You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/10/22 14:48:00 UTC
[1/2] ranger git commit: RANGER-2260: Atlas servicedef version change
patch should update atlas access type def for tag def also.
Repository: ranger
Updated Branches:
refs/heads/master 2a46f3cb9 -> 851e2f1fb
RANGER-2260: Atlas servicedef version change patch should update atlas access type def for tag def also.
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/ac4ef50b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/ac4ef50b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/ac4ef50b
Branch: refs/heads/master
Commit: ac4ef50b01fe35b858fe8ef45a8b5f896e44662b
Parents: 2a46f3c
Author: Pradeep <pr...@apache.org>
Authored: Mon Oct 22 19:28:47 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Mon Oct 22 19:47:13 2018 +0530
----------------------------------------------------------------------
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../patches/035-update-schema-for-x-policy.sql | 32 ++++++
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../patches/035-update-schema-for-x-policy.sql | 38 +++++++
.../current/ranger_core_db_postgres.sql | 1 +
.../patches/035-update-schema-for-x-policy.sql | 36 +++++++
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../patches/035-update-schema-for-x-policy.sql | 37 ++++---
.../current/ranger_core_db_sqlserver.sql | 1 +
.../patches/035-update-schema-for-x-policy.sql | 36 +++++--
.../PatchForAtlasServiceDefUpdate_J10013.java | 103 ++++++++++++++++++-
11 files changed, 265 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 70447fa..a4fa130 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1428,4 +1428,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10019',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
index ee82ae3..84db526 100644
--- a/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql
@@ -13,6 +13,38 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
+drop procedure if exists update_TagDefAccessTypes_for_atlas;
+
+delimiter ;;
+create procedure update_TagDefAccessTypes_for_atlas() begin
+DECLARE new_atlas_def_name varchar(100);
+if exists (select version from x_db_version_h where version = 'J10013') then
+ if exists (select name from x_service_def where name like 'atlas.%') then
+ set new_atlas_def_name=(select name from x_service_def where name like 'atlas.%');
+ if exists(select * from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) then
+ update x_access_type_def set name=concat(new_atlas_def_name,':read') where def_id=100 and name='atlas:read';
+ update x_access_type_def set name=concat(new_atlas_def_name,':create') where def_id=100 and name='atlas:create';
+ update x_access_type_def set name=concat(new_atlas_def_name,':update') where def_id=100 and name='atlas:update';
+ update x_access_type_def set name=concat(new_atlas_def_name,':delete') where def_id=100 and name='atlas:delete';
+ update x_access_type_def set name=concat(new_atlas_def_name,':all') where def_id=100 and name='atlas:all';
+ end if;
+ if exists(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) then
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':read') where implied_grant='atlas:read';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':create') where implied_grant='atlas:create';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':update') where implied_grant='atlas:update';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':delete') where implied_grant='atlas:delete';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':all') where implied_grant='atlas:all';
+ end if;
+ end if;
+end if;
+end;;
+
+delimiter ;
+call update_TagDefAccessTypes_for_atlas();
+
+drop procedure if exists update_TagDefAccessTypes_for_atlas;
+
+
drop procedure if exists alter_table_x_policy;
delimiter ;;
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 8b51307..0949cbd 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1405,5 +1405,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10016',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10019',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10020',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10025',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
index 11b4172..c75e620 100644
--- a/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql
@@ -161,3 +161,41 @@ CALL removeConstraints('X_POLICY_RESOURCE');
CALL removeConstraints('X_POLICY_RESOURCE_MAP');
CALL removeConstraints('X_POLICY_ITEM_USER_PERM');
CALL removeConstraints('X_POLICY_ITEM_ROWFILTER');
+
+DECLARE
+ v_record_exists number := 0;
+ new_atlas_def_name VARCHAR(1024);
+ sql_stmt VARCHAR(1024);
+BEGIN
+select count(*) into v_record_exists from x_db_version_h where version = 'J10013';
+ if (v_record_exists = 1) then
+ select name into new_atlas_def_name from x_service_def where name like 'atlas.%';
