You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2019/02/16 01:20:17 UTC
[impala] 02/04: IMPALA-8099: Update the build scripts to support
Apache Ranger
This is an automated email from the ASF dual-hosted git repository.
joemcdonnell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit 0cb7187841780cabe368607ff559e493be59db22
Author: fwijaya <fw...@cloudera.com>
AuthorDate: Wed Feb 13 11:05:19 2019 -0800
IMPALA-8099: Update the build scripts to support Apache Ranger
This patch updates the build scripts to suport Apache Ranger:
- Download Apache Ranger
- Setup Apache Ranger database
- Create Apache Ranger configuration files
- Start/stop Apache Ranger
Testing:
- Ran ./buildall.sh -format on a clean repository and was able to start
Ranger without any problem.
- Ran test-with-docker
Change-Id: I249cd64d74518946829e8588ed33d5ac454ffa7b
Reviewed-on: http://gerrit.cloudera.org:8080/12469
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
bin/bootstrap_toolchain.py | 13 +
bin/create-test-configuration.sh | 95 ++--
bin/impala-config.sh | 11 +
buildall.sh | 16 +-
testdata/bin/kill-all.sh | 1 +
.../bin/{kill-all.sh => kill-ranger-server.sh} | 15 +-
testdata/bin/run-all.sh | 4 +
testdata/bin/{kill-all.sh => run-ranger-server.sh} | 19 +-
.../cluster/ranger/install.properties.template | 79 +++
.../kill-all.sh => cluster/ranger/java_home.sh} | 20 +-
.../ranger/ranger-admin-default-site.xml.template | 528 +++++++++++++++++++++
.../ranger/ranger-admin-env-logdir.sh} | 20 +-
.../ranger/ranger-admin-env-piddir.sh} | 21 +-
.../cluster/ranger/ranger-admin-site.xml.template | 297 ++++++++++++
.../cluster/ranger/security-applicationContext.xml | 136 ++++++
15 files changed, 1161 insertions(+), 114 deletions(-)
diff --git a/bin/bootstrap_toolchain.py b/bin/bootstrap_toolchain.py
index 72e8096..14edfb6 100755
--- a/bin/bootstrap_toolchain.py
+++ b/bin/bootstrap_toolchain.py
@@ -415,6 +415,17 @@ def download_cdh_components(toolchain_root, cdh_components, url_prefix):
execute_many(download, cdh_components)
+
+def download_ranger(toolchain_root):
+ env_var_version = "IMPALA_RANGER_VERSION"
+ version = os.environ.get(env_var_version)
+ file_name = "ranger-{0}-admin.tar.gz".format(version)
+ if not version:
+ raise Exception("Could not find version for Ranger in environment var {0}"
+ .format(env_var_version))
+ download_url = "{0}/ranger/{1}/{2}".format(TOOLCHAIN_HOST, version, file_name)
+ wget_and_unpack_package(download_url, file_name, toolchain_root, False)
+
if __name__ == "__main__":
"""Validates the presence of $IMPALA_HOME and $IMPALA_TOOLCHAIN in the environment.-
By checking $IMPALA_HOME is present, we assume that IMPALA_{LIB}_VERSION will be present
@@ -499,3 +510,5 @@ if __name__ == "__main__":
cdh_components = [Package("llama-minikdc")]
download_path_prefix = "{0}/cdh_components/".format(TOOLCHAIN_HOST)
download_cdh_components(toolchain_root, cdh_components, download_path_prefix)
+
+ download_ranger(toolchain_root)
diff --git a/bin/create-test-configuration.sh b/bin/create-test-configuration.sh
index 855fb3d..fc2207d 100755
--- a/bin/create-test-configuration.sh
+++ b/bin/create-test-configuration.sh
@@ -25,8 +25,38 @@ set -euo pipefail
. $IMPALA_HOME/bin/report_build_error.sh
setup_report_build_error
+# Perform search-replace on $1, output to $2.
+# Search $1 ($GCIN) for strings that look like "${FOO}". If FOO is defined in
+# the environment then replace "${FOO}" with the environment value. Also
+# remove or leave special kerberos settings as desired. Sanity check at end.
+function generate_config {
+ GCIN="$1"
+ GCOUT="$2"
+
+ perl -wpl -e 's/\$\{([^}]+)\}/defined $ENV{$1} ? $ENV{$1} : $&/eg' \
+ "${GCIN}" > "${GCOUT}.tmp"
+
+ if [ "${IMPALA_KERBERIZE}" = "" ]; then
+ sed '/<!-- BEGIN Kerberos/,/END Kerberos settings -->/d' \
+ "${GCOUT}.tmp" > "${GCOUT}"
+ else
+ cp "${GCOUT}.tmp" "${GCOUT}"
+ fi
+ rm -f "${GCOUT}.tmp"
+
+ # Check for anything that might have been missed.
+ # Assumes that environment variables will be ALL CAPS...
+ if grep '\${[A-Z_]*}' "${GCOUT}"; then
+ echo "Found undefined variables in ${GCOUT}, aborting"
+ exit 1
+ fi
+
+ echo "Generated `pwd`/${GCOUT}"
+}
+
CREATE_METASTORE=0
CREATE_SENTRY_POLICY_DB=0
+CREATE_RANGER_POLICY_DB=0
: ${IMPALA_KERBERIZE=}
# parse command line options
@@ -39,6 +69,9 @@ do
-create_sentry_policy_db)
CREATE_SENTRY_POLICY_DB=1
;;
+ -create_ranger_policy_db)
+ CREATE_RANGER_POLICY_DB=1
+ ;;
-k|-kerberize|-kerberos|-kerb)
# This could also come in through the environment...
export IMPALA_KERBERIZE=1
@@ -46,6 +79,7 @@ do
-help|*)
echo "[-create_metastore] : If true, creates a new metastore."
echo "[-create_sentry_policy_db] : If true, creates a new sentry policy db."
