You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/06/10 21:37:01 UTC
ambari git commit: Fix Ranger RU for Hive, Knox,
Storm (Gautam Borad via ncole)
Repository: ambari
Updated Branches:
refs/heads/trunk eb3f9cf74 -> 585165305
Fix Ranger RU for Hive, Knox, Storm (Gautam Borad via ncole)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/58516530
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/58516530
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/58516530
Branch: refs/heads/trunk
Commit: 58516530508d929ed62d87189e120fc1479ee1ce
Parents: eb3f9cf
Author: Nate Cole <nc...@hortonworks.com>
Authored: Wed Jun 10 15:35:29 2015 -0400
Committer: Nate Cole <nc...@hortonworks.com>
Committed: Wed Jun 10 15:35:29 2015 -0400
----------------------------------------------------------------------
.../0.12.0.2.0/package/scripts/hive_server.py | 2 +-
.../package/scripts/setup_ranger_hive.py | 10 +-
.../0.5.0.2.2/package/scripts/knox_gateway.py | 2 +-
.../package/scripts/setup_ranger_knox.py | 10 +-
.../STORM/0.9.1.2.1/package/scripts/nimbus.py | 2 +-
.../package/scripts/setup_ranger_storm.py | 10 +-
.../0.9.1.2.1/package/scripts/ui_server.py | 2 +-
.../stacks/HDP/2.2/upgrades/upgrade-2.3.xml | 114 ++++++++++++-------
ambari-web/app/data/HDP2.3/site_properties.js | 2 +-
9 files changed, 99 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
index de7f864..e29df4f 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
@@ -86,7 +86,7 @@ class HiveServerDefault(HiveServer):
env.set_params(params)
self.configure(env) # FOR SECURITY
- setup_ranger_hive()
+ setup_ranger_hive(rolling_upgrade=rolling_restart)
hive_service( 'hiveserver2', action = 'start', rolling_restart=rolling_restart)
def stop(self, env, rolling_restart=False):
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
index ac7f473..b0f0c3f 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
@@ -19,7 +19,7 @@ limitations under the License.
"""
from resource_management.core.logger import Logger
-def setup_ranger_hive():
+def setup_ranger_hive(rolling_upgrade = False):
import params
if params.has_ranger_admin:
@@ -29,6 +29,10 @@ def setup_ranger_hive():
else:
from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin
+ hdp_version = None
+ if rolling_upgrade:
+ hdp_version = params.version
+
setup_ranger_plugin('hive-server2', 'hive',
params.ranger_downloaded_custom_connector, params.ranger_driver_curl_source,
params.ranger_driver_curl_target, params.java64_home,
@@ -42,7 +46,7 @@ def setup_ranger_hive():
plugin_policymgr_ssl_properties=params.config['configurations']['ranger-hive-policymgr-ssl'], plugin_policymgr_ssl_attributes=params.config['configuration_attributes']['ranger-hive-policymgr-ssl'],
component_list=['hive-client', 'hive-metastore', 'hive-server2'], audit_db_is_enabled=params.xa_audit_db_is_enabled,
credential_file=params.credential_file, xa_audit_db_password=params.xa_audit_db_password,
- ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password
- )
+ ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password,
+ hdp_version_override = hdp_version)
else:
Logger.info('Ranger admin not installed')
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
index d9c9565..fab849c 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
@@ -150,7 +150,7 @@ class KnoxGatewayDefault(KnoxGateway):
self.configure(env)
daemon_cmd = format('{knox_bin} start')
no_op_test = format('ls {knox_pid_file} >/dev/null 2>&1 && ps -p `cat {knox_pid_file}` >/dev/null 2>&1')
- setup_ranger_knox()
+ setup_ranger_knox(rolling_upgrade=rolling_restart)
# Used to setup symlink, needed to update the knox managed symlink, in case of custom locations
if os.path.islink(params.knox_managed_pid_symlink) and os.path.realpath(params.knox_managed_pid_symlink) != params.knox_pid_dir:
os.unlink(params.knox_managed_pid_symlink)
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
index 2db23a0..f1319b3 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
@@ -19,7 +19,7 @@ limitations under the License.
