You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2015/10/27 03:26:13 UTC
ambari git commit: AMBARI-13574. Ranger authentication method should
be derived from Ranger ugsync class. (jaimin)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 b5f4d7a1e -> 26492104c
AMBARI-13574. Ranger authentication method should be derived from Ranger ugsync class. (jaimin)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/26492104
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/26492104
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/26492104
Branch: refs/heads/branch-2.1
Commit: 26492104c50d508db47d235ed12a1ace8ea07c99
Parents: b5f4d7a
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Mon Oct 26 19:24:22 2015 -0700
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Mon Oct 26 19:24:22 2015 -0700
----------------------------------------------------------------------
.../0.4.0/configuration/admin-properties.xml | 13 ++++++--
.../stacks/HDP/2.0.6/services/stack_advisor.py | 29 +++++++++++------
.../services/RANGER/themes/theme_version_1.json | 5 ---
.../stacks/HDP/2.2/services/stack_advisor.py | 15 ++++++---
.../RANGER/configuration/ranger-admin-site.xml | 6 ++++
.../services/RANGER/themes/theme_version_2.json | 12 -------
.../stacks/HDP/2.3/services/stack_advisor.py | 12 +++++++
.../stacks/2.0.6/common/test_stack_advisor.py | 12 +++----
.../stacks/2.2/common/test_stack_advisor.py | 33 ++++++++++++++++++--
.../stacks/2.3/common/test_stack_advisor.py | 3 +-
ambari-web/app/data/HDP2.3/site_properties.js | 2 +-
11 files changed, 98 insertions(+), 44 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
index c7e3ff9..0b02eb4 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
@@ -190,6 +190,12 @@
<value-attributes>
<overridable>false</overridable>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>usersync-properties</type>
+ <name>SYNC_SOURCE</name>
+ </property>
+ </depends-on>
</property>
<property>
@@ -261,8 +267,9 @@
<property>
<name>xa_ldap_ad_domain</name>
- <value>"xasecure.net"</value>
- <description></description>
+ <display-name>Domain Name (AD specific)</display-name>
+ <value></value>
+ <description>AD domain, only used if Authentication method is AD</description>
<value-attributes>
<overridable>false</overridable>
</value-attributes>
@@ -270,7 +277,7 @@
<property>
<name>xa_ldap_ad_url</name>
- <value>"ldap://ad.xasecure.net:389"</value>
+ <value></value>
<description></description>
<value-attributes>
<overridable>false</overridable>
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
index 1b38233..5779211 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
@@ -272,28 +272,28 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
port = '6080'
# Check if http is disabled. For HDP-2.3 this can be checked in ranger-admin-site/ranger.service.http.enabled
- # For HDP-2.2 this can be checked in ranger-site/http.enabled
+ # For Ranger-0.4.0 this can be checked in ranger-site/http.enabled
if ('ranger-site' in services['configurations'] and 'http.enabled' in services['configurations']['ranger-site']['properties'] \
and services['configurations']['ranger-site']['properties']['http.enabled'].lower() == 'false') or \
('ranger-admin-site' in services['configurations'] and 'ranger.service.http.enabled' in services['configurations']['ranger-admin-site']['properties'] \
and services['configurations']['ranger-admin-site']['properties']['ranger.service.http.enabled'].lower() == 'false'):
# HTTPS protocol is used
protocol = 'https'
- # In HDP-2.3 port stored in ranger-admin-site ranger.service.https.port
+ # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.https.port
if 'ranger-admin-site' in services['configurations'] and \
'ranger.service.https.port' in services['configurations']['ranger-admin-site']['properties']:
port = services['configurations']['ranger-admin-site']['properties']['ranger.service.https.port']
- # In HDP-2.2 port stored in ranger-site https.service.port
+ # In Ranger-0.4.0 port stored in ranger-site https.service.port
