You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/11/18 17:51:09 UTC
[13/50] [abbrv] ambari git commit: AMBARI-13706. Alert for verifying
if Ranger admin password is in sync between Ranger and Ambari
AMBARI-13706. Alert for verifying if Ranger admin password is in sync between Ranger and Ambari
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ccdb1556
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ccdb1556
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ccdb1556
Branch: refs/heads/branch-dev-patch-upgrade
Commit: ccdb1556fdab62209f119a48f020459a8afe58ad
Parents: 6e69ef0
Author: Gautam Borad <ga...@apache.org>
Authored: Tue Nov 17 12:39:35 2015 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Tue Nov 17 13:46:44 2015 +0530
----------------------------------------------------------------------
.../libraries/functions/ranger_functions.py | 8 +-
.../libraries/functions/ranger_functions_v2.py | 5 +-
.../ranger-knox-plugin-properties.xml | 4 +-
.../common-services/RANGER/0.4.0/alerts.json | 12 ++
.../alerts/alert_ranger_admin_passwd_check.py | 180 +++++++++++++++++++
.../ranger-hbase-plugin-properties.xml | 3 +-
.../ranger-hdfs-plugin-properties.xml | 3 +-
.../ranger-hive-plugin-properties.xml | 3 +-
.../ranger-storm-plugin-properties.xml | 3 +-
.../ranger-kafka-plugin-properties.xml | 3 +
.../stacks/HDP/2.3/services/RANGER/alerts.json | 12 ++
.../RANGER/configuration/admin-properties.xml | 8 +-
.../ranger-yarn-plugin-properties.xml | 3 +
13 files changed, 232 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
index 4beeca9..ba075fa 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
@@ -120,13 +120,15 @@ class Rangeradmin:
else:
if retryCount < 5:
Logger.info("Retry Repository Creation is being called")
+ time.sleep(15) # delay for 15 seconds
retryCount += 1
else:
- raise Fail('{0} Repository creation failed in Ranger admin'.format(component.title()))
+ Logger.error('{0} Repository creation failed in Ranger admin'.format(component.title()))
+ break
else:
- raise Fail('Ambari admin user creation failed')
+ Logger.error('Ambari admin user creation failed')
elif not self.skip_if_rangeradmin_down:
- raise Fail("Connection failed to Ranger Admin !")
+ Logger.error("Connection failed to Ranger Admin !")
def create_repository_urllib2(self, data, usernamepassword, policy_user):
"""
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
index 328cf7f..33cbd55 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
@@ -113,12 +113,11 @@ class RangeradminV2:
retryCount += 1
else:
Logger.error('{0} Repository creation failed in Ranger admin'.format(component.title()))
- raise Fail('{0} Repository creation failed in Ranger admin'.format(component.title()))
+ break
else:
Logger.error('Ambari admin user creation failed')
- raise Fail('Ambari admin user creation failed')
elif not self.skip_if_rangeradmin_down:
- raise Fail("Connection failed to Ranger Admin !")
+ Logger.error("Connection failed to Ranger Admin !")
def create_repository_urllib2(self, data, usernamepassword):
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
index af224cf..0ab649c 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
@@ -23,7 +23,7 @@
<property>
<name>policy_user</name>
<value>ambari-qa</value>
- <display-name>policy User for KNOX</display-name>
+ <display-name>Policy user for KNOX</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
</property>
@@ -64,6 +64,7 @@
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>admin-password</value>
<property-type>PASSWORD</property-type>
+ <display-name>Ranger repository config password</display-name>
<description>Used for repository creation on ranger admin</description>
<value-attributes>
<type>password</type>
@@ -73,6 +74,7 @@
<property>
<name>KNOX_HOME</name>
<value>/usr/hdp/current/knox-server</value>
+ <display-name>Knox Home</display-name>
<description>Knox home folder</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/common-services/RANGER/0.4.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/alerts.json
index 62f29eb..a8b576c 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/alerts.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/alerts.json
@@ -29,6 +29,18 @@
}
}
}
+ },
+ {
+ "name": "ranger_admin_password_check",
+ "label": "Ranger Admin password check",
+ "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.",
+ "interval": 1,
+ "scope": "ANY",
+ "source": {
+ "type": "SCRIPT",
+ "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py",
+ "parameters": []
+ }
}
],
"RANGER_USERSYNC": [
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py
new file mode 100644
index 0000000..ad95980
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py
@@ -0,0 +1,180 @@
+#!/usr/bin/env python
+
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import base64
+import urllib2
+import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import logging
+from resource_management.core.environment import Environment
+
+logger = logging.getLogger()
+RANGER_ADMIN_URL = '{{admin-properties/policymgr_external_url}}'
+ADMIN_USERNAME = '{{ranger-env/admin_username}}'
+ADMIN_PASSWORD = '{{ranger-env/admin_password}}'
+RANGER_ADMIN_USERNAME = '{{ranger-env/ranger_admin_username}}'
+RANGER_ADMIN_PASSWORD = '{{ranger-env/ranger_admin_password}}'
+
+def get_tokens():
+ """
+ Returns a tuple of tokens in the format {{site/property}} that will be used
+ to build the dictionary passed into execute
+
+ :return tuple
+ """
+ return (RANGER_ADMIN_URL, ADMIN_USERNAME, ADMIN_PASSWORD, RANGER_ADMIN_USERNAME, RANGER_ADMIN_PASSWORD)
+
+
+def execute(configurations={}, parameters={}, host_name=None):
+ """
+ Returns a tuple containing the result code and a pre-formatted result label
+
+ Keyword arguments:
+ configurations (dictionary): a mapping of configuration key to value
+ parameters (dictionary): a mapping of script parameter key to value
+ host_name (string): the name of this host where the alert is running
+ """
+
+ if configurations is None:
+ return (('UNKNOWN', ['There were no configurations supplied to the script.']))