+ select count(*) into v_record_exists from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+ if (v_record_exists > 0) then
+ sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':create','atlas:create';
+ sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':update','atlas:update';
+ sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':delete','atlas:delete';
+ sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':read','atlas:read';
+ sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':all','atlas:all';
+ end if;
+ select count(*) into v_record_exists from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+ if (v_record_exists > 0) then
+ sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':create','atlas:create';
+ sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':update','atlas:update';
+ sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':delete','atlas:delete';
+ sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':read','atlas:read';
+ sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3';
+ EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':all','atlas:all';
+ end if;
+ end if;
+ commit;
+end;/
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index a123911..a0e02e0 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1520,6 +1520,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10019',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
index cb87cd0..61c7986 100644
--- a/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql
@@ -195,3 +195,39 @@ select removekeys();
select 'delimiter end';
+commit;
+select 'delimiter start';
+CREATE OR REPLACE FUNCTION update_TagDefAccessTypes_for_atlas()
+RETURNS void AS $$
+DECLARE
+ new_atlas_def_name VARCHAR(1024);
+ v_record_exists integer := 0;
+BEGIN
+select count(*) into v_record_exists from x_db_version_h where version = 'J10013';
+IF v_record_exists = 1 THEN
+ select name into new_atlas_def_name from x_service_def where name like 'atlas.%';
+ select count(*) into v_record_exists from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+ IF v_record_exists > 0 THEN
+ update x_access_type_def set name=(new_atlas_def_name || ':read')where def_id=100 and name='atlas:read';
+ update x_access_type_def set name=(new_atlas_def_name || ':create') where def_id=100 and name='atlas:create';
+ update x_access_type_def set name=(new_atlas_def_name || ':update') where def_id=100 and name='atlas:update';
+ update x_access_type_def set name=(new_atlas_def_name || ':delete') where def_id=100 and name='atlas:delete';
+ update x_access_type_def set name=(new_atlas_def_name || ':all') where def_id=100 and name='atlas:all';
+ END IF;
+ select count(*) into v_record_exists from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all');
+ IF v_record_exists > 0 THEN
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':read') where implied_grant='atlas:read';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':create') where implied_grant='atlas:create';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':update') where implied_grant='atlas:update';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':delete') where implied_grant='atlas:delete';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':all') where implied_grant='atlas:all';
+ END IF;
+ END IF;
+END;
+$$ LANGUAGE plpgsql;
+select 'delimiter end';
+
+select update_TagDefAccessTypes_for_atlas();
+commit;
+select 'delimiter end';
+
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 142302a..db8ebc3 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -1709,6 +1709,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
index 24d072f..c079014 100644
--- a/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql
@@ -145,36 +145,49 @@ BEGIN
END
close cur
DEALLOCATE CURSOR cur
-
END
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item_access')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item_condition')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item_datamask')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item_group_perm')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item_user_perm')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_item_rowfilter')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_resource')
GO
-
call dbo.removeForeignKeyConstraint('x_policy_resource_map')
GO
-
-exit
+BEGIN
+DECLARE new_atlas_def_name varchar(1024);
+DECLARE v_record_exists INT = 0;
+ IF EXISTS (select version from x_db_version_h where version = 'J10013') THEN
+ IF EXISTS(select name from x_service_def where name like 'atlas.%') THEN
+ select name into new_atlas_def_name from x_service_def where name like 'atlas.%';
+ IF EXISTS(select * from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) THEN
+ update x_access_type_def set name=(new_atlas_def_name || ':read') where def_id=100 and name='atlas:read';
+ update x_access_type_def set name=(new_atlas_def_name || ':create') where def_id=100 and name='atlas:create';