elif 'ranger-site' in services['configurations'] and \
'https.service.port' in services['configurations']['ranger-site']['properties']:
port = services['configurations']['ranger-site']['properties']['https.service.port']
else:
# HTTP protocol is used
- # In HDP-2.3 port stored in ranger-admin-site ranger.service.http.port
+ # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.http.port
if 'ranger-admin-site' in services['configurations'] and \
'ranger.service.http.port' in services['configurations']['ranger-admin-site']['properties']:
port = services['configurations']['ranger-admin-site']['properties']['ranger.service.http.port']
- # In HDP-2.2 port stored in ranger-site http.service.port
+ # In Ranger-0.4.0 port stored in ranger-site http.service.port
elif 'ranger-site' in services['configurations'] and \
'http.service.port' in services['configurations']['ranger-site']['properties']:
port = services['configurations']['ranger-site']['properties']['http.service.port']
@@ -305,11 +305,11 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
policymgr_external_url = "%s://%s:%s" % (protocol, ranger_admin_host, port)
putRangerAdminProperty('policymgr_external_url', policymgr_external_url)
- stackVersion = services["Versions"]["stack_version"]
- if stackVersion == '2.2':
+ rangerServiceVersion = [service['StackServices']['service_version'] for service in services["services"] if service['StackServices']['service_name'] == 'RANGER'][0]
+ if rangerServiceVersion == '0.4.0':
# Recommend ldap settings based on ambari.properties configuration
# If 'ambari.ldap.isConfigured' == true
- # For stack_version 2.2
+ # For Ranger version 0.4.0
if 'ambari-server-properties' in services and \
'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
@@ -324,8 +324,17 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
if 'authentication.ldap.usernameAttribute' in serverProperties:
putUserSyncProperty('SYNC_LDAP_USER_NAME_ATTRIBUTE', serverProperties['authentication.ldap.usernameAttribute'])
+
+ # Set Ranger Admin Authentication method
+ if 'admin-properties' in services['configurations'] and 'usersync-properties' in services['configurations'] and \
+ 'SYNC_SOURCE' in services['configurations']['usersync-properties']['properties']:
+ rangerUserSyncSource = services['configurations']['usersync-properties']['properties']['SYNC_SOURCE']
+ authenticationMethod = rangerUserSyncSource.upper()
+ if authenticationMethod != 'FILE':
+ putRangerAdminProperty('authentication_method', authenticationMethod)
+
# Recommend xasecure.audit.destination.hdfs.dir
- # For stack_version 2.2
+ # For Ranger version 0.4.0
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
include_hdfs = "HDFS" in servicesList
@@ -336,7 +345,7 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs)
# Recommend Ranger Audit properties for ranger supported services
- # For stack_version 2.2
+ # For Ranger version 0.4.0
ranger_services = [
{'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-plugin-properties'},
{'service_name': 'HBASE', 'audit_file': 'ranger-hbase-plugin-properties'},
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/themes/theme_version_1.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/themes/theme_version_1.json
index a72e08e..d2f7f2a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/themes/theme_version_1.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/themes/theme_version_1.json
@@ -304,11 +304,6 @@
"subsection-tab-name": "ldap-common-configs"
},
{
- "config": "admin-properties/xa_ldap_ad_domain",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
"config": "ranger-env/bind_anonymous",
"subsection-name": "subsection-ranger-user-row2-col1",
"subsection-tab-name": "ldap-common-configs"
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index 2a2944c..32e6be3 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -678,10 +678,12 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
uniqueCoprocessorRegionClassList = []
[uniqueCoprocessorRegionClassList.append(i) for i in coprocessorRegionClassList if not uniqueCoprocessorRegionClassList.count(i)]