+ echo "[-create_ranger_policy_db] : If true, creates a new Ranger policy db."
echo "[-kerberize] : Enable kerberos on the cluster"
exit 1
;;
@@ -79,9 +113,13 @@ fi
export CURRENT_USER=`whoami`
CONFIG_DIR=${IMPALA_HOME}/fe/src/test/resources
+RANGER_TEST_CONF_DIR="${IMPALA_HOME}/testdata/cluster/ranger"
+
echo "Config dir: ${CONFIG_DIR}"
echo "Current user: ${CURRENT_USER}"
echo "Metastore DB: ${METASTORE_DB}"
+echo "Sentry DB : ${SENTRY_POLICY_DB}"
+echo "Ranger DB : ${RANGER_POLICY_DB}"
pushd ${CONFIG_DIR}
# Cleanup any existing files
@@ -110,34 +148,15 @@ if [ $CREATE_SENTRY_POLICY_DB -eq 1 ]; then
createdb -U hiveuser $SENTRY_POLICY_DB
fi
-# Perform search-replace on $1, output to $2.
-# Search $1 ($GCIN) for strings that look like "${FOO}". If FOO is defined in
-# the environment then replace "${FOO}" with the environment value. Also
-# remove or leave special kerberos settings as desired. Sanity check at end.
-function generate_config {
- GCIN="$1"
- GCOUT="$2"
-
- perl -wpl -e 's/\$\{([^}]+)\}/defined $ENV{$1} ? $ENV{$1} : $&/eg' \
- "${GCIN}" > "${GCOUT}.tmp"
-
- if [ "${IMPALA_KERBERIZE}" = "" ]; then
- sed '/<!-- BEGIN Kerberos/,/END Kerberos settings -->/d' \
- "${GCOUT}.tmp" > "${GCOUT}"
- else
- cp "${GCOUT}.tmp" "${GCOUT}"
- fi
- rm -f "${GCOUT}.tmp"
-
- # Check for anything that might have been missed.
- # Assumes that environment variables will be ALL CAPS...
- if grep '\${[A-Z_]*}' "${GCOUT}"; then
- echo "Found undefined variables in ${GCOUT}, aborting"
- exit 1
- fi
-
- echo "Generated `pwd`/${GCOUT}"
-}
+if [ $CREATE_RANGER_POLICY_DB -eq 1 ]; then
+ echo "Creating Ranger Policy Server DB"
+ dropdb -U hiveuser "${RANGER_POLICY_DB}" 2> /dev/null || true
+ createdb -U hiveuser "${RANGER_POLICY_DB}"
+ pushd "${RANGER_HOME}"
+ generate_config "${RANGER_TEST_CONF_DIR}/install.properties.template" install.properties
+ python ./db_setup.py
+ popd
+fi
echo "Linking core-site.xml from local cluster"
CLUSTER_HADOOP_CONF_DIR=$(${CLUSTER_DIR}/admin get_hadoop_client_conf_dir)
@@ -176,6 +195,26 @@ fi
popd
+RANGER_SERVER_CONF_DIR="${RANGER_HOME}/ews/webapp/WEB-INF/classes/conf"
+RANGER_SERVER_LIB_DIR="${RANGER_HOME}/ews/webapp/WEB-INF/lib"
+if [[ ! -d "${RANGER_SERVER_CONF_DIR}" ]]; then
+ mkdir -p "${RANGER_SERVER_CONF_DIR}"
+fi
+
+cp -f "${RANGER_TEST_CONF_DIR}/java_home.sh" "${RANGER_SERVER_CONF_DIR}"
+cp -f "${RANGER_TEST_CONF_DIR}/ranger-admin-env-logdir.sh" "${RANGER_SERVER_CONF_DIR}"
+cp -f "${RANGER_TEST_CONF_DIR}/ranger-admin-env-piddir.sh" "${RANGER_SERVER_CONF_DIR}"
+cp -f "${RANGER_TEST_CONF_DIR}/security-applicationContext.xml" \
+ "${RANGER_SERVER_CONF_DIR}"
+cp -f "${POSTGRES_JDBC_DRIVER}" "${RANGER_SERVER_LIB_DIR}"
+
+pushd "${RANGER_SERVER_CONF_DIR}"
+generate_config "${RANGER_TEST_CONF_DIR}/ranger-admin-default-site.xml.template" \
+ ranger-admin-default-site.xml
+generate_config "${RANGER_TEST_CONF_DIR}/ranger-admin-site.xml.template" \
+ ranger-admin-site.xml
+popd
+
echo "Completed config generation"
# Creates a symlink in TARGET_DIR to all subdirectories under SOURCE_DIR
diff --git a/bin/impala-config.sh b/bin/impala-config.sh
index 96d9a6b..d619f1a 100755
--- a/bin/impala-config.sh
+++ b/bin/impala-config.sh
@@ -165,6 +165,7 @@ export IMPALA_HADOOP_VERSION=3.0.0-cdh6.x-SNAPSHOT
export IMPALA_HBASE_VERSION=2.1.0-cdh6.x-SNAPSHOT
export IMPALA_HIVE_VERSION=2.1.1-cdh6.x-SNAPSHOT
export IMPALA_SENTRY_VERSION=2.1.0-cdh6.x-SNAPSHOT
+export IMPALA_RANGER_VERSION=1.2.0
export IMPALA_PARQUET_VERSION=1.9.0-cdh6.x-SNAPSHOT
export IMPALA_AVRO_JAVA_VERSION=1.8.2-cdh6.x-SNAPSHOT
export IMPALA_LLAMA_MINIKDC_VERSION=1.0.0
@@ -281,6 +282,9 @@ export LOCAL_FS="file:${WAREHOUSE_LOCATION_PREFIX}"
ESCAPED_IMPALA_HOME=$(sed "s/[^0-9a-zA-Z]/_/g" <<< "$IMPALA_HOME")
export METASTORE_DB=${METASTORE_DB-$(cut -c-63 <<< HMS$ESCAPED_IMPALA_HOME)}
export SENTRY_POLICY_DB=${SENTRY_POLICY_DB-$(cut -c-63 <<< SP$ESCAPED_IMPALA_HOME)}
+RANGER_POLICY_DB=${RANGER_POLICY_DB-$(cut -c-63 <<< ranger$ESCAPED_IMPALA_HOME)}
+# The DB script in Ranger expects the database name to be in lower case.
