You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ga...@apache.org on 2016/06/15 06:40:02 UTC
ambari git commit: AMBARI-17118. Incorrect formated external url in
ranger configuration - causes Namenode startup failure(Mugdha Varadkar via
gautam)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 600573784 -> 93bec9b7c
AMBARI-17118. Incorrect formated external url in ranger configuration - causes Namenode startup failure(Mugdha Varadkar via gautam)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/93bec9b7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/93bec9b7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/93bec9b7
Branch: refs/heads/branch-2.4
Commit: 93bec9b7c82c44af751cc2d8bdbe3e62a952c7b0
Parents: 6005737
Author: Gautam Borad <ga...@apache.org>
Authored: Mon Jun 13 19:42:17 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Wed Jun 15 12:08:30 2016 +0530
----------------------------------------------------------------------
.../libraries/functions/ranger_functions.py | 3 +-
.../libraries/functions/ranger_functions_v2.py | 6 ++--
.../libraries/functions/setup_ranger_plugin.py | 2 ++
.../functions/setup_ranger_plugin_xml.py | 2 ++
.../0.96.0.2.0/package/scripts/params_linux.py | 2 ++
.../2.1.0.2.0/package/scripts/params_linux.py | 2 ++
.../0.12.0.2.0/package/scripts/params_linux.py | 2 ++
.../KAFKA/0.8.1/package/scripts/params.py | 2 ++
.../0.5.0.2.2/package/scripts/params_linux.py | 2 ++
.../RANGER/0.4.0/package/scripts/params.py | 8 ++++-
.../0.6.0/configuration/ranger-admin-site.xml | 3 ++
.../common-services/RANGER/0.6.0/metainfo.xml | 2 +-
.../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 19 ++++++++----
.../0.5.0.2.3/package/scripts/params.py | 2 ++
.../STORM/0.9.1/package/scripts/params_linux.py | 2 ++
.../2.1.0.2.0/package/scripts/params_linux.py | 3 ++
.../stacks/HDP/2.3/services/stack_advisor.py | 16 +++++++++-
.../ranger-hdfs-plugin-properties.xml | 31 ++++++++++++++++++++
.../stacks/HDP/2.5/services/stack_advisor.py | 6 ----
.../stacks/2.3/common/test_stack_advisor.py | 19 ++++++++++++
20 files changed, 116 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
index 48ae225..2ac1f32 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
@@ -41,7 +41,8 @@ class Rangeradmin:
sInstance = None
def __init__(self, url='http://localhost:6080', skip_if_rangeradmin_down = True):
-
+ if url.endswith('/'):
+ url = url.rstrip('/')
self.baseUrl = url
self.urlLogin = self.baseUrl + '/login.jsp'
self.urlLoginPost = self.baseUrl + '/j_spring_security_check'
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
index cfdd6f7..05beadb 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py
@@ -43,6 +43,8 @@ class RangeradminV2:
sInstance = None
def __init__(self, url='http://localhost:6080', skip_if_rangeradmin_down = True):
+ if url.endswith('/'):
+ url = url.rstrip('/')
self.base_url = url
self.url_login = self.base_url + '/login.jsp'
self.url_login_post = self.base_url + '/j_spring_security_check'
@@ -135,7 +137,7 @@ class RangeradminV2:
elif not self.skip_if_rangeradmin_down:
Logger.error("Connection failed to Ranger Admin !")
