You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2017/07/13 16:39:15 UTC
[09/12] ambari git commit: AMBARI-21464 - Ranger is Missing from BigInsights to HDP Upgrade Packs (jonathanhurley)
AMBARI-21464 - Ranger is Missing from BigInsights to HDP Upgrade Packs (jonathanhurley)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0cb9194f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0cb9194f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0cb9194f
Branch: refs/heads/branch-feature-AMBARI-21348
Commit: 0cb9194f568534f7dde7d881fc31f06a619759f9
Parents: 69e492f
Author: Jonathan Hurley <jh...@hortonworks.com>
Authored: Wed Jul 12 21:32:10 2017 -0400
Committer: Jonathan Hurley <jh...@hortonworks.com>
Committed: Wed Jul 12 21:32:10 2017 -0400
----------------------------------------------------------------------
.../4.2.5/upgrades/config-upgrade.xml | 68 +++++++
.../upgrades/nonrolling-upgrade-to-hdp-2.6.xml | 164 ++++++++++++++++
.../BigInsights/4.2/upgrades/config-upgrade.xml | 94 +++++++++
.../upgrades/nonrolling-upgrade-to-hdp-2.6.xml | 190 +++++++++++++++++++
4 files changed, 516 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/0cb9194f/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/config-upgrade.xml
index b51a744..e33b8fb 100644
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/config-upgrade.xml
@@ -63,6 +63,74 @@
</component>
</service>
+ <service name="RANGER">
+ <component name="RANGER_ADMIN">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="bind_anonymous" />
+ </definition>
+ <definition xsi:type="configure" id="admin_log4j_parameterize" summary="Parameterizing Ranger Log4J Properties">
+ <type>admin-log4j</type>
+ <set key="ranger_xa_log_maxfilesize" value="256"/>
+ <set key="ranger_xa_log_maxbackupindex" value="20"/>
+ <replace key="content" find="log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.xa_log_appender.MaxFileSize={{ranger_xa_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.xa_log_appender.MaxBackupIndex={{ranger_xa_log_maxbackupindex}}"/>
+ </definition>
+ </changes>
+ </component>
+ <component name="RANGER_USERSYNC">
+ <changes>
+ <definition xsi:type="configure" id="usersync_log4j_parameterize" summary="Parameterizing Ranger Usersync Log4J Properties">
+ <type>usersync-log4j</type>
+ <set key="ranger_usersync_log_maxfilesize" value="256"/>
+ <set key="ranger_usersync_log_maxbackupindex" value="20"/>
+ <replace key="content" find="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logFile.MaxFileSize = {{ranger_usersync_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logFile.MaxBackupIndex = {{ranger_usersync_log_maxbackupindex}}"/>
+ </definition>
+
+ <definition xsi:type="configure" id="hdp_2_6_0_0_disable_delta_sync_during_upgrade">
+ <type>ranger-ugsync-site</type>
+ <set key="ranger.usersync.ldap.deltasync" value="false"
+ if-type="ranger-ugsync-site" if-key="ranger.usersync.source.impl.class" if-value="org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder"/>
+ </definition>
+ </changes>
+ </component>
+ <component name="RANGER_TAGSYNC">
+ <changes>
+ <definition xsi:type="configure" id="tagsync_log4j_parameterize" summary="Parameterizing Ranger Tagsync Log4J Properties">
+ <type>tagsync-log4j</type>
+ <set key="ranger_tagsync_log_maxfilesize" value="256"/>
+ <set key="ranger_tagsync_log_number_of_backup_files" value="20"/>
+ <replace key="content" find="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logFile.MaxFileSize = {{ranger_tagsync_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logFile.MaxBackupIndex = {{ranger_tagsync_log_number_of_backup_files}}"/>
+ </definition>
+ </changes>
+ </component>
+ </service>
+ <service name="RANGER_KMS">
+ <component name="RANGER_KMS_SERVER">
+ <changes>
+ <definition xsi:type="configure" id="kms_log4j_parameterize" summary="Parameterizing Ranger KMS Log4J Properties">
+ <type>kms-log4j</type>
+ <set key="ranger_kms_log_maxfilesize" value="256"/>
+ <set key="ranger_kms_log_maxbackupindex" value="20"/>
+ <set key="ranger_kms_audit_log_maxfilesize" value="256"/>
+ <set key="ranger_kms_audit_log_maxbackupindex" value="20"/>
