='*****'
+ else:
+ db_password=''
+ while db_password == "":
+ log("Enter db user password:","info")
+ db_password = getpass.getpass("Enter db user password:")
- #mysql_core_file = globalDict['mysql_core_file']
mysql_core_file = os.path.join('db','mysql','xa_core_db.sql')
- #oracle_core_file = globalDict['oracle_core_file']
oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql')
- #postgres_core_file = globalDict['postgres_core_file']
postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql')
- #sqlserver_core_file = globalDict['sqlserver_core_file']
sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql')
sqlanywhere_core_file = os.path.join('db','sqlanywhere','xa_core_db_sqlanywhere.sql')
@@ -1207,10 +1338,9 @@ def main(argv):
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
- if os_name == "LINUX":
+ if xa_db_root_user.upper() == "SYS":
xa_db_root_user = xa_db_root_user+" AS SYSDBA"
- elif os_name == "WINDOWS":
- xa_db_root_user = xa_db_root_user
+
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
xa_db_core_file = os.path.join(RANGER_KMS_HOME,oracle_core_file)
@@ -1239,18 +1369,18 @@ def main(argv):
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
- log("[I] ---------- Verifing Ranger KMS db user password ---------- ","info")
- password_validation(db_password,"KMS");
+ if not dryMode:
+ log("[I] ---------- Verifing DB root password ---------- ","info")
+ password_validation(xa_db_root_password,"DBA root");
+ log("[I] ---------- Verifing Ranger KMS db user password ---------- ","info")
+ password_validation(db_password,"KMS");
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
- log("[I] Dry run mode:"+str(dryMode),"info")
log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
logFile("===============================================\n")
- xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
- xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
+ xa_sqlObj.writeDrymodeCmd(xa_db_root_user, xa_db_root_password, db_user, db_password, db_name)
logFile("===============================================\n")
if (dryMode==False):
log("[I] ---------- Creating Ranger KMS db user ---------- ","info")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/kms/scripts/install.properties
----------------------------------------------------------------------
diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties
index 247e499..cf5dd92 100755
--- a/kms/scripts/install.properties
+++ b/kms/scripts/install.properties
@@ -25,12 +25,6 @@ PYTHON_COMMAND_INVOKER=python
#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA
DB_FLAVOR=MYSQL
-#
-# The executable path to be used to invoke command-line MYSQL
-#
-#SQL_COMMAND_INVOKER='mysql'
-#SQL_COMMAND_INVOKER='sqlplus'
-SQL_COMMAND_INVOKER='mysql'
#
# Location of DB client library (please check the location of the jar file)
@@ -51,6 +45,10 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
# **************************************************************************
#
#db_root_user=root|SYS|postgres|sa|dba
+#db_host=host:port # for DB_FLAVOR=MYSQL|POSTGRES|SQLA|MSSQL #for example: db_host=localhost:3306
+#db_host=host:port:SID # for DB_FLAVOR=ORACLE #for SID example: db_host=localhost:1521:ORCL
+#db_host=host:port/ServiceName # for DB_FLAVOR=ORACLE #for Service example: db_host=localhost:1521/XE
+#db_host=host:port:GL # for DB_FLAVOR=ORACLE #for TNSNAME example: db_host=localhost:1521:GL
db_root_user=root
db_root_password=
db_host=localhost
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/kms/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh
index 94b6e23..0a825c7 100755
--- a/kms/scripts/setup.sh
+++ b/kms/scripts/setup.sh
@@ -52,7 +52,6 @@ get_prop(){
PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE)
DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE)
-SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE)
SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE)
db_root_user=$(get_prop 'db_root_user' $PROPFILE)
db_root_password=$(get_prop 'db_root_password' $PROPFILE)
@@ -413,7 +412,15 @@ update_properties() {
if [ "${DB_FLAVOR}" == "ORACLE" ]
then
propertyName=ranger.ks.jpa.jdbc.url
- newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+ count=$(grep -o ":" <<< "$DB_HOST" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${DB_HOST}"
+ fi
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
propertyName=ranger.ks.jpa.jdbc.dialect
@@ -720,5 +727,8 @@ else
fi
./enable-kms-plugin.sh
-
+if [ "$?" != "0" ]
+then
+ exit 1
+fi
echo "Installation of Ranger KMS is completed."