+export RANGER_POLICY_DB=$(echo ${RANGER_POLICY_DB} | tr '[:upper:]' '[:lower:]')
# Environment variables carrying AWS security credentials are prepared
# according to the following rules:
@@ -498,6 +502,9 @@ export MINIKDC_HOME="$CDH_COMPONENTS_HOME/llama-minikdc-${IMPALA_LLAMA_MINIKDC_V
export SENTRY_HOME="$CDH_COMPONENTS_HOME/sentry-${IMPALA_SENTRY_VERSION}"
export SENTRY_CONF_DIR="$IMPALA_HOME/fe/src/test/resources"
+export RANGER_HOME="${IMPALA_TOOLCHAIN}/ranger-${IMPALA_RANGER_VERSION}-admin"
+export RANGER_CONF_DIR="$IMPALA_HOME/fe/src/test/resources"
+
# Extract the first component of the hive version.
export IMPALA_HIVE_MAJOR_VERSION=$(echo "$IMPALA_HIVE_VERSION" | cut -d . -f 1)
export HIVE_HOME="$CDH_COMPONENTS_HOME/hive-${IMPALA_HIVE_VERSION}/"
@@ -690,6 +697,10 @@ echo "HIVE_CONF_DIR = $HIVE_CONF_DIR"
echo "HIVE_SRC_DIR = $HIVE_SRC_DIR"
echo "HBASE_HOME = $HBASE_HOME"
echo "HBASE_CONF_DIR = $HBASE_CONF_DIR"
+echo "SENTRY_HOME = $SENTRY_HOME"
+echo "SENTRY_CONF_DIR = $SENTRY_CONF_DIR"
+echo "RANGER_HOME = $RANGER_HOME"
+echo "RANGER_CONF_DIR = $RANGER_CONF_DIR "
echo "MINIKDC_HOME = $MINIKDC_HOME"
echo "THRIFT_HOME = $THRIFT_HOME"
echo "HADOOP_LZO = $HADOOP_LZO"
diff --git a/buildall.sh b/buildall.sh
index 8a182a6..1b56131 100755
--- a/buildall.sh
+++ b/buildall.sh
@@ -55,6 +55,7 @@ TESTS_ACTION=1
FORMAT_CLUSTER=0
FORMAT_METASTORE=0
FORMAT_SENTRY_POLICY_DB=0
+FORMAT_RANGER_POLICY_DB=0
NEED_MINICLUSTER=0
START_IMPALA_CLUSTER=0
IMPALA_KERBERIZE=0
@@ -103,6 +104,7 @@ do
FORMAT_CLUSTER=1
FORMAT_METASTORE=1
FORMAT_SENTRY_POLICY_DB=1
+ FORMAT_RANGER_POLICY_DB=1
;;
-format_cluster)
FORMAT_CLUSTER=1
@@ -113,6 +115,9 @@ do
-format_sentry_policy_db)
FORMAT_SENTRY_POLICY_DB=1
;;
+ -format_ranger_policy_db)
+ FORMAT_RANGER_POLICY_DB=1
+ ;;
-release)
CMAKE_BUILD_TYPE=Release
;;
@@ -202,6 +207,7 @@ do
echo "[-format_cluster] : Format the minicluster [Default: False]"
echo "[-format_metastore] : Format the metastore db [Default: False]"
echo "[-format_sentry_policy_db] : Format the Sentry policy db [Default: False]"
+ echo "[-format_ranger_policy_db] : Format the Ranger policy db [Default: False]"
echo "[-release_and_debug] : Build both release and debug binaries. Overrides "\
"other build types [Default: false]"
echo "[-release] : Release build [Default: debug]"
@@ -324,7 +330,8 @@ if [[ -z "$METASTORE_SNAPSHOT_FILE" && "${TARGET_FILESYSTEM}" != "hdfs" &&
fi
if [[ $TESTS_ACTION -eq 1 || $TESTDATA_ACTION -eq 1 || $FORMAT_CLUSTER -eq 1 ||
- $FORMAT_METASTORE -eq 1 || $FORMAT_SENTRY_POLICY_DB -eq 1 || -n "$SNAPSHOT_FILE" ||
+ $FORMAT_METASTORE -eq 1 || $FORMAT_SENTRY_POLICY_DB -eq 1 ||
+ $FORMAT_RANGER_POLICY_DB -eq 1 || -n "$SNAPSHOT_FILE" ||
-n "$METASTORE_SNAPSHOT_FILE" ]]; then
NEED_MINICLUSTER=1
fi
@@ -444,7 +451,8 @@ reconfigure_test_cluster() {
"${IMPALA_HOME}/bin/start-impala-cluster.py" --kill --force
if [[ "$FORMAT_METASTORE" -eq 1 || "$FORMAT_CLUSTER" -eq 1 ||
- "$FORMAT_SENTRY_POLICY_DB" -eq 1 || -n "$METASTORE_SNAPSHOT_FILE" ]]
+ "$FORMAT_SENTRY_POLICY_DB" -eq 1 || "$FORMAT_RANGER_POLICY_DB" -eq 1 ||
+ -n "$METASTORE_SNAPSHOT_FILE" ]]