"""
from resource_management.core.logger import Logger
-def setup_ranger_knox():
+def setup_ranger_knox(rolling_upgrade = False):
import params
if params.has_ranger_admin:
@@ -29,6 +29,10 @@ def setup_ranger_knox():
else:
from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin
+ hdp_version = None
+ if rolling_upgrade:
+ hdp_version = params.version
+
setup_ranger_plugin('knox-server', 'knox',
params.downloaded_custom_connector, params.driver_curl_source,
params.driver_curl_target, params.java_home,
@@ -42,7 +46,7 @@ def setup_ranger_knox():
plugin_policymgr_ssl_properties=params.config['configurations']['ranger-knox-policymgr-ssl'], plugin_policymgr_ssl_attributes=params.config['configuration_attributes']['ranger-knox-policymgr-ssl'],
component_list=['knox-server'], audit_db_is_enabled=params.xa_audit_db_is_enabled,
credential_file=params.credential_file, xa_audit_db_password=params.xa_audit_db_password,
- ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password
- )
+ ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password,
+ hdp_version_override = hdp_version)
else:
Logger.info('Ranger admin not installed')
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
index 93f3e05..6f8d5b0 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
@@ -65,7 +65,7 @@ class NimbusDefault(Nimbus):
import params
env.set_params(params)
self.configure(env)
- setup_ranger_storm()
+ setup_ranger_storm(rolling_upgrade=rolling_restart)
service("nimbus", action="start")
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
index 3c69b6b..d874ba3 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py
@@ -19,7 +19,7 @@ limitations under the License.
"""
from resource_management.core.logger import Logger
-def setup_ranger_storm():
+def setup_ranger_storm(rolling_upgrade = False):
import params
if params.has_ranger_admin and params.security_enabled:
@@ -29,6 +29,10 @@ def setup_ranger_storm():
else:
from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin
+ hdp_version = None
+ if rolling_upgrade:
+ hdp_version = params.version
+
setup_ranger_plugin('storm-nimbus', 'storm',
params.downloaded_custom_connector, params.driver_curl_source,
params.driver_curl_target, params.java64_home,
@@ -42,7 +46,7 @@ def setup_ranger_storm():
plugin_policymgr_ssl_properties=params.config['configurations']['ranger-storm-policymgr-ssl'], plugin_policymgr_ssl_attributes=params.config['configuration_attributes']['ranger-storm-policymgr-ssl'],
component_list=['storm-client', 'storm-nimbus'], audit_db_is_enabled=params.xa_audit_db_is_enabled,
credential_file=params.credential_file, xa_audit_db_password=params.xa_audit_db_password,
- ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password
- )
+ ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password,
+ hdp_version_override = hdp_version)
else:
Logger.info('Ranger admin not installed')
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
index 7c1fc6f..abe144f 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
@@ -84,7 +84,7 @@ class UiServerDefault(UiServer):
import params
env.set_params(params)
self.configure(env)
- setup_ranger_storm()
+ setup_ranger_storm(rolling_upgrade=rolling_restart)
service("ui", action="start")
def stop(self, env, rolling_restart=False):
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
index cc5caf1..aa3096f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml
@@ -330,7 +330,7 @@
</task>
<task xsi:type="configure" summary="Updating Ranger Admin">
<type>ranger-admin-site</type>
- <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_CLIENT_AUTH" to-key="xasecure.policymgr.clientssl.keystore" default-value="" />
+ <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_CLIENT_AUTH" to-key="ranger.service.https.attrib.clientAuth" default-value="" />
<transfer operation="copy" from-type="ranger-site" from-key="HTTPS_KEYSTORE_FILE" to-key="ranger.https.attrib.keystore.file" default-value="" />
<transfer operation="copy" from-type="ranger-site" from-key="HTTPS_KEYSTORE_PASS" to-key="ranger.service.https.attrib.keystore.pass" default-value="" mask="true" />
<transfer operation="copy" from-type="ranger-site" from-key="HTTPS_KEY_ALIAS" to-key="ranger.service.https.attrib.keystore.keyalias" default-value="" />
@@ -349,11 +349,12 @@
<transfer operation="copy" from-type="admin-properties" from-key="xa_ldap_groupRoleAttribute" to-key="ranger.ldap.group.roleattribute" default-value="" />
<transfer operation="copy" from-type="admin-properties" from-key="xa_ldap_ad_domain" to-key="ranger.ldap.ad.domain" default-value="" />
<transfer operation="copy" from-type="admin-properties" from-key="xa_ldap_ad_url" to-key="ranger.ldap.ad.url" default-value="" />
- <transfer operation="copy" from-type="admin-properties" from-key="policymgr_external_url" to-key="ranger.externalurl" default-value="" />
<transfer operation="copy" from-type="admin-properties" from-key="db_user" to-key="ranger.jpa.jdbc.user" default-value="" />
<transfer operation="copy" from-type="admin-properties" from-key="db_password" to-key="ranger.jpa.jdbc.password" default-value="" mask="true" />
<transfer operation="copy" from-type="admin-properties" from-key="audit_db_user" to-key="ranger.jpa.audit.jdbc.user" default-value="" />
<transfer operation="copy" from-type="admin-properties" from-key="audit_db_password" to-key="ranger.jpa.audit.jdbc.password" default-value="" mask="true" />
+
+ <set key="ranger.externalurl" value="{{ranger_external_url}}" />
</task>
<task xsi:type="server_action" summary="Calculating Ranger Properties" class="org.apache.ambari.server.serveraction.upgrades.RangerConfigCalculation" />
@@ -412,6 +413,12 @@
<transfer operation="delete" delete-key="POLICY_MGR_URL" />
<transfer operation="delete" delete-key="" />
</task>
+
+ <task xsi:type="configure">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="oracle_home" />