elif is_stack_supports_ranger_kerberos and is_security_enabled:
- response = self.check_ranger_login_curl(component_user,component_user_keytab,component_user_principal,self.base_url,True)
+ response = self.check_ranger_login_curl(component_user,component_user_keytab,component_user_principal,self.url_login,True)
if response and response[0] == 200:
retryCount = 0
@@ -320,7 +322,7 @@ class RangeradminV2:
error_msg = ''
time_millis = 0
try:
- response,error_msg,time_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,self.base_url,True)
+ response,error_msg,time_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,base_url,True)
except Fail,fail:
raise Fail(fail.args)
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py
index 260f018..1923efe 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py
@@ -56,6 +56,8 @@ def setup_ranger_plugin(component_select_name, service_name, previous_jdbc_jar,
File(driver_curl_target, mode=0644)
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
stack_root = Script.get_stack_root()
stack_version = get_stack_version(component_select_name)
file_path = format('{stack_root}/{stack_version}/ranger-{service_name}-plugin/install.properties')
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
index e5faf4b..bd46051 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
@@ -65,6 +65,8 @@ def setup_ranger_plugin(component_select_name, service_name, previous_jdbc_jar,
File(component_driver_curl_target, mode=0644)
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
stack_version = get_stack_version(component_select_name)
if stack_version_override is not None:
stack_version = stack_version_override
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index 76cefe7..a5fbf16 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -257,6 +257,8 @@ ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
# ranger hbase properties
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
xa_db_host = config['configurations']['admin-properties']['db_host']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
index 9af87d4..f24bd83 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py
@@ -396,6 +396,8 @@ ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
#ranger hdfs properties
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
xa_db_host = config['configurations']['admin-properties']['db_host']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
index a669ec7..81207d6 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
@@ -615,6 +615,8 @@ xml_configurations_supported = config['configurations']['ranger-env']['xml_confi
#ranger hive properties
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
xa_db_host = config['configurations']['admin-properties']['db_host']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
index 09878ba..09ff522 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
@@ -174,6 +174,8 @@ if has_ranger_admin and is_supported_kafka_ranger:
enable_ranger_kafka = config['configurations']['ranger-kafka-plugin-properties']['ranger-kafka-plugin-enabled']
enable_ranger_kafka = not is_empty(enable_ranger_kafka) and enable_ranger_kafka.lower() == 'yes'
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR']
xa_audit_db_flavor = xa_audit_db_flavor.lower() if xa_audit_db_flavor else None
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
index 4d30f55..7e0477f 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
@@ -257,6 +257,8 @@ ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
# ranger knox properties
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
xa_db_host = config['configurations']['admin-properties']['db_host']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 29ac561..9e0fb7c 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -123,12 +123,16 @@ ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
usersync_exturl = config['configurations']['admin-properties']['policymgr_external_url']
+if usersync_exturl.endswith('/'):
+ usersync_exturl = usersync_exturl.rstrip('/')
ranger_host = config['clusterHostInfo']['ranger_admin_hosts'][0]
ugsync_host = 'localhost'
usersync_host_info = config['clusterHostInfo']['ranger_usersync_hosts']
if not is_empty(usersync_host_info) and len(usersync_host_info) > 0:
ugsync_host = config['clusterHostInfo']['ranger_usersync_hosts'][0]
ranger_external_url = config['configurations']['admin-properties']['policymgr_external_url']
+if ranger_external_url.endswith('/'):
+ ranger_external_url = ranger_external_url.rstrip('/')
ranger_db_name = config['configurations']['admin-properties']['db_name']
ranger_auditdb_name = config['configurations']['admin-properties']['audit_db_name']
@@ -283,11 +287,13 @@ if stack_supports_ranger_kerberos and not has_namenode:
'hadoop.security.authentication': 'kerberos' if security_enabled else 'simple'
}
+ realm = 'EXAMPLE.COM'
if security_enabled:
ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