then
# Kill any processes that may be accessing postgres metastore. To be safe, this is
# done before we make any changes to the config files.
@@ -461,6 +469,10 @@ reconfigure_test_cluster() {
CREATE_TEST_CONFIG_ARGS+=" -create_sentry_policy_db"
fi
+ if [[ "$FORMAT_RANGER_POLICY_DB" -eq 1 ]]; then
+ CREATE_TEST_CONFIG_ARGS+=" -create_ranger_policy_db"
+ fi
+
if [[ "$FORMAT_METASTORE" -eq 1 && -z "$METASTORE_SNAPSHOT_FILE" ]]; then
CREATE_TEST_CONFIG_ARGS+=" -create_metastore"
fi
diff --git a/testdata/bin/kill-all.sh b/testdata/bin/kill-all.sh
index b6c13a6..cd3ada7 100755
--- a/testdata/bin/kill-all.sh
+++ b/testdata/bin/kill-all.sh
@@ -29,6 +29,7 @@ $IMPALA_HOME/testdata/bin/kill-sentry-service.sh
$IMPALA_HOME/testdata/bin/kill-hive-server.sh
$IMPALA_HOME/testdata/bin/kill-hbase.sh
$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
+$IMPALA_HOME/testdata/bin/kill-ranger-server.sh
for BINARY in impalad statestored catalogd mini-impalad-cluster; do
if pgrep -U $USER $BINARY; then
diff --git a/testdata/bin/kill-all.sh b/testdata/bin/kill-ranger-server.sh
similarity index 64%
copy from testdata/bin/kill-all.sh
copy to testdata/bin/kill-ranger-server.sh
index b6c13a6..8fd0ef2 100755
--- a/testdata/bin/kill-all.sh
+++ b/testdata/bin/kill-ranger-server.sh
@@ -21,17 +21,4 @@ set -euo pipefail
. $IMPALA_HOME/bin/report_build_error.sh
setup_report_build_error
-# Shutdown Impala if it is alive
-${IMPALA_HOME}/bin/start-impala-cluster.py --kill
-
-# Kill HBase, then MiniLlama (which includes a MiniDfs, a Yarn RM several NMs).
-$IMPALA_HOME/testdata/bin/kill-sentry-service.sh
-$IMPALA_HOME/testdata/bin/kill-hive-server.sh
-$IMPALA_HOME/testdata/bin/kill-hbase.sh
-$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
-
-for BINARY in impalad statestored catalogd mini-impalad-cluster; do
- if pgrep -U $USER $BINARY; then
- killall -9 -u $USER -q $BINARY
- fi
-done
+"${RANGER_HOME}"/ews/ranger-admin-services.sh stop
\ No newline at end of file
diff --git a/testdata/bin/run-all.sh b/testdata/bin/run-all.sh
index e42157a..3911e38 100755
--- a/testdata/bin/run-all.sh
+++ b/testdata/bin/run-all.sh
@@ -94,3 +94,7 @@ else
$IMPALA_HOME/testdata/bin/run-sentry-service.sh 2>&1 | \
tee ${IMPALA_CLUSTER_LOGS_DIR}/run-sentry-service.log
fi
+
+echo " --> Starting Ranger Server"
+"${IMPALA_HOME}/testdata/bin/run-ranger-server.sh" 2>&1 | \
+ tee "${IMPALA_CLUSTER_LOGS_DIR}/run-ranger-server.log"
\ No newline at end of file
diff --git a/testdata/bin/kill-all.sh b/testdata/bin/run-ranger-server.sh
similarity index 64%
copy from testdata/bin/kill-all.sh
copy to testdata/bin/run-ranger-server.sh
index b6c13a6..6baccb7 100755
--- a/testdata/bin/kill-all.sh
+++ b/testdata/bin/run-ranger-server.sh
@@ -21,17 +21,10 @@ set -euo pipefail
. $IMPALA_HOME/bin/report_build_error.sh
setup_report_build_error
-# Shutdown Impala if it is alive
-${IMPALA_HOME}/bin/start-impala-cluster.py --kill
+RANGER_LOG_DIR="${IMPALA_CLUSTER_LOGS_DIR}/ranger"
+if [[ ! -d "${RANGER_LOG_DIR}" ]]; then
+ mkdir -p "${RANGER_LOG_DIR}"
+fi
-# Kill HBase, then MiniLlama (which includes a MiniDfs, a Yarn RM several NMs).
-$IMPALA_HOME/testdata/bin/kill-sentry-service.sh
-$IMPALA_HOME/testdata/bin/kill-hive-server.sh
-$IMPALA_HOME/testdata/bin/kill-hbase.sh
-$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
-
-for BINARY in impalad statestored catalogd mini-impalad-cluster; do
- if pgrep -U $USER $BINARY; then
- killall -9 -u $USER -q $BINARY
- fi
-done
+JAVA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=30130" \
+ "${RANGER_HOME}"/ews/ranger-admin-services.sh restart
\ No newline at end of file
diff --git a/testdata/cluster/ranger/install.properties.template b/testdata/cluster/ranger/install.properties.template
new file mode 100755
index 0000000..5358894
--- /dev/null
+++ b/testdata/cluster/ranger/install.properties.template
@@ -0,0 +1,79 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#------------------------- DB CONFIG - BEGIN ----------------------------------
+PYTHON_COMMAND_INVOKER=python
+
+DB_FLAVOR=POSTGRES
+SQL_CONNECTOR_JAR=${POSTGRES_JDBC_DRIVER}
+
+db_root_user=hiveuser
+db_root_password=password
+db_host=localhost
+
+db_ssl_enabled=false
+db_ssl_required=false
+db_ssl_verifyServerCertificate=false
+db_ssl_auth_type=2-way
+
+javax_net_ssl_keyStore=
+javax_net_ssl_keyStorePassword=
+javax_net_ssl_trustStore=
+javax_net_ssl_trustStorePassword=
+
+db_name=${RANGER_POLICY_DB}
+db_user=hiveuser
+db_password=password
+
+rangerAdmin_password=
+rangerTagsync_password=
+rangerUsersync_password=
+keyadmin_password=
+#------------------------- DB CONFIG - END ----------------------------------
+
+# ################# DO NOT MODIFY ANY VARIABLES BELOW #########################
+#
+# --- These deployment variables are not to be modified unless you understand the full impact of the changes
+#
+################################################################################
+XAPOLICYMGR_DIR=$PWD
+app_home=$PWD/ews/webapp
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+LOGFILES="$LOGFILE"
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.7'
+JAVA_ORACLE='Java(TM) SE Runtime Environment'