+ update x_access_type_def set name=(new_atlas_def_name || ':update') where def_id=100 and name='atlas:update';
+ update x_access_type_def set name=(new_atlas_def_name || ':delete') where def_id=100 and name='atlas:delete';
+ update x_access_type_def set name=(new_atlas_def_name || ':all') where def_id=100 and name='atlas:all';
+ END IF;
+ IF EXISTS(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) THEN
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':read') where implied_grant='atlas:read';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':create') where implied_grant='atlas:create';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':update') where implied_grant='atlas:update';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':delete') where implied_grant='atlas:delete';
+ update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':all') where implied_grant='atlas:all';
+ END IF;
+ END IF;
+ END IF;
+END
+GO
+exit
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 75c8faf..522b57b 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3256,6 +3256,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10019',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
index ebf44ac..bd646d6 100644
--- a/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
+++ b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql
@@ -425,29 +425,47 @@ GO
EXEC dbo.removeConstraints 'x_policy_item'
GO
-
EXEC dbo.removeConstraints 'x_policy_item_access'
GO
-
EXEC dbo.removeConstraints 'x_policy_item_condition'
GO
-
EXEC dbo.removeConstraints 'x_policy_item_datamask'
GO
-
EXEC dbo.removeConstraints 'x_policy_item_group_perm'
GO
-
EXEC dbo.removeConstraints 'x_policy_item_user_perm'
GO
-
EXEC dbo.removeConstraints 'x_policy_item_rowfilter'
GO
-
EXEC dbo.removeConstraints 'x_policy_resource'
GO
-
EXEC dbo.removeConstraints 'x_policy_resource_map'
GO
-EXIT
+IF EXISTS (select version from x_db_version_h where version = 'J10013')
+BEGIN
+ IF EXISTS(select name from x_service_def where name like 'atlas.%')
+ BEGIN
+ DECLARE @new_atlas_def_name VARCHAR(100);
+ set @new_atlas_def_name=(select name into new_atlas_def_name from x_service_def where name like 'atlas.%')
+ IF EXISTS(select * from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
+ BEGIN
+ update x_access_type_def set name=concat(new_atlas_def_name , ':read') where def_id=100 and name='atlas:read';
+ update x_access_type_def set name=concat(new_atlas_def_name , ':create') where def_id=100 and name='atlas:create';
+ update x_access_type_def set name=concat(new_atlas_def_name , ':update') where def_id=100 and name='atlas:update';
+ update x_access_type_def set name=concat(new_atlas_def_name , ':delete') where def_id=100 and name='atlas:delete';
+ update x_access_type_def set name=concat(new_atlas_def_name , ':all') where def_id=100 and name='atlas:all';
+ END IF;
+ IF EXISTS(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'))
+ BEGIN
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':read') where implied_grant='atlas:read';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':create') where implied_grant='atlas:create';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':update') where implied_grant='atlas:update';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':delete') where implied_grant='atlas:delete';
+ update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':all') where implied_grant='atlas:all';
+ END IF;
+ END IF;
+END IF;
+END
+GO
+EXIT
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/ac4ef50b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
index 1b315cd..c7af90c 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
@@ -17,13 +17,17 @@
package org.apache.ranger.patch;
+import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.HashSet;
import java.util.List;
+import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXAccessTypeDefDao;
import org.apache.ranger.db.XXResourceDefDao;
@@ -33,6 +37,8 @@ import org.apache.ranger.entity.XXAccessTypeDef;
import org.apache.ranger.entity.XXResourceDef;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.service.RangerServiceService;
import org.apache.ranger.util.CLIUtil;
@@ -42,7 +48,7 @@ import org.springframework.stereotype.Component;
@Component
public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
private static final Logger LOG = Logger.getLogger(PatchForAtlasServiceDefUpdate_J10013.class);
-
+ private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000;
@Autowired
RangerDaoManager daoMgr;
@@ -52,6 +58,9 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
@Autowired
RangerServiceService svcService;
+ @Autowired
+ RangerValidatorFactory validatorFactory;
+
public static void main(String[] args) {
LOG.info("main()");
try {
@@ -79,6 +88,7 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
updateAtlasServiceDef();
} catch (Exception e) {