ranger_usersync_principal = config['configurations']['ranger-ugsync-site']['ranger.usersync.kerberos.principal']
ranger_admin_bare_principal = get_bare_principal(ranger_admin_principal)
ranger_usersync_bare_principal = get_bare_principal(ranger_usersync_principal)
+ realm = config['configurations']['kerberos-env']['realm']
rule_dict = [
{'principal': ranger_admin_bare_principal, 'user': unix_user},
@@ -301,7 +307,7 @@ if stack_supports_ranger_kerberos and not has_namenode:
core_site_auth_to_local_property = ''
for item in range(len(rule_dict)):
- rule_line = 'RULE:[2:$1@$0]({0}@EXAMPLE.COM)s/.*/{1}/\n'.format(rule_dict[item]['principal'], rule_dict[item]['user'])
+ rule_line = 'RULE:[2:$1@$0]({0}@{1})s/.*/{2}/\n'.format(rule_dict[item]['principal'], realm, rule_dict[item]['user'])
core_site_auth_to_local_property = rule_line + core_site_auth_to_local_property
core_site_auth_to_local_property = core_site_auth_to_local_property + 'DEFAULT'
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
index be59cc8..1fd3e83 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
@@ -126,6 +126,9 @@
<name>ranger.truststore.password</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
<display-name>ranger.truststore.password</display-name>
<description>Ranger trust-store password</description>
<on-ambari-upgrade add="true"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
index 6f1460a..adfb8ff 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
@@ -55,7 +55,7 @@
<configuration-dependencies>
<config-type>admin-log4j</config-type>
- <config-type>usersync-log4j.xml</config-type>
+ <config-type>usersync-log4j</config-type>
</configuration-dependencies>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index cbe2a31..61bdce0 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -467,16 +467,19 @@ def setup_kms_jce():
def check_ranger_service():
import params
- ranger_adm_obj = Rangeradmin(url=params.policymgr_mgr_url)
+ policymgr_mgr_url = params.policymgr_mgr_url
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ ranger_adm_obj = Rangeradmin(url=policymgr_mgr_url)
ambari_username_password_for_ranger = format("{ambari_ranger_admin}:{ambari_ranger_password}")
- response_code = ranger_adm_obj.check_ranger_login_urllib2(params.policymgr_mgr_url)
+ response_code = ranger_adm_obj.check_ranger_login_urllib2(policymgr_mgr_url)
if response_code is not None and response_code == 200:
user_resp_code = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
if user_resp_code is not None and user_resp_code == 200:
- get_repo_flag = get_repo(params.policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger)
+ get_repo_flag = get_repo(policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger)
if not get_repo_flag:
- return create_repo(params.policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger)
+ return create_repo(policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger)
else:
return True
else:
@@ -547,8 +550,12 @@ def get_repo(url, name, usernamepassword):
def check_ranger_service_support_kerberos():
import params
- ranger_adm_obj = RangeradminV2(url=params.policymgr_mgr_url)
- response_code = ranger_adm_obj.check_ranger_login_curl(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal, params.policymgr_mgr_url, True)
+ policymgr_mgr_url = params.policymgr_mgr_url
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ policymgr_mgr_url = format('{policymgr_mgr_url}/login.jsp')
+ ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url)
+ response_code = ranger_adm_obj.check_ranger_login_curl(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal, policymgr_mgr_url, True)
if response_code is not None and response_code[0] == 200:
get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal, params.repo_name, 'kms', 'true')
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index 17f71fb..452be86 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -80,6 +80,8 @@ credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
if has_ranger_admin:
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
index c3b28da..073bb1c 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
@@ -214,6 +214,8 @@ ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
#ranger storm properties
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
xa_db_host = config['configurations']['admin-properties']['db_host']
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index 29fb3c1..90f885a 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -392,6 +392,8 @@ if has_ranger_admin:
if is_supported_yarn_ranger:
enable_ranger_yarn = (config['configurations']['ranger-yarn-plugin-properties']['ranger-yarn-plugin-enabled'].lower() == 'yes')
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name']
xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
@@ -423,6 +425,7 @@ if has_ranger_admin:
if stack_supports_ranger_kerberos:
ranger_plugin_config['ambari.service.check.user'] = policy_user