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/knox-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.sh b/knox-agent/scripts/install.sh
index 271a2d4..41322d3 100644
--- a/knox-agent/scripts/install.sh
+++ b/knox-agent/scripts/install.sh
@@ -185,7 +185,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
then
audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
updatePropertyToFile $propertyName $newPropertyValue $to_file
propertyName=XAAUDIT.DB.JDBC_DRIVER
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/plugin-kms/scripts/enable-kms-plugin.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh
index 468d39e..7bf6c62 100755
--- a/plugin-kms/scripts/enable-kms-plugin.sh
+++ b/plugin-kms/scripts/enable-kms-plugin.sh
@@ -371,7 +371,16 @@ then
export XAAUDIT_DB_JDBC_DRIVER="com.mysql.jdbc.Driver"
elif [ "${db_flavor}" = "ORACLE" ]
then
- export XAAUDIT_DB_JDBC_URL="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
+ export XAAUDIT_DB_JDBC_URL=${newPropertyValue}
export XAAUDIT_DB_JDBC_DRIVER="oracle.jdbc.OracleDriver"
elif [ "${db_flavor}" = "POSTGRES" ]
then
[2/4] incubator-ranger git commit: RANGER-714: Enhancements to the db
admin setup scripts
Posted by ga...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 40a6c49..5564737 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -30,6 +30,8 @@ globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
+jisql_debug=True
+
if os_name == "LINUX":
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
if RANGER_ADMIN_HOME is None:
@@ -104,8 +106,20 @@ def password_validation(password, userType):
else:
log("[I] "+userType+" user password validated","info")
else:
- log("[E] Blank password is not allowed,please enter valid password.","error")
- sys.exit(1)
+ if userType == "DBA root":
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
+
+def jisql_log(query, db_root_password):
+ if jisql_debug == True:
+ if os_name == "WINDOWS":
+ query = query.replace(' -p "'+db_root_password+'"' , ' -p "********"')
+ log("[JISQL] "+query, "info")
+ else:
+ query = query.replace(" -p '"+db_root_password+"'" , " -p '********'")
+ log("[JISQL] "+query, "info")
class BaseDB(object):
@@ -133,10 +147,10 @@ class MysqlConf(BaseDB):
#TODO: User array for forming command
path = RANGER_ADMIN_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
self.JAVA_BIN = self.JAVA_BIN.strip("'")
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -146,6 +160,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -159,6 +174,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"SELECT version();\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT version();\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
#log("[I] Checking connection passed.", "info")
@@ -182,9 +198,11 @@ class MysqlConf(BaseDB):
log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if os_name == "LINUX":
query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, host, db_user, get_cmd, dryMode):
@@ -199,9 +217,11 @@ class MysqlConf(BaseDB):
log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if os_name == "LINUX":
query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\" -c ;" %(db_user, host, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -224,6 +244,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -243,6 +264,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name)
if dryMode == False:
log("[I] Database does not exist, Creating database " + db_name,"info")
+ jisql_log(query, db_root_password)
if os_name == "LINUX":
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
@@ -264,38 +286,27 @@ class MysqlConf(BaseDB):
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
hosts_arr =["%", "localhost"]
hosts_arr.append(self.host)
- '''
- if is_revoke:
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- '''
-
for host in hosts_arr:
if dryMode == False:
log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
if os_name == "LINUX":
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] ---------- FLUSH PRIVILEGES ----------" , "info")
if os_name == "LINUX":
query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;"
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
@@ -314,24 +325,28 @@ class MysqlConf(BaseDB):
if dryMode == False:
log("[I] ---------- Setup audit user ----------","info")
self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode)
- '''
- if is_revoke:
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- '''
self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password,dryMode)
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to MySQL Server from a MySQL dba user(i.e 'root') to execute below sql statements.")