LOG.error("Error whille updateAtlasServiceDef()data.", e);
+ System.exit(1);
}
LOG.info("<== PatchForAtlasServiceDefUpdate.execLoad()");
}
@@ -88,7 +98,7 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
LOG.info("PatchForAtlasServiceDefUpdate data ");
}
- private void updateAtlasServiceDef(){
+ private void updateAtlasServiceDef() throws Exception{
String serviceDefName=EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME;
XXServiceDefDao serviceDefDao = daoMgr.getXXServiceDef();
XXServiceDef serviceDef = serviceDefDao.findByName(serviceDefName);
@@ -111,6 +121,28 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
}
String serviceDefNewName = serviceDefName + suffix;
LOG.info("Renaming service-def " + serviceDefName + " as " + serviceDefNewName);
+ RangerServiceDef dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+ if (EmbeddedServiceDefsUtil.instance().getTagServiceDefId() != -1) {
+ RangerServiceDef dbTagServiceDef;
+ try {
+ dbTagServiceDef = svcDBStore.getServiceDef(EmbeddedServiceDefsUtil.instance().getTagServiceDefId());
+ if(dbTagServiceDef!=null) {
+ String prefix = serviceDefName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
+ String newPrefix = serviceDefNewName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
+
+ List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = dbAtlasServiceDef.getAccessTypes();
+ List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = dbTagServiceDef.getAccessTypes();
+ long itemIdOffset = serviceDef.getId() * (MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1);
+
+ boolean updateNeeded = updateTagAccessTypeDefs(svcDefAccessTypes, tagDefAccessTypes, itemIdOffset, prefix,newPrefix);
+ if(updateNeeded) {
+ svcDBStore.updateServiceDef(dbTagServiceDef);
+ }
+ }
+ } catch (Exception e) {
+ LOG.error("updateAtlasServiceDef:" + serviceDef.getName() + "): could not find TAG ServiceDef.. ", e);
+ }
+ }
serviceDef.setName(serviceDefNewName);
serviceDefDao.update(serviceDef);
LOG.info("Renamed service-def " + serviceDefName + " as " + serviceDefNewName);
@@ -162,4 +194,71 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader {
}
return result;
}
+
+ private boolean updateTagAccessTypeDefs(List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes,
+ List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes, long itemIdOffset, String prefix,String newPrefix) {
+ List<RangerServiceDef.RangerAccessTypeDef> toUpdate = new ArrayList<>();
+ for (RangerServiceDef.RangerAccessTypeDef tagAccessType : tagDefAccessTypes) {
+ if (tagAccessType.getName().startsWith(prefix)) {
+ long svcAccessTypeItemId = tagAccessType.getItemId() - itemIdOffset;
+ RangerServiceDef.RangerAccessTypeDef svcAccessType = findAccessTypeDef(svcAccessTypeItemId,svcDefAccessTypes);
+ if (svcAccessType != null) {
+ if (updateTagAccessTypeDef(tagAccessType, svcAccessType, newPrefix)) {
+ toUpdate.add(tagAccessType);
+ }
+ }
+ }
+ }
+ boolean updateNeeded = false;
+ if (CollectionUtils.isNotEmpty(toUpdate)) {
+ updateNeeded = true;
+ }
+ return updateNeeded;
+ }
+
+ private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) {
+ RangerServiceDef.RangerAccessTypeDef ret = null;
+ for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) {
+ if (itemId == accessTypeDef.getItemId()) {
+ ret = accessTypeDef;
+ break;
+ }
+ }
+ return ret;
+ }
+
+ private boolean updateTagAccessTypeDef(RangerServiceDef.RangerAccessTypeDef tagAccessType, RangerServiceDef.RangerAccessTypeDef svcAccessType, String newPrefix) {
+ boolean isUpdated = false;
+ if (!Objects.equals(tagAccessType.getName().substring(newPrefix.length()), svcAccessType.getName())) {
+ isUpdated = true;
+ } else {
+ Collection<String> tagImpliedGrants = tagAccessType.getImpliedGrants();
+ Collection<String> svcImpliedGrants = svcAccessType.getImpliedGrants();
+ int tagImpliedGrantsLen = tagImpliedGrants == null ? 0 : tagImpliedGrants.size();
+ int svcImpliedGrantsLen = svcImpliedGrants == null ? 0 : svcImpliedGrants.size();
+ if (tagImpliedGrantsLen != svcImpliedGrantsLen) {
+ isUpdated = true;
+ } else if (tagImpliedGrantsLen > 0) {
+ for (String svcImpliedGrant : svcImpliedGrants) {
+ if (!tagImpliedGrants.contains(newPrefix + svcImpliedGrant)) {
+ isUpdated = true;
+ break;
+ }
+ }
+ }
+ }
+ if (isUpdated) {
+ tagAccessType.setName(newPrefix + svcAccessType.getName());
+ tagAccessType.setLabel(svcAccessType.getLabel());
+ tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel());
+ tagAccessType.setImpliedGrants(new HashSet<String>());
+ if (CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) {
+ for (String svcImpliedGrant : svcAccessType.getImpliedGrants()) {
+ tagAccessType.getImpliedGrants().add(newPrefix + svcImpliedGrant);
+ }
+ }
+ }
+ return isUpdated;
+ }
+
}
\ No newline at end of file
[2/2] ranger git commit: RANGER-2251 : Need to provide options for
making java heap size memory configurable in Ranger services
Posted by pr...@apache.org.