+
+#mysql_create_user_file=${PWD}/db/mysql/create_dev_user.sql
+mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
+mysql_audit_file=db/mysql/xa_audit_db.sql
+#mysql_asset_file=${PWD}/db/mysql/reset_asset.sql
+
+#oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql
+oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql
+oracle_audit_file=db/oracle/xa_audit_db_oracle.sql
+#oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql
+#
+postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql
+postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
+#
+sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql
+#
+sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql
+cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks
\ No newline at end of file
diff --git a/testdata/bin/kill-all.sh b/testdata/cluster/ranger/java_home.sh
similarity index 57%
copy from testdata/bin/kill-all.sh
copy to testdata/cluster/ranger/java_home.sh
index b6c13a6..18933c9 100755
--- a/testdata/bin/kill-all.sh
+++ b/testdata/cluster/ranger/java_home.sh
@@ -1,4 +1,3 @@
-#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -17,21 +16,4 @@
# specific language governing permissions and limitations
# under the License.
-set -euo pipefail
-. $IMPALA_HOME/bin/report_build_error.sh
-setup_report_build_error
-
-# Shutdown Impala if it is alive
-${IMPALA_HOME}/bin/start-impala-cluster.py --kill
-
-# Kill HBase, then MiniLlama (which includes a MiniDfs, a Yarn RM several NMs).
-$IMPALA_HOME/testdata/bin/kill-sentry-service.sh
-$IMPALA_HOME/testdata/bin/kill-hive-server.sh
-$IMPALA_HOME/testdata/bin/kill-hbase.sh
-$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
-
-for BINARY in impalad statestored catalogd mini-impalad-cluster; do
- if pgrep -U $USER $BINARY; then
- killall -9 -u $USER -q $BINARY
- fi
-done
+export JAVA_HOME=${JAVA_HOME}
diff --git a/testdata/cluster/ranger/ranger-admin-default-site.xml.template b/testdata/cluster/ranger/ranger-admin-default-site.xml.template
new file mode 100644
index 0000000..5386885
--- /dev/null
+++ b/testdata/cluster/ranger/ranger-admin-default-site.xml.template
@@ -0,0 +1,528 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ranger.jdbc.sqlconnectorjar</name>
+ <value>${POSTGRES_JDBC_DRIVER}</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.user</name>
+ <value>ranger</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.group</name>
+ <value>ranger</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ajp.enabled</name>
+ <value>false</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.db.maxrows.default</name>
+ <value>200</value>
+ </property>
+ <property>
+ <name>ranger.db.min_inlist</name>
+ <value>20</value>
+ </property>
+ <property>
+ <name>ranger.ui.defaultDateformat</name>
+ <value>MM/dd/yyyy</value>
+ </property>
+ <property>
+ <name>ranger.db.defaultDateformat</name>
+ <value>yyyy-MM-dd</value>
+ </property>
+
+ <property>
+ <name>ranger.ajax.auth.required.code</name>
+ <value>401</value>
+ </property>
+ <property>
+ <name>ranger.ajax.auth.success.page</name>
+ <value>/ajax_success.html</value>
+ </property>
+ <property>
+ <name>ranger.logout.success.page</name>
+ <value>/login.jsp?action=logged_out</value>
+ </property>
+ <property>
+ <name>ranger.ajax.auth.failure.page</name>
+ <value>/ajax_failure.jsp</value>
+ </property>
+
+ <property>
+ <name>ranger.users.roles.list</name>
+ <value>
+ ROLE_SYS_ADMIN, ROLE_USER, ROLE_OTHER, ROLE_ANON, ROLE_KEY_ADMIN,
+ ROLE_ADMIN_AUDITOR, ROLE_KEY_ADMIN_AUDITOR
+ </value>
+ </property>
+
+ <property>
+ <name>ranger.mail.enabled</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.mail.smtp.auth</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.mail.retry.sleep.ms</name>
+ <value>2000</value>
+ </property>
+ <property>
+ <name>ranger.mail.retry.max.count</name>
+ <value>5</value>
+ </property>
+ <property>
+ <name>ranger.mail.retry.sleep.incr_factor</name>
+ <value>1</value>
+ </property>
+ <property>
+ <name>ranger.mail.listener.enable</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.second_level_cache</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.use_query_cache</name>
+ <value>true</value>
+ </property>
+
+ <property>
+ <name>ranger.user.firstname.maxlength</name>
+ <value>16</value>
+ </property>
+ <property>
+ <name>ranger.bookmark.name.maxlen</name>
+ <value>150</value>
+ </property>
+
+ <property>
+ <name>ranger.rbac.enable</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.rest.paths</name>
+ <value>org.apache.ranger.rest,xa.rest</value>
+ </property>
+
+ <property>
+ <name>ranger.password.hidden</name>
+ <value>*****</value>
+ </property>
+ <property>
+ <name>ranger.resource.accessControl.enabled</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.xuser.createdByUserId</name>
+ <value>1</value>
+ </property>
+
+ <property>
+ <name>ranger.allow.hack</name>
+ <value>1</value>
+ </property>
+
+ <property>
+ <name>ranger.log.SC_NOT_MODIFIED</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.servlet.mapping.url.pattern</name>
+ <value>service</value>
+ </property>
+
+ <property>
+ <name>ranger.file.separator</name>
+ <value>/</value>
+ </property>
+
+ <property>
+ <name>ranger.db.access.filter.enable</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.moderation.enabled</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.userpref.enabled</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.unixauth.remote.login.enabled</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.hostname</name>
+ <value>localhost</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.port</name>
+ <value>5151</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.ssl.enabled</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.debug</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.server.cert.validation</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.unixauth.keystore</name>
+ <value>keystore.jks</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.keystore.credential.alias</name>
+ <value>unixAuthKeyStoreAlias</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.keystore.password</name>
+ <value>_</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.truststore</name>
+ <value>cacerts</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.truststore.credential.alias</name>
+ <value>unixAuthTrustStoreAlias</value>
+ </property>
+ <property>
+ <name>ranger.unixauth.truststore.password</name>
+ <value>_</value>
+ </property>
+
+ <property>
+ <name>maven.project.version</name>
+ <value>0.5.0</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.service.shutdown.port</name>