+ <replace key="content" find="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms.MaxFileSize = {{ranger_kms_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms.MaxBackupIndex = {{ranger_kms_log_maxbackupindex}}"/>
+ <replace key="content" find="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms-audit.MaxFileSize = {{ranger_kms_audit_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms-audit.MaxBackupIndex = {{ranger_kms_audit_log_maxbackupindex}}"/>
+ </definition>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_ranger_kms_duplicate_ssl">
+ <type>ranger-kms-site</type>
+ <transfer operation="delete" delete-key="ranger.https.attrib.keystore.file" if-type="ranger-kms-site" if-key="ranger.service.https.attrib.keystore.file" if-key-state="present"/>
+ <transfer operation="delete" delete-key="ranger.service.https.attrib.clientAuth" if-type="ranger-kms-site" if-key="ranger.service.https.attrib.client.auth" if-key-state="present"/>
+ </definition>
+ </changes>
+ </component>
+ </service>
+
<service name="HIVE">
<component name="HIVE_SERVER">
<changes>
http://git-wip-us.apache.org/repos/asf/ambari/blob/0cb9194f/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/nonrolling-upgrade-to-hdp-2.6.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
index 2c82cb3..5f1e06c 100644
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
@@ -25,6 +25,7 @@
<prerequisite-checks>
<check>org.apache.ambari.server.checks.ServicesYarnWorkPreservingCheck</check>
<check>org.apache.ambari.server.checks.JavaVersionCheck</check>
+ <check>org.apache.ambari.server.checks.RangerSSLConfigCheck</check>
<configuration>
<!-- Configuration properties for all pre-reqs including required pre-reqs -->
<check-properties name="org.apache.ambari.server.checks.HiveDynamicServiceDiscoveryCheck">
@@ -117,6 +118,18 @@
<function>prepare_express_upgrade</function>
</task>
</execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Backup Ranger Database">
+ <task xsi:type="manual">
+ <message>Before continuing, please backup the Ranger Admin database on the following host(s): {{hosts.all}}.</message>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Backup Ranger KMS Database">
+ <task xsi:type="manual">
+ <message>Before continuing, please backup Ranger KMS database on the following host(s): {{hosts.all}}.</message>
+ </task>
+ </execute-stage>
</group>
<group xsi:type="stop" name="STOP_LOW_LEVEL_SERVICE_COMPONENTS" title="Stop Components for Core Services">
@@ -140,6 +153,16 @@
<component>NFS_GATEWAY</component>
</service>
+ <service name="RANGER">
+ <component>RANGER_USERSYNC</component>
+ <component>RANGER_ADMIN</component>
+ <component>RANGER_TAGSYNC</component>
+ </service>
+
+ <service name="RANGER_KMS">
+ <component>RANGER_KMS_SERVER</component>
+ </service>
+
<service name="ZOOKEEPER">
<component>ZOOKEEPER_SERVER</component>
</service>
@@ -187,6 +210,44 @@
<task xsi:type="configure" id="biginsights_4_2_hbase_env_config" />
</execute-stage>
+ <!--RANGER-->
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Parameterizing Ranger Admin Log4J Properties">
+ <task xsi:type="configure" id="admin_log4j_parameterize">
+ <summary>Updating the Ranger admin Log4J properties to include parameterizations</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_USERSYNC" title="Parameterizing Ranger Usersync Log4J Properties">
+ <task xsi:type="configure" id="usersync_log4j_parameterize">
+ <summary>Updating the Ranger usersync Log4J properties to include parameterizations</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_TAGSYNC" title="Parameterizing Ranger Tagsync Log4J Properties">
+ <task xsi:type="configure" id="tagsync_log4j_parameterize">
+ <summary>Updating the Ranger tagsync Log4J properties to include parameterizations</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_USERSYNC" title="Apply config changes for Ranger Usersync">
+ <task xsi:type="configure" id="hdp_2_6_0_0_disable_delta_sync_during_upgrade"/>
+ </execute-stage>
+
+ <!--RANGER-KMS-->
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Parameterizing Ranger Kms Log4J Properties">