putHbaseSiteProperty('hbase.coprocessor.region.classes', ','.join(set(uniqueCoprocessorRegionClassList)))
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ rangerServiceVersion=''
+ if 'RANGER' in servicesList:
+ rangerServiceVersion = [service['StackServices']['service_version'] for service in services["services"] if service['StackServices']['service_name'] == 'RANGER'][0]
- stackVersion = services["Versions"]["stack_version"]
-
- if stackVersion == '2.2':
+ if rangerServiceVersion and rangerServiceVersion == '0.4.0':
rangerClass = 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor'
else:
rangerClass = 'org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor'
@@ -785,7 +787,12 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
rangerPluginEnabled = services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
nonRangerClass = 'backtype.storm.security.auth.authorizer.SimpleACLAuthorizer'
- if stackVersion == '2.2':
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ rangerServiceVersion=''
+ if 'RANGER' in servicesList:
+ rangerServiceVersion = [service['StackServices']['service_version'] for service in services["services"] if service['StackServices']['service_name'] == 'RANGER'][0]
+
+ if rangerServiceVersion and rangerServiceVersion == '0.4.0':
rangerClass = 'com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer'
else:
rangerClass = 'org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer'
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
index eb23b42..7e7c545 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
@@ -174,6 +174,12 @@
<value-attributes>
<overridable>false</overridable>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.source.impl.class</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
index deb1fad..bcb3a0a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json
@@ -545,11 +545,6 @@
"subsection-tab-name": "ldap-common-configs"
},
{
- "config": "ranger-admin-site/ranger.ldap.ad.domain",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
"config": "ranger-env/bind_anonymous",
"subsection-name": "subsection-ranger-user-row2-col1",
"subsection-tab-name": "ldap-common-configs"
@@ -576,7 +571,6 @@
}
}
]
-
},
{
"config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
@@ -1282,12 +1276,6 @@
}
},
{
- "config": "ranger-admin-site/ranger.ldap.ad.domain",
- "widget": {
- "type": "text-field"
- }
- },
- {
"config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
"widget": {
"type": "text-field"
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index 3f261d6..accbb3b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -392,6 +392,18 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
putRangerUgsyncSite('ranger.usersync.ldap.user.nameattribute', serverProperties['authentication.ldap.usernameAttribute'])
+ # Recommend Ranger Authentication method
+ authMap = {
+ 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder': 'UNIX',
+ 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder': 'LDAP'
+ }
+
+ if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.source.impl.class' in services['configurations']["ranger-ugsync-site"]["properties"]:
+ rangerUserSyncClass = services['configurations']["ranger-ugsync-site"]["properties"]["ranger.usersync.source.impl.class"]
+ if rangerUserSyncClass in authMap:
+ rangerSqlConnectorProperty = authMap.get(rangerUserSyncClass)
+ putRangerAdminProperty('ranger.authentication.method', rangerSqlConnectorProperty)
+
# Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir
include_hdfs = "HDFS" in servicesList
zookeeper_host_port = self.getZKHostPortString(services)
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
index cec4ee3..f29d147 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
@@ -682,12 +682,13 @@ class TestHDP206StackAdvisor(TestCase):
# Recommend for not existing DB_FLAVOR and http enabled, HDP-2.3
services = {
"Versions" : {
- "stack_version" : "2.2",
+ "stack_version" : "2.3",
},
"services": [
{
