You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/10/27 02:08:30 UTC
[12/33] incubator-ranger git commit: RANGER-266: Solr configuration
and setup files and documentation
RANGER-266: Solr configuration and setup files and documentation
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c5ae2edd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c5ae2edd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c5ae2edd
Branch: refs/heads/tag-policy
Commit: c5ae2edd9948b9cbb463533589b356c9b4313fae
Parents: 483ea47
Author: Don Bosco Durai <bo...@apache.org>
Authored: Sun Sep 20 01:57:35 2015 -0400
Committer: Don Bosco Durai <bo...@apache.org>
Committed: Thu Oct 1 11:00:55 2015 -0700
----------------------------------------------------------------------
.../contrib/solr_for_audit_setup/README.txt | 25 +
.../solr_for_audit_setup/conf/admin-extra.html | 24 +
.../conf/admin-extra.menu-bottom.html | 25 +
.../conf/admin-extra.menu-top.html | 25 +
.../solr_for_audit_setup/conf/elevate.xml | 38 +
.../solr_for_audit_setup/conf/schema.xml | 118 ++
.../solr_for_audit_setup/conf/solrconfig.xml | 1865 ++++++++++++++++++
.../solr_for_audit_setup/install.properties | 96 +
.../resources/log4j.properties.template | 39 +
.../contrib/solr_for_audit_setup/setup.sh | 421 ++++
.../add_ranger_audits_conf_to_zk.sh.template | 63 +
.../create_ranger_audits_collection.sh.template | 33 +
.../solr_cloud/scripts/start_solr.sh.template | 39 +
.../solr_cloud/scripts/stop_solr.sh.template | 35 +
.../solr_cloud/solr.xml.template | 26 +
.../ranger_audits/core.properties.template | 20 +
.../scripts/start_solr.sh.template | 38 +
.../scripts/stop_solr.sh.template | 35 +
.../solr_standalone/solr.xml | 19 +
src/main/assembly/admin-web.xml | 7 +
20 files changed, 2991 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/README.txt
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/README.txt b/security-admin/contrib/solr_for_audit_setup/README.txt
new file mode 100644
index 0000000..ac4eb8e
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/README.txt
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+This folder consists of the scripts required to install and configure Solr
+as an audit destination/source for Apache Ranger.
+
+Check Apache Ranger Wiki page for more information:
+https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5
+
+Steps:
+1. Update install.properties
+2. ./setup.sh
+3. Check $SOLR_RANGER_HOME/install_notes.txt for additional instructions
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html
new file mode 100755
index 0000000..fecab20
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html
@@ -0,0 +1,24 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- The content of this page will be statically included into the top-
+right box of the cores overview page. Uncomment this as an example to
+see there the content will show up.
+
+<img src="img/ico/construction.png"> This line will appear at the top-
+right box on collection1's Overview
+-->
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html
new file mode 100755
index 0000000..3359a46
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html
@@ -0,0 +1,25 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- admin-extra.menu-bottom.html -->
+<!--
+<li>
+ <a href="#" style="background-image: url(img/ico/construction.png);">
+ LAST ITEM
+ </a>
+</li>
+-->
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html
new file mode 100755
index 0000000..0886cee
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html
@@ -0,0 +1,25 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- admin-extra.menu-top.html -->
+<!--
+<li>
+ <a href="#" style="background-image: url(img/ico/construction.png);">
+ FIRST ITEM
+ </a>
+</li>
+-->
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml b/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml
new file mode 100644
index 0000000..25d5ceb
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- If this file is found in the config directory, it will only be
+ loaded once at startup. If it is found in Solr's data
+ directory, it will be re-loaded every commit.
+
+ See http://wiki.apache.org/solr/QueryElevationComponent for more info
+
+-->
+<elevate>
+ <query text="foo bar">
+ <doc id="1" />
+ <doc id="2" />
+ <doc id="3" />
+ </query>
+
+ <query text="ipod">
+ <doc id="MA147LL/A" /> <!-- put the actual ipod at the top -->
+ <doc id="IW-02" exclude="true" /> <!-- exclude this cable -->
+ </query>
+
+</elevate>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/conf/schema.xml
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/conf/schema.xml b/security-admin/contrib/solr_for_audit_setup/conf/schema.xml
new file mode 100644
index 0000000..df56974
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/conf/schema.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- Trimmed schema.xml to include only the fields used by RangerAudit and also to make it more manageable -->
+<schema name="ranger-audit-schema" version="1.5">
+ <fields>
+ <field name="id" type="string" indexed="true" stored="true" required="true" multiValued="false" />
+ <field name="_version_" type="long" indexed="true" stored="true"/>
+
+ <field name="resource" type="key_lower_case" multiValued="false"/>
+ <field name="cluster" type="key_lower_case" multiValued="false"/>