+ <task xsi:type="configure" id="kms_log4j_parameterize">
+ <summary>Updating the KMS Log4J properties to include parameterizations</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_ranger_kms_duplicate_ssl"/>
+ </execute-stage>
+
<!-- HIVE -->
<execute-stage service="HIVE" component="HIVE_SERVER" title="Apply config changes for Hive Server">
<task xsi:type="configure" id="biginsights_4_2_0_0_hive_env_configure"/>
@@ -254,6 +315,18 @@
</service>
</group>
+ <group xsi:type="restart" name="RANGER" title="Ranger">
+ <service-check>false</service-check>
+ <skippable>true</skippable>
+ <supports-auto-skip-failure>false</supports-auto-skip-failure>
+ <parallel-scheduler/>
+ <service name="RANGER">
+ <component>RANGER_ADMIN</component>
+ <component>RANGER_USERSYNC</component>
+ <component>RANGER_TAGSYNC</component>
+ </service>
+ </group>
+
<group xsi:type="restart" name="HDFS" title="HDFS">
<service-check>false</service-check>
<skippable>true</skippable>
@@ -292,6 +365,16 @@
</execute-stage>
</group>
+ <group xsi:type="restart" name="RANGER_KMS" title="Ranger KMS">
+ <service-check>false</service-check>
+ <skippable>true</skippable>
+ <supports-auto-skip-failure>false</supports-auto-skip-failure>
+ <parallel-scheduler/>
+ <service name="RANGER_KMS">
+ <component>RANGER_KMS_SERVER</component>
+ </service>
+ </group>
+
<group xsi:type="restart" name="KAFKA" title="Kafka">
<service-check>false</service-check>
<skippable>true</skippable>
@@ -374,6 +457,8 @@
<skippable>true</skippable>
<priority>
<service>ZOOKEEPER</service>
+ <service>RANGER</service>
+ <service>RANGER_KMS</service>
<service>HDFS</service>
<service>KAFKA</service>
<service>YARN</service>
@@ -567,6 +652,61 @@
</component>
</service>
+ <service name="RANGER">
+ <component name="RANGER_ADMIN">
+ <pre-upgrade>
+
+ <task xsi:type="execute" hosts="all">
+ <script>scripts/ranger_admin.py</script>
+ <function>set_pre_start</function>
+ </task>
+
+ <task xsi:type="execute" hosts="any">
+ <summary>Upgrading Ranger database schema</summary>
+ <script>scripts/ranger_admin.py</script>
+ <function>setup_ranger_database</function>
+ </task>
+
+ <task xsi:type="configure_function" hosts="all" />
+
+ <task xsi:type="execute" hosts="any">
+ <summary>Applying Ranger java patches</summary>
+ <script>scripts/ranger_admin.py</script>
+ <function>setup_ranger_java_patches</function>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade copy-upgrade="true" />
+
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+
+ </component>
+
+ <component name="RANGER_USERSYNC">
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+ </component>
+
+ <component name="RANGER_TAGSYNC">
+
+ <pre-upgrade>
+ <task xsi:type="execute" hosts="all">
+ <script>scripts/ranger_tagsync.py</script>
+ <function>configure_atlas_user_for_tagsync</function>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade copy-upgrade="true" />
+
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+ </component>
+ </service>
+
<service name="HDFS">
<component name="NAMENODE">
<upgrade>
@@ -605,6 +745,30 @@
</component>
</service>
+ <service name="RANGER_KMS">
+ <component name="RANGER_KMS_SERVER">
+ <pre-upgrade>
+ <task xsi:type="execute" hosts="any" sequential="true">
+ <summary>Upgrading Ranger KMS database schema</summary>
+ <script>scripts/kms_server.py</script>
+ <function>setup_ranger_kms_database</function>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade>
+ <task xsi:type="execute" hosts="any" sequential="true">
+ <summary>Downgrading Ranger KMS database schema</summary>
+ <script>scripts/kms_server.py</script>
+ <function>setup_ranger_kms_database</function>
+ </task>
+ </pre-downgrade>
+
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+ </component>
+ </service>
+
<service name="MAPREDUCE2">
<component name="HISTORYSERVER">
<upgrade>
http://git-wip-us.apache.org/repos/asf/ambari/blob/0cb9194f/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/config-upgrade.xml
index b46f476..070207a 100644
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/config-upgrade.xml
@@ -18,6 +18,98 @@
