You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2022/03/09 21:24:43 UTC
[ranger] branch master updated: RANGER-3658: Docker setup updated to run Ranger containers with ranger user identity
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 63ae590 RANGER-3658: Docker setup updated to run Ranger containers with ranger user identity
63ae590 is described below
commit 63ae590864def7c33d9c2b0b8f8a2faca202abfb
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Tue Mar 8 08:23:54 2022 -0800
RANGER-3658: Docker setup updated to run Ranger containers with ranger user identity
---
dev-support/ranger-docker/Dockerfile.ranger | 2 ++
.../ranger-docker/Dockerfile.ranger-tagsync | 11 +++++++++-
.../ranger-docker/Dockerfile.ranger-usersync | 11 +++++++++-
.../ranger-docker/scripts/ranger-tagsync.sh | 2 +-
.../ranger-docker/scripts/ranger-usersync.sh | 2 +-
dev-support/ranger-docker/scripts/ranger.sh | 4 ++--
tagsync/scripts/setup.py | 10 ++++-----
unixauthservice/scripts/setup.py | 24 +++++++++++++---------
8 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/dev-support/ranger-docker/Dockerfile.ranger b/dev-support/ranger-docker/Dockerfile.ranger
index 16492d4..b3b75c5 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger
+++ b/dev-support/ranger-docker/Dockerfile.ranger
@@ -36,4 +36,6 @@ RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory
mkdir -p /usr/share/java/ && \
mv /home/ranger/dist/postgresql-42.2.16.jre7.jar /usr/share/java/postgresql.jar
+USER ranger
+
ENTRYPOINT [ "/home/ranger/scripts/ranger.sh" ]
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-tagsync b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
index 31f8446..28dadd4 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-tagsync
+++ b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
@@ -34,6 +34,15 @@ RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-tagsync.tar.gz --directo
mkdir -p /var/run/ranger && \
mkdir -p /var/log/ranger/tagsync && \
ln -s /usr/bin/python3 /usr/bin/python && \
- chown -R ranger:ranger ${RANGER_HOME}/tagsync/ /var/run/ranger/ /var/log/ranger/
+ mkdir -p /etc/ranger && \
+ touch /etc/init.d/ranger-tagsync && \
+ ln -s /etc/init.d/ranger-tagsync /etc/rc2.d/S99ranger-tagsync && \
+ ln -s /etc/init.d/ranger-tagsync /etc/rc2.d/K00ranger-tagsync && \
+ ln -s /etc/init.d/ranger-tagsync /etc/rc3.d/S99ranger-tagsync && \
+ ln -s /etc/init.d/ranger-tagsync /etc/rc3.d/K00ranger-tagsync && \
+ ln -s ${RANGER_HOME}/tagsync/ranger-tagsync-services.sh /usr/bin/ranger-tagsync-services.sh && \
+ chown -R ranger:ranger ${RANGER_HOME}/tagsync/ /var/run/ranger/ /var/log/ranger/ /etc/ranger /etc/init.d/ranger-tagsync
+
+USER ranger
ENTRYPOINT [ "/home/ranger/scripts/ranger-tagsync.sh" ]
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-usersync b/dev-support/ranger-docker/Dockerfile.ranger-usersync
index b1738f8..ba7859e 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-usersync
+++ b/dev-support/ranger-docker/Dockerfile.ranger-usersync
@@ -31,6 +31,15 @@ RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-usersync.tar.gz --direct
mkdir -p /var/run/ranger && \
mkdir -p /var/log/ranger/usersync && \
ln -s /usr/bin/python3 /usr/bin/python && \
- chown -R ranger:ranger ${RANGER_HOME}/usersync/ /var/run/ranger/ /var/log/ranger/
+ mkdir -p /etc/ranger && \
+ touch /etc/init.d/ranger-usersync && \
+ ln -s /etc/init.d/ranger-usersync /etc/rc2.d/S99ranger-usersync && \
+ ln -s /etc/init.d/ranger-usersync /etc/rc2.d/K00ranger-usersync && \
+ ln -s /etc/init.d/ranger-usersync /etc/rc3.d/S99ranger-usersync && \
+ ln -s /etc/init.d/ranger-usersync /etc/rc3.d/K00ranger-usersync && \
+ ln -s ${RANGER_HOME}/usersync/ranger-usersync-services.sh /usr/bin/ranger-usersync && \
+ chown -R ranger:ranger ${RANGER_HOME}/usersync/ /var/run/ranger/ /var/log/ranger/ /etc/ranger /etc/init.d/ranger-usersync
+
+USER ranger
ENTRYPOINT [ "/home/ranger/scripts/ranger-usersync.sh" ]
diff --git a/dev-support/ranger-docker/scripts/ranger-tagsync.sh b/dev-support/ranger-docker/scripts/ranger-tagsync.sh
index f761394..88fb524 100755
--- a/dev-support/ranger-docker/scripts/ranger-tagsync.sh
+++ b/dev-support/ranger-docker/scripts/ranger-tagsync.sh
@@ -31,7 +31,7 @@ then
touch ${RANGER_HOME}/.setupDone
fi
-su -c "cd ${RANGER_HOME}/tagsync && ./ranger-tagsync-services.sh start" ranger
+cd ${RANGER_HOME}/tagsync && ./ranger-tagsync-services.sh start