+ hosts_arr =["%", "localhost"]
+ if not self.host == "localhost": hosts_arr.append(self.host)
+ for host in hosts_arr:
+ logFile("create user '%s'@'%s' identified by '%s';" %(db_user, host, db_password))
+ logFile("create database %s;"%(db_name))
+ for host in hosts_arr:
+ logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(db_name, db_user, host))
+ logFile("FLUSH PRIVILEGES;")
+ if not db_user == audit_db_user:
+ for host in hosts_arr:
+ logFile("create user '%s'@'%s' identified by '%s';"%(audit_db_user, host, audit_db_password))
+ if not db_name == audit_db_name:
+ logFile("create database %s;"%(audit_db_name))
+ if not db_name == audit_db_name:
+ for host in hosts_arr:
+ logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(audit_db_name, db_user, host))
+ logFile("FLUSH PRIVILEGES;")
class OracleConf(BaseDB):
@@ -344,13 +359,21 @@ class OracleConf(BaseDB):
def get_jisql_cmd(self, user, password):
#TODO: User array for forming command
path = RANGER_ADMIN_HOME
- #print "self.JAVA_BIN=" + self.JAVA_BIN
- self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+ if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
+ self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+
+ #if self.host.count(":") == 2:
+ if self.host.count(":") == 2 or self.host.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(self.host)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(self.host)
+
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, cstring, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
- #print jisql_cmd
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -360,6 +383,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select * from v$version;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from v$version;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Connection success", "info")
@@ -376,6 +400,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select username from all_users where upper(username)=upper('%s');\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -393,9 +418,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_user, db_root_password,dryMode):
@@ -403,9 +430,11 @@ class OracleConf(BaseDB):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
@@ -430,6 +459,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name+' |'):
return True
@@ -446,6 +476,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query).strip()
db_name = db_name.upper() +' |'
if output == db_name:
@@ -461,9 +492,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_tablespace(root_user, db_root_password, db_name,dryMode):
@@ -487,17 +520,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user , db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting Oracle user '" + db_user + "' done", "info")
@@ -526,9 +563,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(audit_db_name, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Tablespace creation failed..","error")
@@ -549,9 +588,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Tablespace creation failed..","error")
@@ -569,9 +610,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
+ jisql_log(query, audit_db_root_password)
ret1 = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, db_name)
+ jisql_log(query, audit_db_root_password)
ret1 = subprocess.call(query)
log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
@@ -579,18 +622,22 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret2 = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret2 = subprocess.call(query)
if (ret1 == 0 and ret2 == 0):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
return True
@@ -609,9 +656,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granted permission to " + db_user, "info")
@@ -636,9 +685,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode):
@@ -646,9 +697,11 @@ class OracleConf(BaseDB):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
@@ -674,17 +727,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(audit_db_user, audit_db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" %(audit_db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permission to " + audit_db_user + " done", "info")
@@ -700,6 +757,18 @@ class OracleConf(BaseDB):
if DBA_MODE == "TRUE":
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.")
+ logFile('create user %s identified by "%s";'%(db_user, db_password))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user))
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
+ logFile('alter user %s identified by "%s" DEFAULT tablespace %s;'%(db_user, db_password, db_name))
+ if not db_user == audit_db_user:
+ logFile('create user %s identified by "%s";'%(audit_db_user, audit_db_password))
+ logFile('GRANT CREATE SESSION TO %s;' %(audit_db_user))
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name))
+ logFile('alter user %s identified by "%s" DEFAULT tablespace %s;' %(audit_db_user, audit_db_password, audit_db_name))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user))
class PostgresConf(BaseDB):
# Constructor
@@ -713,9 +782,9 @@ class PostgresConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -726,6 +795,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -739,6 +809,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
#log("[I] connection success", "info")
@@ -758,9 +829,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
if os_name == "LINUX":
query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -782,6 +855,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -799,9 +873,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
if os_name == "LINUX":
query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -822,9 +898,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting all privileges on database "+db_name+" to user "+db_user+" failed..", "error")
@@ -832,9 +910,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting all privileges on schema public to user "+db_user+" failed..", "error")
@@ -842,9 +922,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\""
+ jisql_log(query, db_root_password)
output = check_output(query)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query)
for each_line in output.split('\n'):
if len(each_line) == 0 : continue
@@ -853,12 +935,14 @@ class PostgresConf(BaseDB):
tablename = tablename.strip()
if os_name == "LINUX":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(shlex.split(query1))
if ret != 0:
log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
sys.exit(1)
elif os_name == "WINDOWS":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(query1)