+ <value>6085</value>
+ </property>
+
+ <property>
+ <name>ranger.service.shutdown.command</name>
+ <value>SHUTDOWN</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.attrib.ssl.protocol</name>
+ <value>TLS</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.attrib.client.auth</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.accesslog.dateformat</name>
+ <value>yyyy-MM-dd</value>
+ </property>
+
+ <property>
+ <name>ranger.accesslog.pattern</name>
+ <value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</value>
+ </property>
+
+ <property>
+ <name>ranger.contextName</name>
+ <value>/</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.showsql</name>
+ <value>false</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.env.local</name>
+ <value>true</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.dialect</name>
+ <value>org.eclipse.persistence.platform.database.PostgreSQLPlatform</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.maxpoolsize</name>
+ <value>40</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.minpoolsize</name>
+ <value>5</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.initialpoolsize</name>
+ <value>5</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.maxidletime</name>
+ <value>300</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.maxstatements</name>
+ <value>500</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.preferredtestquery</name>
+ <value>select 1;</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.idleconnectiontestperiod</name>
+ <value>60</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.jdbc.credential.alias</name>
+ <value>ranger.db.password</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.credential.provider.path</name>
+ <value>${RANGER_HOME}/ews/webapp/WEB-INF/classes/conf/.jceks/rangeradmin.jceks</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.logs.base.dir</name>
+ <value>user.home</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.audit.jdbc.dialect</name>
+ <value>org.eclipse.persistence.platform.database.PostgreSQLPlatform</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.audit.jdbc.credential.alias</name>
+ <value>ranger.auditdb.password</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.ldap.binddn.credential.alias</name>
+ <value>ranger.ldap.binddn.password</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.binddn.credential.alias</name>
+ <value>ranger.ad.binddn.password</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.resource.lookup.timeout.value.in.ms</name>
+ <value>1000</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.validate.config.timeout.value.in.ms</name>
+ <value>10000</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.timed.executor.max.threadpool.size</name>
+ <value>10</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.timed.executor.queue.size</name>
+ <value>100</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.solr.audit.credential.alias</name>
+ <value>ranger.solr.password</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.sha256Password.update.disable</name>
+ <value>true</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.jpa.audit.jdbc.driver</name>
+ <value>org.postgresql.Driver</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.jpa.audit.jdbc.url</name>
+ <value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.jpa.audit.jdbc.user</name>
+ <value>rangerlogger</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.jpa.audit.jdbc.password</name>
+ <value>rangerlogger</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.supportedcomponents</name>
+ <value/>
+ </property>
+
+ <property>
+ <name>ranger.sso.cookiename</name>
+ <value>hadoop-jwt</value>
+ </property>
+ <property>
+ <name>ranger.sso.query.param.originalurl</name>
+ <value>originalUrl</value>
+ </property>
+ <property>
+ <name>ranger.rest-csrf.enabled</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.rest-csrf.custom-header</name>
+ <value>X-XSRF-HEADER</value>
+ </property>
+ <property>
+ <name>ranger.rest-csrf.methods-to-ignore</name>
+ <value>GET,OPTIONS,HEAD,TRACE</value>
+ </property>
+ <property>
+ <name>ranger.rest-csrf.browser-useragents-regex</name>
+ <value>Mozilla,Opera,Chrome</value>
+ </property>
+ <property>
+ <name>ranger.krb.browser-useragents-regex</name>
+ <value>Mozilla,Opera,Chrome</value>
+ </property>
+ <property>
+ <name>ranger.db.ssl.enabled</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.db.ssl.required</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.db.ssl.verifyServerCertificate</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.db.ssl.auth.type</name>
+ <value>2-way</value>
+ </property>
+ <property>
+ <name>ranger.keystore.file</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.keystore.alias</name>
+ <value>keyStoreAlias</value>
+ </property>
+ <property>
+ <name>ranger.keystore.password</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.truststore.file</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.truststore.alias</name>
+ <value>trustStoreAlias</value>
+ </property>
+ <property>
+ <name>ranger.truststore.password</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled.protocols</name>
+ <value>SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2</value>
+ </property>
+
+ <property>
+ <name>ranger.password.encryption.key</name>
+ <value>tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV</value>
+ </property>
+ <property>
+ <name>ranger.password.salt</name>
+ <value>f77aLYLo</value>
+ </property>
+ <property>
+ <name>ranger.password.iteration.count</name>
+ <value>1000</value>
+ </property>
+ <property>
+ <name>ranger.password.encryption.algorithm</name>
+ <value>PBEWithMD5AndDES</value>
+ </property>
+ <property>
+ <name>ranger.default.browser-useragents</name>
+ <value>Mozilla,Opera,Chrome</value>
+ </property>
+</configuration>
diff --git a/testdata/bin/kill-all.sh b/testdata/cluster/ranger/ranger-admin-env-logdir.sh
similarity index 57%
copy from testdata/bin/kill-all.sh
copy to testdata/cluster/ranger/ranger-admin-env-logdir.sh
index b6c13a6..0806ef9 100755
--- a/testdata/bin/kill-all.sh
+++ b/testdata/cluster/ranger/ranger-admin-env-logdir.sh
@@ -1,4 +1,3 @@
-#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -17,21 +16,4 @@
# specific language governing permissions and limitations
# under the License.
-set -euo pipefail
-. $IMPALA_HOME/bin/report_build_error.sh
-setup_report_build_error
-
-# Shutdown Impala if it is alive
-${IMPALA_HOME}/bin/start-impala-cluster.py --kill
-
-# Kill HBase, then MiniLlama (which includes a MiniDfs, a Yarn RM several NMs).