RANGER-2251 : Need to provide options for making java heap size memory configurable in Ranger services
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/851e2f1f
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/851e2f1f
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/851e2f1f
Branch: refs/heads/master
Commit: 851e2f1fbc96f73d68ea54edc3eb55676aa16ad5
Parents: ac4ef50
Author: Vishal Suvagia <vi...@apache.org>
Authored: Mon Oct 22 14:03:56 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Mon Oct 22 19:50:39 2018 +0530
----------------------------------------------------------------------
.../scripts/ranger-admin-services.sh | 8 ++++--
kms/scripts/ranger-kms | 4 ++-
security-admin/scripts/db_setup.py | 30 +++++++++++++-------
security-admin/scripts/install.properties | 2 ++
tagsync/scripts/ranger-tagsync-services.sh | 3 ++
.../scripts/ranger-usersync-services.sh | 3 ++
6 files changed, 36 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/851e2f1f/embeddedwebserver/scripts/ranger-admin-services.sh
----------------------------------------------------------------------
diff --git a/embeddedwebserver/scripts/ranger-admin-services.sh b/embeddedwebserver/scripts/ranger-admin-services.sh
index 990d3c7..c04e1fc 100755
--- a/embeddedwebserver/scripts/ranger-admin-services.sh
+++ b/embeddedwebserver/scripts/ranger-admin-services.sh
@@ -28,13 +28,12 @@ action=`echo $action | tr '[:lower:]' '[:upper:]'`
realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
XAPOLICYMGR_DIR=`(cd $realScriptDir/..; pwd)`
-max_memory=1g
XAPOLICYMGR_EWS_DIR=${XAPOLICYMGR_DIR}/ews
RANGER_JAAS_LIB_DIR="${XAPOLICYMGR_EWS_DIR}/ranger_jaas"
RANGER_JAAS_CONF_DIR="${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf/ranger_jaas"
-JAVA_OPTS=" ${JAVA_OPTS} -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx${max_memory} -Xms1g -Xloggc:${XAPOLICYMGR_EWS_DIR}/logs/gc-worker.log -verbose:gc -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=1m -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCDateStamps"
-if [[ ${JAVA_OPTS} != *"-Duser.timezone"* ]] ;then export JAVA_OPTS=" ${JAVA_OPTS} -Duser.timezone=UTC" ;fi
+ranger_admin_max_heap_size=1g
+
if [ -f ${XAPOLICYMGR_DIR}/ews/webapp/WEB-INF/classes/conf/java_home.sh ]; then
. ${XAPOLICYMGR_DIR}/ews/webapp/WEB-INF/classes/conf/java_home.sh
fi
@@ -45,6 +44,9 @@ for custom_env_script in `find ${XAPOLICYMGR_DIR}/ews/webapp/WEB-INF/classes/con
fi
done
+JAVA_OPTS=" ${JAVA_OPTS} -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx${ranger_admin_max_heap_size} -Xms1g -Xloggc:${XAPOLICYMGR_EWS_DIR}/logs/gc-worker.log -verbose:gc -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=1m -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCDateStamps"
+if [[ ${JAVA_OPTS} != *"-Duser.timezone"* ]] ;then export JAVA_OPTS=" ${JAVA_OPTS} -Duser.timezone=UTC" ;fi
+
if [ "$JAVA_HOME" != "" ]; then
export PATH=$JAVA_HOME/bin:$PATH
fi
http://git-wip-us.apache.org/repos/asf/ranger/blob/851e2f1f/kms/scripts/ranger-kms
----------------------------------------------------------------------
diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms
index 604d701..bfe7bd5 100755
--- a/kms/scripts/ranger-kms
+++ b/kms/scripts/ranger-kms
@@ -33,7 +33,7 @@ RANGER_KMS_EWS_DIR=${RANGER_KMS_DIR}/ews
RANGER_KMS_EWS_CONF_DIR="${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/conf"
RANGER_KMS_EWS_LIB_DIR="${RANGER_KMS_EWS_DIR}/webapp/WEB-INF/classes/lib"
-JAVA_OPTS=" ${JAVA_OPTS} -XX:MaxPermSize=256m -Xmx1024m -Xms1024m "
+ranger_kms_max_heap_size=1g
if [ -f ${RANGER_KMS_DIR}/ews/webapp/WEB-INF/classes/conf/java_home.sh ]; then