if ret != 0:
log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
@@ -870,6 +954,7 @@ class PostgresConf(BaseDB):
output = check_output(query)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query)
for each_line in output.split('\n'):
if len(each_line) == 0 : continue
@@ -878,12 +963,14 @@ class PostgresConf(BaseDB):
sequence_name = sequence_name.strip()
if os_name == "LINUX":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(shlex.split(query1))
if ret != 0:
log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
sys.exit(1)
elif os_name == "WINDOWS":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(query1)
if ret != 0:
log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
@@ -907,6 +994,25 @@ class PostgresConf(BaseDB):
if DBA_MODE == "TRUE":
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password))
+ logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user))
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(db_name))
+ logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(db_name, db_user))
+ logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user))
+ if not db_user == audit_db_user:
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(audit_db_user, audit_db_password))
+ if not db_name == audit_db_name:
+ if not db_user == audit_db_user:
+ pass
+ else:
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE DATABASE %s WITH OWNER %s;" %(audit_db_name, db_user))
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(audit_db_name))
+ logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(audit_db_name, db_user))
+ logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user))
class SqlServerConf(BaseDB):
# Constructor
@@ -920,9 +1026,9 @@ class SqlServerConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -933,6 +1039,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from sys.sql_logins where name = '%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from sys.sql_logins where name = '%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -946,6 +1053,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -965,9 +1073,11 @@ class SqlServerConf(BaseDB):
log("[I] User does not exists, Creating Login user " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\" -c ;" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -989,6 +1099,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name from sys.databases where name='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -1005,9 +1116,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -1029,6 +1142,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
if dryMode == False:
@@ -1037,15 +1151,18 @@ class SqlServerConf(BaseDB):
if dryMode == False:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s for LOGIN %s;\"" %(db_user, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s for LOGIN %s;\" -c ;" %(db_user, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
log("[I] User "+db_user+" exist ","info")
@@ -1064,9 +1181,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \" EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \" EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -1085,6 +1204,35 @@ class SqlServerConf(BaseDB):
self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke, dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(db_user, db_password))
+ logFile("create database %s;" %(db_name))
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(db_name))
+ logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user))
+ logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user))
+ if not db_user == audit_db_user:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(audit_db_user, audit_db_password))
+ if not db_name == audit_db_name:
+ if not db_user == audit_db_user:
+ pass
+ else:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("create database %s;"%(audit_db_name))
+ if db_name == audit_db_name and db_user!=audit_db_user:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(audit_db_name))
+ logFile("CREATE USER %s for LOGIN %s;" %(audit_db_user, audit_db_user))
+ if db_name != audit_db_name:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(audit_db_name))
+ if db_user==audit_db_user:
+ logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user))
+ else:
+ logFile("CREATE USER %s for LOGIN %s;" %(audit_db_user, audit_db_user))
+ logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user))
+ logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user))
+
+
class SqlAnywhereConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -1096,9 +1244,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -1109,6 +1257,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from syslogins where name = '%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name = '%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -1122,6 +1271,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -1141,9 +1291,11 @@ class SqlAnywhereConf(BaseDB):
log("[I] User does not exists, Creating Login user " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -1165,6 +1317,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"start database '%s' autostop off;\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"start database '%s' autostop off;\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
def verify_db(self, root_user, db_root_password, db_name,dryMode):
@@ -1175,6 +1328,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select alias from sa_db_info() where alias='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select alias from sa_db_info() where alias='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -1191,9 +1345,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\"" %(db_name,db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\" -c ;" %(db_name,db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -1216,6 +1372,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
if dryMode == False:
@@ -1224,15 +1381,18 @@ class SqlAnywhereConf(BaseDB):
if dryMode == False:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
log("[I] User "+db_user+" exist ","info")
@@ -1251,9 +1411,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -1271,6 +1433,21 @@ class SqlAnywhereConf(BaseDB):
self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
self.grant_xa_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password, is_revoke, dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to SQL Anywhere Server from a SQLA dba user(i.e 'dba') to execute below sql statements.")