+ <transfer operation="delete" delete-key="" />
+ </task>
</pre-upgrade>
<upgrade>
@@ -448,18 +455,19 @@
<task xsi:type="configure" summary="Transitioning Ranger HDFS Audit">
<type>ranger-hdfs-audit</type>
<transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="false"/>
- <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit" />
+ <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit" />
<transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true" />
<transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/hadoop/hdfs/audit/hdfs/spool" />
<transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value="" />
<transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.password" mask="true" default-value="" />
- <set key="xasecure.audit.destination.solr" value="true" />
+ <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/>
+ <set key="xasecure.audit.destination.solr" value="false" />
<set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}" />
- <set key="xasecure.audit.destination.solr.zookeepers" value="" />
- <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/logs/hdfs/audit/solr/spool" />
+ <set key="xasecure.audit.destination.solr.zookeepers" value="none" />
+ <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/hadoop/hdfs/audit/solr/spool" />
<set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}" />
<set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}" />
- <set key="xasecure.audit.provider.summary.enabled" value="true" />
+ <set key="xasecure.audit.provider.summary.enabled" value="false" />
</task>
<task xsi:type="configure" summary="Transitioning Ranger HDFS Security">
@@ -479,7 +487,7 @@
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE" />
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS" />
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS" />
- <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS" />
+ <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" />
<transfer operation="delete" delete-key="SSL_KEYSTORE_FILE_PATH" />
<transfer operation="delete" delete-key="SSL_KEYSTORE_PASSWORD" />
<transfer operation="delete" delete-key="SSL_TRUSTSTORE_FILE_PATH" />
@@ -492,6 +500,9 @@
<transfer operation="delete" delete-key="XAAUDIT.DB.PASSWORD" />
<transfer operation="delete" delete-key="REPOSITORY_NAME" />
<transfer operation="delete" delete-key="POLICY_MGR_URL" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" />
</task>
</pre-upgrade>
@@ -618,15 +629,16 @@
<task xsi:type="configure" summary="Transitioning Ranger HBase Audit">
<type>ranger-hbase-audit</type>
<transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="false" />
- <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit" />
+ <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit" />
<transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true" />
- <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/logs/hadoop/hdfs/audit/hdfs/spool" />
+ <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/hbase/audit/hdfs/spool" />
<transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value="" />
<transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.password" mask="true" default-value="" />
- <set key="xasecure.audit.destination.solr" value="true" />
+ <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/>
+ <set key="xasecure.audit.destination.solr" value="false" />
<set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}" />
- <set key="xasecure.audit.destination.solr.zookeepers" value="" />
- <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/logs/hbase/audit/solr/spool" />
+ <set key="xasecure.audit.destination.solr.zookeepers" value="none" />
+ <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/hbase/audit/solr/spool" />
<set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}" />
<set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}" />
<set key="xasecure.audit.provider.summary.enabled" value="true" />
@@ -662,6 +674,9 @@
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" />
<transfer operation="delete" delete-key="XAAUDIT.DB.USER_NAME" />
<transfer operation="delete" delete-key="XAAUDIT.DB.PASSWORD" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" />
</task>
</pre-upgrade>
@@ -751,26 +766,27 @@
<task xsi:type="configure" summary="Configuring Ranger Hive Security">
<type>ranger-hive-security</type>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="POLICY_MGR_URL" to-key="ranger.plugin.hive.service.name" default-value="{{repo_name}}"/>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="REPOSITORY_NAME" to-key="ranger.plugin.hive.policy.source.impl" default-value="org.apache.ranger.admin.client.RangerAdminRESTClient"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="UPDATE_XAPOLICIES_ON_GRANT_REVOKE" to-key="xasecure.hive.update.xapolicies.on.grant.revoke" default-value="true"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="POLICY_MGR_URL" to-key="ranger.plugin.hive.policy.rest.url" default-value="{{policymgr_mgr_url}}"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="REPOSITORY_NAME" to-key="ranger.plugin.hive.service.name" default-value="{{repo_name}}"/>
</task>
<task xsi:type="configure" summary="Configuring Ranger Hive Audit">
<type>ranger-hive-audit</type>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="UPDATE_XAPOLICIES_ON_GRANT_REVOKE" to-key="xasecure.hive.update.xapolicies.on.grant.revoke" default-value="TRUE"/>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE"/>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit"/>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE"/>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/knox/audit/hdfs/spool"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="true"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/hive/audit/hdfs/spool"/>
<transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/>