+
+ ranger_link = None
+ ranger_auth_link = None
+ ranger_get_user = None
+ admin_username = None
+ admin_password = None
+ ranger_admin_username = None
+ ranger_admin_password = None
+
+ if RANGER_ADMIN_URL in configurations:
+ ranger_link = configurations[RANGER_ADMIN_URL]
+ if ranger_link.endswith('/'):
+ ranger_link = ranger_link[:-1]
+ ranger_auth_link = '{0}/{1}'.format(ranger_link, 'service/public/api/repository/count')
+ ranger_get_user = '{0}/{1}'.format(ranger_link, 'service/xusers/users')
+
+ if ADMIN_USERNAME in configurations:
+ admin_username = configurations[ADMIN_USERNAME]
+
+ if ADMIN_PASSWORD in configurations:
+ admin_password = configurations[ADMIN_PASSWORD]
+
+ if RANGER_ADMIN_USERNAME in configurations:
+ ranger_admin_username = configurations[RANGER_ADMIN_USERNAME]
+
+ if RANGER_ADMIN_PASSWORD in configurations:
+ ranger_admin_password = configurations[RANGER_ADMIN_PASSWORD]
+
+ label = None
+ result_code = 'OK'
+
+ try:
+ admin_http_code = check_ranger_login(ranger_auth_link, admin_username, admin_password)
+ if admin_http_code == 200:
+ get_user_code = get_ranger_user(ranger_get_user, admin_username, admin_password, ranger_admin_username)
+ if get_user_code:
+ user_http_code = check_ranger_login(ranger_auth_link, ranger_admin_username, ranger_admin_password)
+ if user_http_code == 200:
+ result_code = 'OK'
+ label = 'Login Successful for users {0} and {1}'.format(admin_username, ranger_admin_username)
+ elif user_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(ranger_admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+ else:
+ result_code = 'OK'
+ label = 'Login Successful for user: {0}. User:{1} user not yet synced with Ranger'.format(admin_username, ranger_admin_username)
+ elif admin_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+
+ except Exception, e:
+ label = str(e)
+ result_code = 'UNKNOWN'
+ logger.exception(label)
+
+ return ((result_code, [label]))
+
+def check_ranger_login(ranger_auth_link, username, password):
+ """
+ params ranger_auth_link: ranger login url
+ params username: user credentials
+ params password: user credentials
+
+ return response code
+ """
+ try:
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(ranger_auth_link)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ if response_code == 200:
+ response = json.loads(result.read())
+ return response_code
+ except urllib2.HTTPError, e:
+ logger.exception("Error during Ranger service authentication. Http status code - {0}. {1}".format(e.code, e.read()))
+ return e.code
+ except urllib2.URLError, e:
+ logger.exception("Error during Ranger service authentication. {0}".format(e.reason))
+ return None
+ except Exception, e:
+ return 401
+
+def get_ranger_user(ranger_get_user, username, password, user):
+ """
+ params ranger_get_user: ranger get user url
+ params username: user credentials
+ params password: user credentials
+ params user: user to be search
+ return Boolean if user exist or not
+ """
+ try:
+ url = '{0}?name={1}'.format(ranger_get_user, user)
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(url)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(result.read())
+ if response_code == 200 and len(response['vXUsers']) > 0:
+ for xuser in response['vXUsers']:
+ if xuser['name'] == user:
+ return True
+ else:
+ return False
+ except urllib2.HTTPError, e:
+ logger.exception("Error getting user from Ranger service. Http status code - {0}. {1}".format(e.code, e.read()))
+ return False
+ except urllib2.URLError, e:
+ logger.exception("Error getting user from Ranger service. {0}".format(e.reason))
+ return False
+ except Exception, e:
+ return False
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
index 9911653..4e87151 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
@@ -32,7 +32,7 @@
<property>
<name>policy_user</name>
<value>ambari-qa</value>
- <display-name>policy User for HBASE</display-name>
+ <display-name>Policy user for HBASE</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
</property>
@@ -63,6 +63,7 @@
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>hbase</value>
+ <display-name>Ranger repository config password</display-name>
<property-type>PASSWORD</property-type>
<description>Used for repository creation on ranger admin</description>
<value-attributes>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
index dcffc02..8bb6369 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
@@ -15,7 +15,7 @@
<property>
<name>policy_user</name>
<value>ambari-qa</value>
- <display-name>policy User for HDFS</display-name>
+ <display-name>Policy user for HDFS</display-name>
<description>This user must be system user and also present at Ranger