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password))
+ logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(db_name, db_user ,db_password))
+ logFile("start database '%s' autostop off;" %(db_name))
+ if not db_user == audit_db_user:
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(audit_db_user, audit_db_password))
+ if not db_name == audit_db_name:
+ logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(audit_db_name, db_user ,db_password))
+ logFile("start database '%s' autostop off;" %(audit_db_name))
+ if not db_user == audit_db_user:
+ logFile("# Login to SQL Anywhere Server from '%s' user on '%s' database to execute below sql statements."%(db_user,audit_db_name))
+ logFile("GRANT CONNECT to %s IDENTIFIED BY '%s';" %(audit_db_user, audit_db_password))
+
+
def main(argv):
FORMAT = '%(asctime)-15s %(message)s'
@@ -1281,7 +1458,7 @@ def main(argv):
dryMode=False
is_revoke=False
- if len(argv) == 3:
+ if len(argv) == 4 and argv[3] == 'password_validation':
password_validation(argv[1],argv[2]);
return;
@@ -1334,20 +1511,24 @@ def main(argv):
else:
log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
sys.exit(1)
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
else:
- if os.environ['JAVA_HOME'] == "":
- log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
- sys.exit(1)
- JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
- if os_name == "WINDOWS" :
- JAVA_BIN = JAVA_BIN+'.exe'
- if os.path.isfile(JAVA_BIN):
- pass
- else :
- while os.path.isfile(JAVA_BIN) == False:
- log("Enter java executable path: :","info")
- JAVA_BIN=raw_input()
- log("[I] Using Java:" + str(JAVA_BIN),"info")
+ JAVA_BIN=''
+ if not dryMode:
+ if os.environ['JAVA_HOME'] == "":
+ log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
+ if os_name == "WINDOWS" :
+ JAVA_BIN = JAVA_BIN+'.exe'
+ if os.path.isfile(JAVA_BIN):
+ pass
+ else :
+ while os.path.isfile(JAVA_BIN) == False:
+ log("Enter java executable path: :","info")
+ JAVA_BIN=raw_input()
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
+
if (quiteMode):
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
@@ -1366,121 +1547,135 @@ def main(argv):
if (quiteMode):
CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
else:
- if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL":
- log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
- CONNECTOR_JAR=raw_input()
- while os.path.isfile(CONNECTOR_JAR) == False:
- log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=''
+ if not dryMode:
+ if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL" or XA_DB_FLAVOR == "SQLA":
+ log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
CONNECTOR_JAR=raw_input()
- else:
- log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
- sys.exit(1)
+ while os.path.isfile(CONNECTOR_JAR) == False:
+ log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=raw_input()
+ else:
+ log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
+ sys.exit(1)
if (quiteMode):
xa_db_host = globalDict['db_host']
audit_db_host = globalDict['db_host']
+ log("[I] DB Host:" + str(xa_db_host),"info")
else:
- xa_db_host=''
- while xa_db_host == "":
- log("Enter DB Host :","info")
- xa_db_host=raw_input()
- audit_db_host=xa_db_host
- log("[I] DB Host:" + str(xa_db_host),"info")
+ if (dryMode):
+ xa_db_host='127.0.0.1'
+ audit_db_host='127.0.0.1'
+ else:
+ xa_db_host=''
+ while xa_db_host == "":
+ log("Enter DB Host :","info")
+ xa_db_host=raw_input()
+ audit_db_host=xa_db_host
+ log("[I] DB Host:" + str(xa_db_host),"info")
if (quiteMode):
xa_db_root_user = globalDict['db_root_user']
xa_db_root_password = globalDict['db_root_password']
else:
- xa_db_root_user=''
- while xa_db_root_user == "":
- log("Enter db root user:","info")
- xa_db_root_user=raw_input()
- log("Enter db root password:","info")
- xa_db_root_password = getpass.getpass("Enter db root password:")
+ if (dryMode):
+ xa_db_root_user='db_root_user'
+ xa_db_root_password='*****'
+ else:
+ xa_db_root_user=''
+ while xa_db_root_user == "":
+ log("Enter db root user:","info")
+ xa_db_root_user=raw_input()
+ log("Enter db root password:","info")
+ xa_db_root_password = getpass.getpass("Enter db root password:")
if (quiteMode):
db_name = globalDict['db_name']
else:
- db_name = ''
- while db_name == "":
- log("Enter DB Name :","info")
- db_name=raw_input()
+ if (dryMode):
+ db_name='ranger_db'
+ else:
+ db_name = ''
+ while db_name == "":
+ log("Enter DB Name :","info")
+ db_name=raw_input()
if (quiteMode):
db_user = globalDict['db_user']
else:
- db_user=''
- while db_user == "":
- log("Enter db user name:","info")
- db_user=raw_input()
+ if (dryMode):