"StackServices": {
- "service_name": "RANGER"
+ "service_name": "RANGER",
+ "service_version": "0.5.0"
},
"components": [
{
@@ -732,8 +733,7 @@ class TestHDP206StackAdvisor(TestCase):
"SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar",
"policymgr_external_url": "http://host1:7777",
}
- },
- "ranger-env": {"properties": {}}
+ }
}
recommendedConfigurations = {}
self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
@@ -761,8 +761,7 @@ class TestHDP206StackAdvisor(TestCase):
"SQL_CONNECTOR_JAR": "/usr/share/java/postgresql.jar",
"policymgr_external_url": "https://host1:7777",
}
- },
- "ranger-env": {"properties": {}}
+ }
}
recommendedConfigurations = {}
self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
@@ -794,6 +793,7 @@ class TestHDP206StackAdvisor(TestCase):
}
recommendedConfigurations = {}
+ services['services'][0]['StackServices']['service_version'] = "0.4.0"
self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
self.assertEquals(recommendedConfigurations, expected, "Test for DB_FLAVOR ORACLE and https enabled, HDP-2.2")
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index a877370..74d9b21 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -2270,6 +2270,20 @@ class TestHDP22StackAdvisor(TestCase):
}
services = {
"services" : [
+ {
+ "StackServices": {
+ "service_name": "RANGER",
+ "service_version": "0.4.0"
+ },
+ "components": [
+ {
+ "StackServiceComponents": {
+ "component_name": "RANGER_ADMIN",
+ "hostnames": ["host1"]
+ }
+ }
+ ]
+ }
],
"Versions": {
"stack_version": "2.2"
@@ -2413,7 +2427,7 @@ class TestHDP22StackAdvisor(TestCase):
expected['hbase-site']['properties']['hbase.coprocessor.master.classes'] = 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor'
expected['hbase-site']['properties']['hbase.coprocessor.regionserver.classes'] = 'org.apache.hadoop.hbase.security.access.AccessController'
self.stackAdvisor.recommendHBASEConfigurations(configurations, clusterData, services, None)
- self.assertEquals(configurations, expected) #"Test when Ranger plugin HBase is enabled in non-kerberos environment"
+ self.assertEquals(configurations, expected, "Test when Ranger plugin HBase is enabled in non-kerberos environment")
# Test when hbase.security.authentication = kerberos AND class already there
configurations['hbase-site']['properties'].pop('hbase.coprocessor.region.classes', None)
@@ -2476,6 +2490,20 @@ class TestHDP22StackAdvisor(TestCase):
"service_name" : "STORM",
"service_version" : "2.6.0.2.2"
}
+ },
+ {
+ "StackServices": {
+ "service_name": "RANGER",
+ "service_version": "0.4.0"
+ },
+ "components": [
+ {
+ "StackServiceComponents": {
+ "component_name": "RANGER_ADMIN",
+ "hostnames": ["host1"]
+ }
+ }
+ ]
}
],
"Versions": {
@@ -3505,7 +3533,8 @@ class TestHDP22StackAdvisor(TestCase):
"services": [
{
"StackServices": {
- "service_name": "RANGER"
+ "service_name": "RANGER",
+ "service_version": "0.5.0.2.3"
},
"components": [
{
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
index b886117..e677982 100644
--- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
@@ -1028,7 +1028,8 @@ class TestHDP23StackAdvisor(TestCase):
"services": [
{
"StackServices": {
- "service_name": "RANGER"
+ "service_name": "RANGER",
+ "service_version": "0.5.0.2.3"
},
"components": [
{
http://git-wip-us.apache.org/repos/asf/ambari/blob/26492104/ambari-web/app/data/HDP2.3/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js
index 3425710..6bdc373 100644
--- a/ambari-web/app/data/HDP2.3/site_properties.js
+++ b/ambari-web/app/data/HDP2.3/site_properties.js
@@ -102,7 +102,7 @@ hdp23properties.push({
},
{
displayName: 'ACTIVE_DIRECTORY',
- foreignKeys: ['ranger.ldap.ad.url','ranger.ldap.ad.base.dn','ranger.ldap.ad.bind.dn','ranger.ldap.ad.bind.password','ranger.ldap.ad.referral','ranger.ldap.ad.user.searchfilter']
+ foreignKeys: ['ranger.ldap.ad.domain','ranger.ldap.ad.url','ranger.ldap.ad.base.dn','ranger.ldap.ad.bind.dn','ranger.ldap.ad.bind.password','ranger.ldap.ad.referral','ranger.ldap.ad.user.searchfilter']
},
{
displayName: 'UNIX',