+ <field name="resType" type="key_lower_case" multiValued="false"/>
+ <field name="reqUser" type="key_lower_case" multiValued="false"/>
+ <field name="evtTime" type="tdate"/>
+ <field name="policy" type="tlong" docValues="true"/>
+ <field name="sess" type="key_lower_case" multiValued="false"/>
+ <field name="access" type="key_lower_case" multiValued="false"/>
+ <field name="result" type="tint" multiValued="false"/>
+ <field name="reason" type="text_std_token_lower_case" omitNorms="false" multiValued="false"/>
+ <field name="enforcer" type="key_lower_case" multiValued="false"/>
+ <field name="repo" type="key_lower_case" multiValued="false"/>
+ <field name="cliIP" type="key_lower_case" multiValued="false"/>
+ <field name="cliType" type="key_lower_case" multiValued="false"/>
+ <field name="action" type="key_lower_case" multiValued="false"/>
+ <field name="agent" type="key_lower_case" multiValued="false"/>
+ <field name="agentHost" type="key_lower_case" multiValued="false"/>
+ <field name="logType" type="key_lower_case" multiValued="false"/>
+ <field name="repoType" type="tint" multiValued="false" docValues="true"/>
+ <field name="reqData" type="text_std_token_lower_case" multiValued="false"/>
+ <field name="seq_num" type="tlong" multiValued="false" docValues="true"/>
+ <field name="tags" type="key_lower_case" multiValued="true"/>
+ <field name="tags_str" type="text_std_token_lower_case" multiValued="false"/>
+ <field name="event_count" type="tlong" multiValued="false" docValues="true"/>
+ <field name="event_dur_ms" type="tlong" multiValued="false" docValues="true"/>
+
+ <field name="text" type="text_std_token_lower_case" indexed="true" stored="false" multiValued="true"/>
+ </fields>
+
+ <uniqueKey>id</uniqueKey>
+
+ <types>
+
+ <!-- Updated from text_general and having only StandardTokenizer and LowerCaseFilter-->
+ <fieldType name="text_std_token_lower_case" class="solr.TextField" positionIncrementGap="100" multiValued="true">
+ <analyzer>
+ <tokenizer class="solr.StandardTokenizerFactory"/>
+ <filter class="solr.LowerCaseFilterFactory" />
+ </analyzer>
+ </fieldType>
+
+ <!-- Keyword tokenizer won't split the string. So is like full string search -->
+ <fieldType name="key_lower_case" class="solr.TextField"
+ sortMissingLast="true" omitNorms="true">
+ <analyzer>
+ <tokenizer class="solr.KeywordTokenizerFactory"/>
+ <filter class="solr.LowerCaseFilterFactory" />
+ </analyzer>
+ </fieldType>
+
+ <!-- The StrField type is not analyzed, but indexed/stored verbatim.
+ It supports doc values but in that case the field needs to be
+ single-valued and either required or have a default value.
+ -->
+ <fieldType name="string" class="solr.StrField" sortMissingLast="true" />
+
+ <!-- boolean type: "true" or "false" -->
+ <fieldType name="boolean" class="solr.BoolField" sortMissingLast="true"/>
+
+ <fieldType name="booleans" class="solr.BoolField" sortMissingLast="true" multiValued="true"/>
+
+ <fieldType name="int" class="solr.TrieIntField" precisionStep="0" positionIncrementGap="0"/>
+ <fieldType name="float" class="solr.TrieFloatField" precisionStep="0" positionIncrementGap="0"/>
+ <fieldType name="long" class="solr.TrieLongField" precisionStep="0" positionIncrementGap="0"/>
+ <fieldType name="double" class="solr.TrieDoubleField" precisionStep="0" positionIncrementGap="0"/>
+
+ <fieldType name="tint" class="solr.TrieIntField" precisionStep="8" positionIncrementGap="0"/>
+ <fieldType name="tfloat" class="solr.TrieFloatField" precisionStep="8" positionIncrementGap="0"/>
+ <fieldType name="tlong" class="solr.TrieLongField" precisionStep="8" positionIncrementGap="0"/>
+ <fieldType name="tdouble" class="solr.TrieDoubleField" precisionStep="8" positionIncrementGap="0"/>
+
+ <fieldType name="tints" class="solr.TrieIntField" precisionStep="8" positionIncrementGap="0" multiValued="true"/>
+ <fieldType name="tfloats" class="solr.TrieFloatField" precisionStep="8" positionIncrementGap="0" multiValued="true"/>
+ <fieldType name="tlongs" class="solr.TrieLongField" precisionStep="8" positionIncrementGap="0" multiValued="true"/>
+ <fieldType name="tdoubles" class="solr.TrieDoubleField" precisionStep="8" positionIncrementGap="0" multiValued="true"/>
+ <fieldType name="date" class="solr.TrieDateField" precisionStep="0" positionIncrementGap="0"/>
+ <!-- A Trie based date field for faster date range queries and date faceting. -->
+ <fieldType name="tdate" class="solr.TrieDateField" precisionStep="6" positionIncrementGap="0"/>
+ <fieldType name="tdates" class="solr.TrieDateField" precisionStep="6" positionIncrementGap="0" multiValued="true"/>
+ <!--Binary data type. The data should be sent/retrieved in as Base64 encoded Strings -->
+ <fieldtype name="binary" class="solr.BinaryField"/>
+ <fieldType name="random" class="solr.RandomSortField" indexed="true" />
+ <!-- A text field that only splits on whitespace for exact matching of words -->
+ <fieldType name="text_ws" class="solr.TextField" positionIncrementGap="100">
+ <analyzer>
+ <tokenizer class="solr.WhitespaceTokenizerFactory"/>
+ </analyzer>
+ </fieldType>
+ <!-- since fields of this type are by default not stored or indexed,
+ any data added to them will be ignored outright. -->
+ <fieldtype name="ignored" stored="false" indexed="false" multiValued="true" class="solr.StrField" />
+
+ </types>
+</schema>