. ${RANGER_KMS_DIR}/ews/webapp/WEB-INF/classes/conf/java_home.sh
@@ -45,6 +45,8 @@ for custom_env_script in `find ${RANGER_KMS_DIR}/ews/webapp/WEB-INF/classes/conf
fi
done
+JAVA_OPTS=" ${JAVA_OPTS} -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=256m -Xmx${ranger_kms_max_heap_size} -Xms1g "
+
if [ "$JAVA_HOME" != "" ]; then
export PATH=$JAVA_HOME/bin:$PATH
fi
http://git-wip-us.apache.org/repos/asf/ranger/blob/851e2f1f/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 5ac312f..3450fa6 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -31,7 +31,6 @@ jisql_debug=True
retryPatchAfterSeconds=120
java_patch_regex="^Patch.*?J\d{5}.class$"
is_unix = os_name == "LINUX" or os_name == "DARWIN"
-max_memory='1g'
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
if RANGER_ADMIN_HOME is None:
@@ -92,6 +91,8 @@ def populate_global_dict():
value = ''
value = value.strip()
globalDict[key] = value
+ if 'ranger_admin_max_heap_size' not in globalDict:
+ globalDict['ranger_admin_max_heap_size']='1g'
def jisql_log(query, db_password):
if jisql_debug == True:
@@ -497,6 +498,7 @@ class MysqlConf(BaseDB):
self.grant_audit_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
+ global globalDict
my_dict = {}
version = ""
className = ""
@@ -565,7 +567,7 @@ class MysqlConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,max_memory,ranger_log,path,className)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -1210,6 +1212,7 @@ class OracleConf(BaseDB):
self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
+ global globalDict
my_dict = {}
version = ""
className = ""
@@ -1305,7 +1308,7 @@ class OracleConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Djava.security.egd=file:///dev/urandom -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,max_memory,ranger_log,path,className)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Djava.security.egd=file:///dev/urandom -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -1345,6 +1348,7 @@ class OracleConf(BaseDB):
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
+ global globalDict
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
@@ -1400,7 +1404,7 @@ class OracleConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,max_memory,ranger_log,path,className,userName,oldPassword,newPassword)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -1950,6 +1954,7 @@ class PostgresConf(BaseDB):
self.grant_audit_db_user(audit_db_name ,db_user, audit_db_user, db_password,audit_db_password)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
+ global globalDict
my_dict = {}
version = ""
className = ""
@@ -2020,7 +2025,7 @@ class PostgresConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,max_memory,ranger_log,path,className)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -2060,6 +2065,7 @@ class PostgresConf(BaseDB):
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
+ global globalDict
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
@@ -2115,7 +2121,7 @@ class PostgresConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,max_memory,ranger_log,path,className,userName,oldPassword,newPassword)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -2607,6 +2613,7 @@ class SqlServerConf(BaseDB):
self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
+ global globalDict
my_dict = {}
version = ""
className = ""
@@ -2677,7 +2684,7 @@ class SqlServerConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,max_memory,ranger_log,path,className)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -2717,6 +2724,7 @@ class SqlServerConf(BaseDB):