- <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/>
- <set key="xasecure.audit.destination.solr" value="TRUE"/>
+ <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.password" default-value="" mask="true"/>
+ <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/>
+ <set key="xasecure.audit.destination.solr" value="false"/>
<set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/>
- <set key="xasecure.audit.destination.solr.zookeepers" value=""/>
- <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/knox/audit/solr/spool"/>
+ <set key="xasecure.audit.destination.solr.zookeepers" value="none"/>
+ <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/hive/audit/solr/spool"/>
<set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/>
- <set key="xasecure.audit.destination.db.jdbc.url" value=""/>
- <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/>
+ <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}"/>
+ <set key="xasecure.audit.provider.summary.enabled" value="false"/>
</task>
<task xsi:type="configure" summary="Removing Deprecated Ranger Hive Plugin Configurations">
@@ -797,6 +813,10 @@
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/>
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/>
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" />
</task>
</pre-upgrade>
@@ -951,19 +971,20 @@
<task xsi:type="configure" summary="Configuring Ranger Knox Audit">
<type>ranger-knox-audit</type>
- <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE"/>
- <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit"/>
- <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="true"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit"/>
+ <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true"/>
<transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/knox/audit/hdfs/spool"/>
<transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/>
<transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/>
- <set key="xasecure.audit.destination.solr" value="TRUE"/>
+ <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/>
+ <set key="xasecure.audit.destination.solr" value="false"/>
<set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/>
- <set key="xasecure.audit.destination.solr.zookeepers" value=""/>
+ <set key="xasecure.audit.destination.solr.zookeepers" value="none"/>
<set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/knox/audit/solr/spool"/>
<set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/>
- <set key="xasecure.audit.destination.db.jdbc.url" value=""/>
- <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/>
+ <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}"/>
+ <set key="xasecure.audit.provider.summary.enabled" value="false"/>
</task>
<task xsi:type="configure" summary="Removing Deprecated Ranger Knox Plugin Configurations">
@@ -987,6 +1008,12 @@
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/>
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/>
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" />
+ <transfer operation="delete" delete-key="REPOSITORY_NAME" />
+ <transfer operation="delete" delete-key="POLICY_MGR_URL" />
</task>
</pre-upgrade>
<upgrade>
@@ -1034,21 +1061,20 @@
<task xsi:type="configure" summary="Configuring Ranger Storm Audit">
<type>ranger-storm-audit</type>
- <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE" />
- <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit" />
- <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE" />
+ <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="true" />
+ <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit" />
+ <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true" />
<transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/storm/audit/hdfs/spool" />
<transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/>
<transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/>
<set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/>
- <set key="xasecure.audit.destination.solr" value="TRUE"/>
+ <set key="xasecure.audit.destination.solr" value="false"/>
<set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/>
- <set key="xasecure.audit.destination.solr.zookeepers" value=""/>
+ <set key="xasecure.audit.destination.solr.zookeepers" value="none"/>
<set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/storm/audit/solr/spool"/>
<set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/>
- <set key="xasecure.audit.destination.db.jdbc.url" value=""/>
- <set key="xasecure.audit.destination.db.user" value=""/>
- <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/>
+ <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}"/>
+ <set key="xasecure.audit.provider.summary.enabled" value="false"/>
</task>
<task xsi:type="configure" summary="Removing Deprecated Ranger Storm Plugin Configurations">
@@ -1072,6 +1098,12 @@
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/>
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/>
<transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/>
+ <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" />
+ <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" />
+ <transfer operation="delete" delete-key="REPOSITORY_NAME" />
+ <transfer operation="delete" delete-key="POLICY_MGR_URL" />
</task>
</pre-upgrade>
<upgrade>
http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-web/app/data/HDP2.3/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js
index ff7ce36..76d4b8f 100644
--- a/ambari-web/app/data/HDP2.3/site_properties.js
+++ b/ambari-web/app/data/HDP2.3/site_properties.js
@@ -260,7 +260,7 @@ hdp23properties.push({
},
{
"id": "site property",
- "name": "xasecure.audit.db.is.enabled",
+ "name": "xasecure.audit.destination.db",
"displayName": "Audit to DB",
"displayType": "checkbox",
"filename": "ranger-hbase-audit.xml",