-$IMPALA_HOME/testdata/bin/kill-sentry-service.sh
-$IMPALA_HOME/testdata/bin/kill-hive-server.sh
-$IMPALA_HOME/testdata/bin/kill-hbase.sh
-$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
-
-for BINARY in impalad statestored catalogd mini-impalad-cluster; do
- if pgrep -U $USER $BINARY; then
- killall -9 -u $USER -q $BINARY
- fi
-done
+export RANGER_ADMIN_LOG_DIR=${IMPALA_CLUSTER_LOGS_DIR}/ranger
diff --git a/testdata/bin/kill-all.sh b/testdata/cluster/ranger/ranger-admin-env-piddir.sh
similarity index 57%
copy from testdata/bin/kill-all.sh
copy to testdata/cluster/ranger/ranger-admin-env-piddir.sh
index b6c13a6..47dc543 100755
--- a/testdata/bin/kill-all.sh
+++ b/testdata/cluster/ranger/ranger-admin-env-piddir.sh
@@ -1,4 +1,3 @@
-#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -17,21 +16,5 @@
# specific language governing permissions and limitations
# under the License.
-set -euo pipefail
-. $IMPALA_HOME/bin/report_build_error.sh
-setup_report_build_error
-
-# Shutdown Impala if it is alive
-${IMPALA_HOME}/bin/start-impala-cluster.py --kill
-
-# Kill HBase, then MiniLlama (which includes a MiniDfs, a Yarn RM several NMs).
-$IMPALA_HOME/testdata/bin/kill-sentry-service.sh
-$IMPALA_HOME/testdata/bin/kill-hive-server.sh
-$IMPALA_HOME/testdata/bin/kill-hbase.sh
-$IMPALA_HOME/testdata/bin/kill-mini-dfs.sh
-
-for BINARY in impalad statestored catalogd mini-impalad-cluster; do
- if pgrep -U $USER $BINARY; then
- killall -9 -u $USER -q $BINARY
- fi
-done
+export RANGER_PID_DIR_PATH=/tmp
+export RANGER_USER=${USER}
diff --git a/testdata/cluster/ranger/ranger-admin-site.xml.template b/testdata/cluster/ranger/ranger-admin-site.xml.template
new file mode 100644
index 0000000..a4b557b
--- /dev/null
+++ b/testdata/cluster/ranger/ranger-admin-site.xml.template
@@ -0,0 +1,297 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ranger.jpa.jdbc.driver</name>
+ <value>org.postgresql.Driver</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.url</name>
+ <value>jdbc:postgresql://localhost/${RANGER_POLICY_DB}</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.user</name>
+ <value>hiveuser</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.password</name>
+ <value>password</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.externalurl</name>
+ <value>http://localhost:6080</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.scheduler.enabled</name>
+ <value>true</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.urls</name>
+ <value>http://localhost:6083/solr/ranger_audits</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.audit.source.type</name>
+ <value>db</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.service.http.enabled</name>
+ <value>true</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.authentication.method</name>
+ <value>NONE</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.url</name>
+ <value>ldap://</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.dnpattern</name>
+ <value>uid={0},ou=users,dc=xasecure,dc=net</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchbase</name>
+ <value>ou=groups,dc=xasecure,dc=net</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchfilter</name>
+ <value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.roleattribute</name>
+ <value>cn</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.base.dn</name>
+ <value/>
+ <description>LDAP base dn or search base</description>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.dn</name>
+ <value/>
+ <description>LDAP bind dn or manager dn</description>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.password</name>
+ <value/>
+ <description>LDAP bind password</description>
+ </property>
+ <property>
+ <name>ranger.ldap.default.role</name>
+ <value>ROLE_USER</value>
+ </property>
+ <property>
+ <name>ranger.ldap.referral</name>
+ <value/>
+ <description>follow or ignore</description>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.domain</name>
+ <value>example.com</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.url</name>
+ <value/>
+ <description>ldap://</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>AD base dn or search base</description>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.dn</name>
+ <value>cn=administrator,ou=users,dc=example,dc=com</value>
+ <description>AD bind dn or manager dn</description>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.password</name>
+ <value/>
+ <description>AD bind password</description>
+ </property>
+
+ <property>
+ <name>ranger.ldap.ad.referral</name>
+ <value/>
+ <description>follow or ignore</description>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.attrib.keystore.keyalias</name>
+ <value>myKey</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.attrib.keystore.pass</name>
+ <value>_</value>
+ </property>
+
+ <property>
+ <name>ranger.service.host</name>
+ <value>localhost</value>
+ </property>
+
+ <property>
+ <name>ranger.service.http.port</name>
+ <value>6080</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>6182</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.attrib.keystore.file</name>
+ <value>/etc/ranger/admin/keys/server.jks</value>
+ </property>
+
+ <property>
+ <name>ranger.solr.audit.user</name>
+ <value/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.solr.audit.user.password</name>
+ <value/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.zookeepers</name>
+ <value/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.searchfilter</name>
+ <value>(uid={0})</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.user.searchfilter</name>
+ <value>(sAMAccountName={0})</value>
+ <description/>
+ </property>
+
+ <property>
+ <name>ranger.sso.providerurl</name>
+ <value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso</value>
+ </property>
+ <property>
+ <name>ranger.sso.publicKey</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.sso.enabled</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>ranger.sso.browser.useragent</name>
+ <value>Mozilla,chrome</value>
+ </property>
+
+ <property>
+ <name>ranger.admin.kerberos.token.valid.seconds</name>
+ <value>30</value>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.domain</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.path</name>
+ <value>/</value>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.principal</name>
+ <value>rangeradmin/_HOST@REALM</value>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.keytab</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.principal</name>