+ ranger_plugin_config['hadoop.security.authentication'] = 'kerberos' if security_enabled else 'simple'
if stack_supports_ranger_kerberos and security_enabled:
ranger_plugin_config['policy.download.auth.users'] = yarn_user
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index 36fe066..c32306d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -637,6 +637,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
putSqoopSiteProperty('sqoop.job.data.publish.class', 'org.apache.atlas.sqoop.hook.SqoopHook')
def recommendStormConfigurations(self, configurations, clusterData, services, hosts):
+ super(HDP23StackAdvisor, self).recommendStormConfigurations(configurations, clusterData, services, hosts)
putStormStartupProperty = self.putProperty(configurations, "storm-site", services)
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
@@ -707,7 +708,8 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
"hive-site": self.validateHiveConfigurations},
"HBASE": {"hbase-site": self.validateHBASEConfigurations},
"KAKFA": {"kafka-broker": self.validateKAFKAConfigurations},
- "YARN": {"yarn-site": self.validateYARNConfigurations}
+ "YARN": {"yarn-site": self.validateYARNConfigurations},
+ "RANGER": {"admin-properties": self.validateRangerAdminConfigurations}
}
self.mergeValidators(parentValidators, childValidators)
return parentValidators
@@ -908,3 +910,15 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
def isComponentUsingCardinalityForLayout(self, componentName):
return componentName in ['NFS_GATEWAY', 'PHOENIX_QUERY_SERVER', 'SPARK_THRIFTSERVER']
+
+ def validateRangerAdminConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
+ ranger_site = properties
+ validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ if 'RANGER' in servicesList and 'policymgr_external_url' in ranger_site:
+ policymgr_mgr_url = ranger_site['policymgr_external_url']
+ if policymgr_mgr_url.endswith('/'):
+ validationItems.append({'config-name':'policymgr_external_url',
+ 'item':self.getWarnItem('Ranger External URL should not contain trailing slash "/"')})
+ return self.toConfigurationValidationProblems(validationItems,'admin-properties')
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
new file mode 100644
index 0000000..bf07b59
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+ <property>
+ <name>hadoop.rpc.protection</name>
+ <value>authentication</value>
+ <description>Used for repository creation on ranger admin</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true" />
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index 614f0b1..81f1be6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -1334,15 +1334,11 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
if 'ATLAS' in servicesList and has_ranger_tagsync:
putTagsyncSiteProperty('ranger.tagsync.source.atlas', 'true')
- else:
- putTagsyncSiteProperty('ranger.tagsync.source.atlas', 'false')
zookeeper_host_port = self.getZKHostPortString(services)
if zookeeper_host_port and has_ranger_tagsync:
zookeeper_host_list = zookeeper_host_port.split(',')
putTagsyncAppProperty('atlas.kafka.zookeeper.connect', zookeeper_host_list[0])
- else:
- putTagsyncAppProperty('atlas.kafka.zookeeper.connect', 'localhost:2181')
if 'KAFKA' in servicesList and has_ranger_tagsync:
kafka_hosts = self.getHostNamesWithComponent("KAFKA", "KAFKA_BROKER", services)
@@ -1356,8 +1352,6 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
final_kafka_host = ",".join(kafka_host_port)
putTagsyncAppProperty('atlas.kafka.bootstrap.servers', final_kafka_host)
- else:
- putTagsyncAppProperty('atlas.kafka.bootstrap.servers', 'localhost:6667')
if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']["ranger-env"]["properties"]:
isSolrCloudEnabled = services['configurations']["ranger-env"]["properties"]["is_solrCloud_enabled"] == "true"
http://git-wip-us.apache.org/repos/asf/ambari/blob/93bec9b7/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
index c077a9f..1bd385f 100644
--- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
@@ -2730,6 +2730,11 @@ class TestHDP23StackAdvisor(TestCase):
"properties": {
"storm.topology.submission.notifier.plugin.class": "foo"
}
+ },
+ "ranger-storm-plugin-properties": {
+ "properties": {
+ "ranger-storm-plugin-enabled": "No"
+ }
}
}
clusterData = {
@@ -2744,6 +2749,14 @@ class TestHDP23StackAdvisor(TestCase):
'storm-site': {
'properties': {
'storm.topology.submission.notifier.plugin.class': 'foo,org.apache.atlas.storm.hook.StormAtlasHook',
+ },
+ "property_attributes":{
+ 'nimbus.authorizer': {'delete':'true'}
+ }
+ },
+ "ranger-storm-plugin-properties": {
+ "properties": {
+ "ranger-storm-plugin-enabled": "No"
}
}
}
@@ -2778,6 +2791,12 @@ class TestHDP23StackAdvisor(TestCase):
"storm-site": {
"properties": {
"storm.topology.submission.notifier.plugin.class": "foo"
+ },
+ "property-attributes":{}
+ },
+ "ranger-storm-plugin-properties": {
+ "properties": {
+ "ranger-storm-plugin-enabled": "No"
}
}
},