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
+ global globalDict
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
@@ -2772,7 +2780,7 @@ class SqlServerConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,max_memory,ranger_log,path,className,userName,oldPassword,newPassword)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -3256,6 +3264,7 @@ class SqlAnywhereConf(BaseDB):
self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
+ global globalDict
my_dict = {}
version = ""
className = ""
@@ -3326,7 +3335,7 @@ class SqlAnywhereConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,max_memory,ranger_log,path,className)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
@@ -3387,6 +3396,7 @@ class SqlAnywhereConf(BaseDB):
ret = subprocessCallWithRetry(shlex.split(query))
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
+ global globalDict
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
@@ -3442,7 +3452,7 @@ class SqlAnywhereConf(BaseDB):
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
- get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,max_memory,ranger_log,path,className,userName,oldPassword,newPassword)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
http://git-wip-us.apache.org/repos/asf/ranger/blob/851e2f1f/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 34c52eb..30b946b 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -226,6 +226,8 @@ JAVA_BIN='java'
JAVA_VERSION_REQUIRED='1.7'
JAVA_ORACLE='Java(TM) SE Runtime Environment'
+ranger_admin_max_heap_size=1g
+
#mysql_create_user_file=${PWD}/db/mysql/create_dev_user.sql
mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
mysql_audit_file=db/mysql/xa_audit_db.sql
http://git-wip-us.apache.org/repos/asf/ranger/blob/851e2f1f/tagsync/scripts/ranger-tagsync-services.sh
----------------------------------------------------------------------
diff --git a/tagsync/scripts/ranger-tagsync-services.sh b/tagsync/scripts/ranger-tagsync-services.sh
index 6fcdf15..8e63aa3 100755
--- a/tagsync/scripts/ranger-tagsync-services.sh
+++ b/tagsync/scripts/ranger-tagsync-services.sh
@@ -26,6 +26,7 @@ realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
cd $realScriptDir
cdir=`pwd`
+ranger_tagsync_max_heap_size=1g
for custom_env_script in `find ${cdir}/conf/ -name "ranger-tagsync-env*"`; do
if [ -f $custom_env_script ]; then
@@ -48,6 +49,8 @@ if [ -z "${UNIX_TAGSYNC_USER}" ]; then
UNIX_TAGSYNC_USER=ranger
fi
+JAVA_OPTS=" ${JAVA_OPTS} -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx${ranger_tagsync_max_heap_size} -Xms1g "
+
if [ "${action}" == "START" ]; then
#Export JAVA_HOME
http://git-wip-us.apache.org/repos/asf/ranger/blob/851e2f1f/unixauthservice/scripts/ranger-usersync-services.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/ranger-usersync-services.sh b/unixauthservice/scripts/ranger-usersync-services.sh
index 0c03c5a..5d26c5f 100644
--- a/unixauthservice/scripts/ranger-usersync-services.sh
+++ b/unixauthservice/scripts/ranger-usersync-services.sh
@@ -45,6 +45,7 @@ realScriptPath=`readlink -f $0`
realScriptDir=`dirname $realScriptPath`
cd $realScriptDir
cdir=`pwd`
+ranger_usersync_max_heap_size=1g
for custom_env_script in `find ${cdir}/conf/ -name "ranger-usersync-env*"`; do
if [ -f $custom_env_script ]; then
@@ -78,6 +79,8 @@ fi
INSTALL_ARGS="${cdir}/install.properties"
RANGER_BASE_DIR=$(getInstallProperty 'ranger_base_dir')
+JAVA_OPTS=" ${JAVA_OPTS} -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx${ranger_usersync_max_heap_size} -Xms1g "
+
if [ "${action}" == "START" ]; then
#Export JAVA_HOME