You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by zh...@apache.org on 2017/06/12 07:26:28 UTC

ranger git commit: RANGER-1604:DB based auditing had been removed in RANGER-900. But some configurations and codes are not removed accordingly in Ranger Admin. It often makes the user feel confused such as RANGER-1286.

Repository: ranger
Updated Branches:
  refs/heads/master 2814f71fa -> f2c4f90f0


RANGER-1604:DB based auditing had been removed in RANGER-900. But some configurations and codes are not removed accordingly in Ranger Admin. It often makes the user feel confused such as RANGER-1286.

Signed-off-by: zhangqiang2 <zh...@zte.com.cn>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/f2c4f90f
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/f2c4f90f
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/f2c4f90f

Branch: refs/heads/master
Commit: f2c4f90f07f6cddc008b560aa361b5a0b1e04a00
Parents: 2814f71
Author: zhangqiang2 <zh...@zte.com.cn>
Authored: Fri Jun 9 05:37:01 2017 -0400
Committer: zhangqiang2 <zh...@zte.com.cn>
Committed: Mon Jun 12 03:24:39 2017 -0400

----------------------------------------------------------------------
 security-admin/scripts/install.properties |  6 +-
 security-admin/scripts/setup.sh           | 83 +-------------------------
 2 files changed, 2 insertions(+), 87 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/f2c4f90f/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 06a1b89..268b8ac 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -67,8 +67,7 @@ db_name=ranger
 db_user=rangeradmin
 db_password=
 
-#Source for Audit Store
-#audit_store=solr|db
+#Source for Audit Store. Currently only solr is supported.
 # * audit_store is solr
 audit_store=solr
 
@@ -77,9 +76,6 @@ audit_solr_urls=
 audit_solr_user=
 audit_solr_password=
 audit_solr_zookeepers=
-#audit_db_name=
-#audit_db_user=
-#audit_db_password=
 
 #------------------------- DB CONFIG - END ----------------------------------
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/f2c4f90f/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index ef61e8d..f49bb13 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -71,9 +71,6 @@ audit_solr_urls=$(get_prop 'audit_solr_urls' $PROPFILE)
 audit_solr_user=$(get_prop 'audit_solr_user' $PROPFILE)
 audit_solr_password=$(get_prop 'audit_solr_password' $PROPFILE)
 audit_solr_zookeepers=$(get_prop 'audit_solr_zookeepers' $PROPFILE)
-audit_db_name=''
-audit_db_user=''
-audit_db_password=''
 policymgr_external_url=$(get_prop 'policymgr_external_url' $PROPFILE)
 policymgr_http_enabled=$(get_prop 'policymgr_http_enabled' $PROPFILE)
 policymgr_https_keystore_file=$(get_prop 'policymgr_https_keystore_file' $PROPFILE)
@@ -238,11 +235,7 @@ init_variables(){
 			exit 1
 		fi
 	fi
-	if [ "${audit_store}" == "db" ] ;then
-		audit_db_name=$(get_prop 'audit_db_name' $PROPFILE)
-		audit_db_user=$(get_prop 'audit_db_user' $PROPFILE)
-		audit_db_password=$(get_prop 'audit_db_password' $PROPFILE)
-	fi
+
 	db_ssl_enabled=`echo $db_ssl_enabled | tr '[:upper:]' '[:lower:]'`
 	if [ "${db_ssl_enabled}" != "true" ]
 	then
@@ -488,13 +481,6 @@ update_properties() {
 		newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${db_name}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-		if [ "${audit_store}" == "db" ]
-		then
-			propertyName=ranger.jpa.audit.jdbc.url
-			newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-		fi
-
 		propertyName=ranger.jpa.jdbc.dialect
 		newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
@@ -525,12 +511,6 @@ update_properties() {
 		fi
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-		if [ "${audit_store}" == "db" ]
-		then
-			propertyName=ranger.jpa.audit.jdbc.url
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-		fi
-
 		propertyName=ranger.jpa.jdbc.dialect
 		newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
@@ -550,21 +530,12 @@ update_properties() {
 	if [ "${DB_FLAVOR}" == "POSTGRES" ]
 	then
 		db_name=`echo ${db_name} | tr '[:upper:]' '[:lower:]'`
-		audit_db_name=`echo ${audit_db_name} | tr '[:upper:]' '[:lower:]'`
 		db_user=`echo ${db_user} | tr '[:upper:]' '[:lower:]'`
-		audit_db_user=`echo ${audit_db_user} | tr '[:upper:]' '[:lower:]'`
 
 		propertyName=ranger.jpa.jdbc.url
 		newPropertyValue="jdbc:postgresql://${DB_HOST}/${db_name}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-		if [ "${audit_store}" == "db" ]
-		then
-			propertyName=ranger.jpa.audit.jdbc.url
-			newPropertyValue="jdbc:postgresql://${DB_HOST}/${audit_db_name}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-		fi
-
 		propertyName=ranger.jpa.jdbc.dialect
 		newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
@@ -588,13 +559,6 @@ update_properties() {
 		newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${db_name}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-		if [ "${audit_store}" == "db" ]
-		then
-			propertyName=ranger.jpa.audit.jdbc.url
-			newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${audit_db_name}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-		fi
-
 		propertyName=ranger.jpa.jdbc.dialect
 		newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
@@ -618,13 +582,6 @@ update_properties() {
 		newPropertyValue="jdbc:sqlanywhere:database=${db_name};host=${DB_HOST}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-		if [ "${audit_store}" == "db" ]
-		then
-			propertyName=ranger.jpa.audit.jdbc.url
-			newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-		fi
-
 		propertyName=ranger.jpa.jdbc.dialect
 		newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
@@ -672,12 +629,6 @@ update_properties() {
 	newPropertyValue="${db_user}"
 	updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
-	if [ "${audit_store}" == "db" ]
-	then
-		propertyName=ranger.jpa.audit.jdbc.user
-		newPropertyValue="${audit_db_user}"
-		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-	fi
 	##########
 
 	keystore="${cred_keystore_filename}"
@@ -723,38 +674,6 @@ update_properties() {
 	fi
 
 	###########
-	if [ "${audit_store}" == "db" ]
-	then
-	    audit_db_password_alias=ranger.auditdb.password
-
-	    echo "Starting configuration for Audit DB credentials:"
-
-	    if [ "${keystore}" != "" ]
-	    then
-		$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_db_password_alias" -v "$audit_db_password" -c 1
-
-			propertyName=ranger.jpa.audit.jdbc.credential.alias
-		newPropertyValue="${audit_db_password_alias}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-			propertyName=ranger.jpa.audit.jdbc.password
-		newPropertyValue="_"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-	    else
-			propertyName=ranger.jpa.audit.jdbc.password
-		newPropertyValue="${audit_db_password}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-	    fi
-
-	    if test -f $keystore; then
-		chown -R ${unix_user}:${unix_group} ${keystore}
-		#echo "$keystore found."
-	    else
-		#echo "$keystore not found. so use clear text password"
-			propertyName=ranger.jpa.audit.jdbc.password
-		newPropertyValue="${audit_db_password}"
-			updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-	    fi
-	fi
 	if [ "${audit_store}" == "solr" ]
 	then
 		if [ "${audit_solr_zookeepers}" != "" ]