+ db_user='ranger_admin_user'
+ else:
+ db_user=''
+ while db_user == "":
+ log("Enter db user name:","info")
+ db_user=raw_input()
if (quiteMode):
db_password = globalDict['db_password']
else:
- db_password=''
- while db_password == "":
- log("Enter db user password:","info")
- db_password = getpass.getpass("Enter db user password:")
+ if (dryMode):
+ db_password='*****'
+ else:
+ db_password=''
+ while db_password == "":
+ log("Enter db user password:","info")
+ db_password = getpass.getpass("Enter db user password:")
if (quiteMode):
audit_db_name = globalDict['audit_db_name']
else:
- audit_db_name=''
- while audit_db_name == "":
- log("Enter audit db name:","info")
- audit_db_name = raw_input()
+ if (dryMode):
+ audit_db_name='ranger_audit_db'
+ else:
+ audit_db_name=''
+ while audit_db_name == "":
+ log("Enter audit db name:","info")
+ audit_db_name = raw_input()
if (quiteMode):
audit_db_user = globalDict['audit_db_user']
else:
- audit_db_user=''
- while audit_db_user == "":
- log("Enter audit user name:","info")
- audit_db_user = raw_input()
+ if (dryMode):
+ audit_db_user='ranger_logger_user'
+ else:
+ audit_db_user=''
+ while audit_db_user == "":
+ log("Enter audit user name:","info")
+ audit_db_user = raw_input()
if (quiteMode):
audit_db_password = globalDict['audit_db_password']
else:
- audit_db_password=''
- while audit_db_password == "":
- log("Enter audit db user password:","info")
- audit_db_password = getpass.getpass("Enter audit db user password:")
+ if (dryMode):
+ audit_db_password='*****'
+ else:
+ audit_db_password=''
+ while audit_db_password == "":
+ log("Enter audit db user password:","info")
+ audit_db_password = getpass.getpass("Enter audit db user password:")
audit_db_root_user = xa_db_root_user
audit_db_root_password = xa_db_root_password
- #audit_db_root_user = globalDict['db_root_user']
- #audit_db_root_password = globalDict['db_root_password']
- #print "Enter audit_db_root_password :"
- #log("Enter audit db root user:","info")
- #audit_db_root_user = raw_input()
- #log("Enter db root password:","info")
- #xa_db_root_password = raw_input()
mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
- #mysql_core_file = globalDict['mysql_core_file']
mysql_core_file = os.path.join('db','mysql','xa_core_db.sql')
- #mysql_audit_file = globalDict['mysql_audit_file']
mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql')
mysql_patches = os.path.join('db','mysql','patches')
oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql')
- #oracle_core_file = globalDict['oracle_core_file']
oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql')
- #oracle_audit_file = globalDict['oracle_audit_file']
oracle_audit_file = os.path.join('db','oracle','xa_audit_db_oracle.sql')
oracle_patches = os.path.join('db','oracle','patches')
postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql')
- #postgres_core_file = globalDict['postgres_core_file']
postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql')
- #postgres_audit_file = globalDict['postgres_audit_file']
postgres_audit_file = os.path.join('db','postgres','xa_audit_db_postgres.sql')
postgres_patches = os.path.join('db','postgres','patches')
sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql')
- #sqlserver_core_file = globalDict['sqlserver_core_file']
sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql')
- #sqlserver_audit_file = globalDict['sqlserver_audit_file']
sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql')
sqlserver_patches = os.path.join('db','sqlserver','patches')
@@ -1494,8 +1689,6 @@ def main(argv):
x_user = 'x_portal_user'
if XA_DB_FLAVOR == "MYSQL":
- #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,mysql_dbversion_catalog)
@@ -1503,21 +1696,16 @@ def main(argv):
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,mysql_patches)
elif XA_DB_FLAVOR == "ORACLE":
- #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
- if os_name == "LINUX":
+ if xa_db_root_user.upper() == "SYS" :
xa_db_root_user = xa_db_root_user+" AS SYSDBA"
- elif os_name == "WINDOWS":
- xa_db_root_user = xa_db_root_user
+
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,oracle_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,oracle_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,oracle_patches)
elif XA_DB_FLAVOR == "POSTGRES":
- #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
db_user=db_user.lower()
db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
@@ -1527,8 +1715,6 @@ def main(argv):
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,postgres_patches)
elif XA_DB_FLAVOR == "MSSQL":
- #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_dbversion_catalog)