admin portal</description>
</property>
@@ -67,6 +67,7 @@
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>hadoop</value>
+ <display-name>Ranger repository config password</display-name>
<property-type>PASSWORD</property-type>
<description>Used for repository creation on ranger admin
</description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
index 5b5f2d7..a9ceb29 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
@@ -23,7 +23,7 @@
<property>
<name>policy_user</name>
<value>ambari-qa</value>
- <display-name>policy User for HIVE</display-name>
+ <display-name>Policy user for HIVE</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
</property>
@@ -52,6 +52,7 @@
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>hive</value>
+ <display-name>Ranger repository config password</display-name>
<property-type>PASSWORD</property-type>
<description>Used for repository creation on ranger admin</description>
<value-attributes>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
index ff2ca82..ef07f4f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
@@ -23,7 +23,7 @@
<property>
<name>policy_user</name>
<value>storm</value>
- <display-name>policy User for STORM</display-name>
+ <display-name>Policy user for STORM</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
</property>
@@ -63,6 +63,7 @@
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>stormtestuser</value>
+ <display-name>Ranger repository config password</display-name>
<property-type>PASSWORD</property-type>
<description>Used for repository creation on ranger admin</description>
<value-attributes>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
index 1ddd06c..490e059 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
@@ -23,6 +23,7 @@
<property>
<name>policy_user</name>
<value>ambari-qa</value>
+ <display-name>Policy user for KAFKA</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
</property>
@@ -70,6 +71,7 @@
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>kafka</value>
+ <display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
</property>
@@ -77,6 +79,7 @@
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>kafka</value>
<property-type>PASSWORD</property-type>
+ <display-name>Ranger repository config password</display-name>
<description>Used for repository creation on ranger admin</description>
<value-attributes>
<type>password</type>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/alerts.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/alerts.json
index 2de5f87..480b7c9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/alerts.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/alerts.json
@@ -29,6 +29,18 @@
}
}
}
+ },
+ {
+ "name": "ranger_admin_password_check",
+ "label": "Ranger Admin password check",
+ "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.",
+ "interval": 1,
+ "scope": "ANY",
+ "source": {
+ "type": "SCRIPT",
+ "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py",
+ "parameters": []
+ }
}
],
"RANGER_USERSYNC": [
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml
index d20deec..984b4da 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml
@@ -82,8 +82,8 @@
<property>
<name>db_root_user</name>
<value>root</value>
- <display-name>Ranger DB root user</display-name>
- <description>Database admin user</description>
+ <display-name>Database Admintrator (DBA) password</display-name>
+ <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
<value-attributes>
<overridable>false</overridable>
</value-attributes>
@@ -93,8 +93,8 @@
<name>db_root_password</name>
<value></value>
<property-type>PASSWORD</property-type>
- <display-name>Ranger DB root password</display-name>
- <description>Database password for the database admin user-id</description>
+ <display-name>Database Admintrator (DBA) password</display-name>
+ <description>Database password for the database admin username</description>
<value-attributes>
<type>password</type>
<overridable>false</overridable>
http://git-wip-us.apache.org/repos/asf/ambari/blob/ccdb1556/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
index 7daedaf..f0c5946 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
@@ -23,6 +23,7 @@
<property>
<name>policy_user</name>
<value>ambari-qa</value>
+ <display-name>Policy user for YARN</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
</property>
@@ -64,12 +65,14 @@
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>yarn</value>
+ <display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>yarn</value>
+ <display-name>Ranger repository config password</display-name>
<property-type>PASSWORD</property-type>
<description>Used for repository creation on ranger admin</description>
<value-attributes>