+ <value>HTTP/_HOST@REALM</value>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.keytab</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.principal</name>
+ <value>rangerlookup/_HOST@REALM</value>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.keytab</name>
+ <value/>
+ </property>
+
+ <property>
+ <name>ranger.supportedcomponents</name>
+ <value/>
+ </property>
+ <property>
+ <name>ranger.downloadpolicy.session.log.enabled</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>ranger.kms.service.user.hdfs</name>
+ <value>hdfs</value>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hive</name>
+ <value>hive</value>
+ </property>
+
+ <property>
+ <name>ranger.audit.hive.query.visibility</name>
+ <value>true</value>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.credential.alias</name>
+ <value>keyStoreCredentialAlias</value>
+ </property>
+ <property>
+ <name>ranger.tomcat.ciphers</name>
+ <value/>
+ </property>
+</configuration>
\ No newline at end of file
diff --git a/testdata/cluster/ranger/security-applicationContext.xml b/testdata/cluster/ranger/security-applicationContext.xml
new file mode 100644
index 0000000..93c4816
--- /dev/null
+++ b/testdata/cluster/ranger/security-applicationContext.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+ xmlns:beans="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-4.2.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-4.3.xsd
+ http://www.springframework.org/schema/security/oauth2
+ http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
+ <security:http pattern="/login.jsp" security="none"/>
+ <security:http pattern="/styles/**" security="none"/>
+ <security:http pattern="/fonts/**" security="none"/>
+ <security:http pattern="/scripts/**" security="none"/>
+ <security:http pattern="/libs/**" security="none"/>
+ <security:http pattern="/images/**" security="none"/>
+ <security:http pattern="/templates/**" security="none"/>
+ <security:http pattern="/service/assets/policyList/*" security="none"/>
+ <security:http pattern="/service/assets/resources/grant" security="none"/>
+ <security:http pattern="/service/assets/resources/revoke" security="none"/>
+ <security:http pattern="/service/plugins/policies/download/*" security="none"/>
+ <security:http pattern="/service/plugins/services/grant/*" security="none"/>
+ <security:http pattern="/service/plugins/services/revoke/*" security="none"/>
+ <security:http pattern="/service/tags/download/*" security="none"/>
+
+ <security:http disable-url-rewriting="true" use-expressions="true"
+ create-session="always"
+ entry-point-ref="authenticationProcessingFilterEntryPoint">
+ <csrf disabled="true"/>
+ <security:session-management session-fixation-protection="newSession"/>
+ <intercept-url pattern="/**" access="isAuthenticated()"/>
+ <custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER"/>
+ <security:custom-filter ref="krbAuthenticationFilter"
+ after="SERVLET_API_SUPPORT_FILTER"/>
+ <security:custom-filter ref="CSRFPreventionFilter" after="REMEMBER_ME_FILTER"/>
+ <security:custom-filter position="FORM_LOGIN_FILTER"
+ ref="customUsernamePasswordAuthenticationFilter"/>
+ <security:custom-filter position="LAST" ref="userContextFormationFilter"/>
+
+ <security:access-denied-handler error-page="/public/failedLogin.jsp?access_denied=1"/>
+ <security:logout delete-cookies="RANGERADMINSESSIONID,xa_rmc" logout-url="/logout"
+ success-handler-ref="customLogoutSuccessHandler"/>
+ <http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/>
+ </security:http>
+
+ <beans:bean id="customAccessDecisionManager"
+ class="org.springframework.security.access.vote.AffirmativeBased">
+ <beans:constructor-arg>
+ <beans:list>
+ <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+ <beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
+ </beans:list>
+ </beans:constructor-arg>
+ </beans:bean>
+
+ <beans:bean id="customUsernamePasswordAuthenticationFilter"
+ class="org.apache.ranger.security.web.filter.RangerUsernamePasswordAuthenticationFilter">
+ <beans:property name="authenticationManager" ref="authenticationManager"/>
+ <beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/>
+ <beans:property name="authenticationFailureHandler" ref="ajaxAuthFailureHandler"/>
+ </beans:bean>
+
+ <beans:bean id="authenticationProcessingFilterEntryPoint"
+ class="org.apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint">
+ <beans:constructor-arg value="/login.jsp"/>
+ </beans:bean>
+
+ <beans:bean id="ajaxAuthSuccessHandler"
+ class="org.apache.ranger.security.web.authentication.RangerAuthSuccessHandler">
+ <beans:property name="defaultTargetUrl" value="/dashboard.jsp"/>
+ </beans:bean>
+
+ <beans:bean id="ajaxAuthFailureHandler"
+ class="org.apache.ranger.security.web.authentication.RangerAuthFailureHandler">
+ <beans:property name="defaultFailureUrl"
+ value="/public/failedLogin.jsp?login_error=1"/>
+ </beans:bean>
+
+ <beans:bean id="customLogoutSuccessHandler"
+ class="org.apache.ranger.security.web.authentication.CustomLogoutSuccessHandler">
+ </beans:bean>
+
+ <beans:bean id="krbAuthenticationFilter"
+ class="org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter">
+ </beans:bean>
+
+ <beans:bean id="CSRFPreventionFilter"
+ class="org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter">
+ </beans:bean>
+
+ <beans:bean id="ssoAuthenticationFilter"
+ class="org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter">
+ </beans:bean>
+
+ <beans:bean id="userContextFormationFilter"
+ class="org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter"/>
+
+ <security:jdbc-user-service id="userService" data-source-ref="defaultDataSource"
+ users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=?"
+ group-authorities-by-username-query=""
+ authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role WHERE usr.LOGIN_ID=? AND usr_role.USER_ID = usr.ID"
+ />
+ <beans:bean id="customAuthenticationProvider"
+ class="org.apache.ranger.security.handler.RangerAuthenticationProvider">
+ <beans:property name="rangerAuthenticationMethod"
+ value="${ranger.authentication.method}"/>
+ </beans:bean>
+
+ <security:authentication-manager alias="authenticationManager">
+ <security:authentication-provider ref="customAuthenticationProvider"/>
+ </security:authentication-manager>
+ <security:global-method-security pre-post-annotations="enabled"/>
+ <beans:bean id="securityEventListener"
+ class="org.apache.ranger.security.listener.SpringEventListener"/>
+</beans:beans>