@@ -1550,35 +1736,26 @@ def main(argv):
sys.exit(1)
if AUDIT_DB_FLAVOR == "MYSQL":
- #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,mysql_audit_file)
elif AUDIT_DB_FLAVOR == "ORACLE":
- #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
- if os_name == "LINUX":
+ if audit_db_root_user.upper() == "SYS":
audit_db_root_user = audit_db_root_user+" AS SYSDBA"
- if os_name == "WINDOWS":
- audit_db_root_user = audit_db_root_user
+
audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
- #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
audit_db_user=audit_db_user.lower()
- audit_db_name=audit_db_name.lower()
+ audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
elif AUDIT_DB_FLAVOR == "MSSQL":
- #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_audit_file)
@@ -1599,22 +1776,19 @@ def main(argv):
if audit_store is None or audit_store == "":
audit_store = "db"
audit_store=audit_store.lower()
-
- log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info")
- password_validation(db_password,"admin");
- log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
- password_validation(audit_db_password,"audit");
+ if not dryMode:
+ log("[I] ---------- Verifing DB root password ---------- ","info")
+ password_validation(xa_db_root_password,"DBA root");
+ log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info")
+ password_validation(db_password,"admin");
+ log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
+ password_validation(audit_db_password,"audit");
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
- log("[I] Dry run mode:"+str(dryMode),"info")
log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
logFile("===============================================\n")
- xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
- xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
- if not XA_DB_FLAVOR == "SQLA":
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
- audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name)
logFile("===============================================\n")
if (dryMode==False):
log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index eb0c7ec..f3af716 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -26,11 +26,6 @@ PYTHON_COMMAND_INVOKER=python
#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA
DB_FLAVOR=MYSQL
#
-# The executable path to be used to invoke command-line MYSQL
-#
-#SQL_COMMAND_INVOKER='mysql'
-#SQL_COMMAND_INVOKER='sqlplus'
-SQL_COMMAND_INVOKER='mysql'
#
# Location of DB client library (please check the location of the jar file)
@@ -51,6 +46,9 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
# **************************************************************************
#
#db_root_user=root|SYS|postgres|sa|dba
+#db_host=host:port # for DB_FLAVOR=MYSQL|POSTGRES|SQLA|MSSQL #for example: db_host=localhost:3306
+#db_host=host:port:SID # for DB_FLAVOR=ORACLE #for SID example: db_host=localhost:1521:ORCL
+#db_host=host:port/ServiceName # for DB_FLAVOR=ORACLE #for Service example: db_host=localhost:1521/XE
db_root_user=root
db_root_password=
db_host=localhost
@@ -129,16 +127,16 @@ authServicePort=5151
#
# Sample Settings
#
-#xa_ldap_url="ldap://127.0.0.1:389"
-#xa_ldap_userDNpattern="uid={0},ou=users,dc=xasecure,dc=net"
-#xa_ldap_groupSearchBase="ou=groups,dc=xasecure,dc=net"
-#xa_ldap_groupSearchFilter="(member=uid={0},ou=users,dc=xasecure,dc=net)"
-#xa_ldap_groupRoleAttribute="cn"
-#xa_ldap_base_dn="dc=xasecure,dc=net"
-#xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net"
+#xa_ldap_url=ldap://127.0.0.1:389
+#xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
+#xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
+#xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
+#xa_ldap_groupRoleAttribute=cn
+#xa_ldap_base_dn=dc=xasecure,dc=net
+#xa_ldap_bind_dn=cn=admin,ou=users,dc=xasecure,dc=net
#xa_ldap_bind_password=
#xa_ldap_referral=follow|ignore
-#xa_ldap_userSearchFilter="(uid={0})"
+#xa_ldap_userSearchFilter=(uid={0})
xa_ldap_url=
xa_ldap_userDNpattern=
@@ -154,13 +152,13 @@ xa_ldap_userSearchFilter=
#
# Sample Settings
#
-#xa_ldap_ad_domain="xasecure.net"
-#xa_ldap_ad_url="ldap://127.0.0.1:389"
-#xa_ldap_ad_base_dn="dc=xasecure,dc=net"
-#xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net"
+#xa_ldap_ad_domain=xasecure.net
+#xa_ldap_ad_url=ldap://127.0.0.1:389
+#xa_ldap_ad_base_dn=dc=xasecure,dc=net
+#xa_ldap_ad_bind_dn=cn=administrator,ou=users,dc=xasecure,dc=net
#xa_ldap_ad_bind_password=
#xa_ldap_ad_referral=follow|ignore
-#xa_ldap_ad_userSearchFilter="(sAMAccountName={0})"
+#xa_ldap_ad_userSearchFilter=(sAMAccountName={0})
xa_ldap_ad_domain=
xa_ldap_ad_url=