RANGER_TAGSYNC_PID=`ps -ef | grep -v grep | grep -i "org.apache.ranger.tagsync.process.TagSynchronizer" | awk '{print $2}'`
diff --git a/dev-support/ranger-docker/scripts/ranger-usersync.sh b/dev-support/ranger-docker/scripts/ranger-usersync.sh
index 48287d2..63f94ad 100755
--- a/dev-support/ranger-docker/scripts/ranger-usersync.sh
+++ b/dev-support/ranger-docker/scripts/ranger-usersync.sh
@@ -31,7 +31,7 @@ then
touch ${RANGER_HOME}/.setupDone
fi
-su -c "cd ${RANGER_HOME}/usersync && ./start.sh" ranger
+cd ${RANGER_HOME}/usersync && ./start.sh
RANGER_USERSYNC_PID=`ps -ef | grep -v grep | grep -i "org.apache.ranger.authentication.UnixAuthenticationService" | awk '{print $2}'`
diff --git a/dev-support/ranger-docker/scripts/ranger.sh b/dev-support/ranger-docker/scripts/ranger.sh
index 46030b1..6648724 100755
--- a/dev-support/ranger-docker/scripts/ranger.sh
+++ b/dev-support/ranger-docker/scripts/ranger.sh
@@ -26,12 +26,12 @@ fi
if [ "${SETUP_RANGER}" == "true" ]
then
- su -c "cd ${RANGER_HOME}/admin && ./setup.sh" ranger
+ cd ${RANGER_HOME}/admin && ./setup.sh
touch ${RANGER_HOME}/.setupDone
fi
-su -c "cd ${RANGER_HOME}/admin && ./ews/ranger-admin-services.sh start" ranger
+cd ${RANGER_HOME}/admin && ./ews/ranger-admin-services.sh start
if [ "${SETUP_RANGER}" == "true" ]
then
diff --git a/tagsync/scripts/setup.py b/tagsync/scripts/setup.py
index 1b88ae2..6ac3056 100755
--- a/tagsync/scripts/setup.py
+++ b/tagsync/scripts/setup.py
@@ -318,16 +318,14 @@ def initializeInitD():
for prefix in initPrefixList:
scriptFn = prefix + initdProgramName
scriptName = join(rcDir, scriptFn)
- if isfile(scriptName):
- os.remove(scriptName)
+ if not (isfile(scriptName) or os.path.islink(scriptName)):
+ os.symlink(initdFn,scriptName)
#print "+ ln -sf %s %s" % (initdFn, scriptName)
- os.symlink(initdFn,scriptName)
tagSyncScriptName = "ranger-tagsync-services.sh"
localScriptName = os.path.abspath(join(installPropDirName,tagSyncScriptName))
ubinScriptName = join("/usr/bin",tagSyncScriptName)
- if isfile(ubinScriptName) or os.path.islink(ubinScriptName):
- os.remove(ubinScriptName)
- os.symlink(localScriptName,ubinScriptName)
+ if not (isfile(ubinScriptName) or os.path.islink(ubinScriptName)):
+ os.symlink(localScriptName,ubinScriptName)
def write_env_files(exp_var_name, log_path, file_name):
final_path = "{0}/{1}".format(confBaseDirName,file_name)
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index 13d6441..1ddeb0c 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -343,15 +343,13 @@ def initializeInitD(ownerName):
for prefix in initPrefixList:
scriptFn = prefix + initdProgramName
scriptName = join(rcDir, scriptFn)
- if isfile(scriptName) or os.path.islink(scriptName):
- os.remove(scriptName)
- os.symlink(initdFn, scriptName)
+ if not (isfile(scriptName) or os.path.islink(scriptName)):
+ os.symlink(initdFn, scriptName)
userSyncScriptName = "ranger-usersync-services.sh"
localScriptName = os.path.abspath(join(RANGER_USERSYNC_HOME, userSyncScriptName))
ubinScriptName = join("/usr/bin", initdProgramName)
- if isfile(ubinScriptName) or os.path.islink(ubinScriptName):
- os.remove(ubinScriptName)
- os.symlink(localScriptName, ubinScriptName)
+ if not (isfile(ubinScriptName) or os.path.islink(ubinScriptName)):
+ os.symlink(localScriptName, ubinScriptName)
def createJavaKeystoreForSSL(fn, passwd):
@@ -575,15 +573,21 @@ def main():
os.chmod(fn, 0o750)
if isfile(nativeAuthProgramName):
- os.chown(nativeAuthProgramName, rootOwnerId, groupId)
- os.chmod(nativeAuthProgramName, 0o750)
+ try:
+ os.chown(nativeAuthProgramName, rootOwnerId, groupId)
+ os.chmod(nativeAuthProgramName, 0o750)
+ except PermissionError:
+ print("WARNING: chmod(4550), chown(%s:%s) failed for Unix Authentication Program (%s) " % ("root", groupName, nativeAuthProgramName))
else:
print("WARNING: Unix Authentication Program (%s) is not available for setting chmod(4550), chown(%s:%s) " % (
nativeAuthProgramName, "root", groupName))
if isfile(pamAuthProgramName):
- os.chown(pamAuthProgramName, rootOwnerId, groupId)
- os.chmod(pamAuthProgramName, 0o750)
+ try:
+ os.chown(pamAuthProgramName, rootOwnerId, groupId)
+ os.chmod(pamAuthProgramName, 0o750)
+ except PermissionError:
+ print("WARNING: chmod(0o750), chown(%s:%s) failed for Unix Authentication Program (%s) " % ("root", groupName, pamAuthProgramName))
else:
print("WARNING: Unix Authentication Program (%s) is not available for setting chmod(4550), chown(%s:%s) " % (
pamAuthProgramName, "root", groupName))