<upgrade-config-changes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="upgrade-config.xsd">
<services>
+ <service name="RANGER">
+ <component name="RANGER_ADMIN">
+ <changes>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_flag">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db"/>
+ </definition>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties">
+ <type>admin-properties</type>
+ <transfer operation="delete" delete-key="audit_db_name" />
+ <transfer operation="delete" delete-key="audit_db_user" />
+ <transfer operation="delete" delete-key="audit_db_password" />
+ </definition>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site">
+ <type>ranger-admin-site</type>
+ <set key="ranger.audit.source.type" value="solr"/>
+ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.driver" />
+ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.url" />
+ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.user" />
+ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.password" />
+ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.credential.alias" />
+ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.dialect" />
+ </definition>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property">
+ <type>ranger-admin-site</type>
+ <transfer operation="delete" delete-key="ranger.sso.cookiename" />
+ <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" />
+ </definition>
+
+ <definition xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag">
+ <type>ranger-env</type>
+ <set key="is_external_solrCloud_enabled" value="true"
+ if-type="ranger-env" if-key="is_solrCloud_enabled" if-value="true"/>
+ </definition>
+
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="bind_anonymous" />
+ </definition>
+ </changes>
+ </component>
+
+ <component name="RANGER_USERSYNC">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_disable_delta_sync_during_upgrade">
+ <type>ranger-ugsync-site</type>
+ <set key="ranger.usersync.ldap.deltasync" value="false"
+ if-type="ranger-ugsync-site" if-key="ranger.usersync.source.impl.class" if-value="org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder"/>
+ </definition>
+ </changes>
+ </component>
+ </service>
+
+ <service name="RANGER_KMS">
+ <component name="RANGER_KMS_SERVER">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_kms_audit_db">
+ <type>ranger-kms-audit</type>
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db" />
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db.jdbc.url" />
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db.user" />
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db.password" />
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db.jdbc.driver" />
+ <transfer operation="delete" delete-key="xasecure.audit.credential.provider.file" />
+ <transfer operation="delete" delete-key="xasecure.audit.destination.db.batch.filespool.dir" />
+ </definition>
+ <definition xsi:type="configure" id="kms_log4j_parameterize" summary="Parameterizing Ranger KMS Log4J Properties">
+ <type>kms-log4j</type>
+ <set key="ranger_kms_log_maxfilesize" value="256"/>
+ <set key="ranger_kms_log_maxbackupindex" value="20"/>
+ <set key="ranger_kms_audit_log_maxfilesize" value="256"/>
+ <set key="ranger_kms_audit_log_maxbackupindex" value="20"/>
+ <replace key="content" find="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms.MaxFileSize = {{ranger_kms_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms.MaxBackupIndex = {{ranger_kms_log_maxbackupindex}}"/>
+ <replace key="content" find="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms-audit.MaxFileSize = {{ranger_kms_audit_log_maxfilesize}}MB"/>
+ <replace key="content" find="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender" replace-with="log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kms-audit.MaxBackupIndex = {{ranger_kms_audit_log_maxbackupindex}}"/>
+ </definition>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_ranger_kms_duplicate_ssl">
+ <type>ranger-kms-site</type>
+ <transfer operation="delete" delete-key="ranger.https.attrib.keystore.file"
+ if-type="ranger-kms-site" if-key="ranger.service.https.attrib.keystore.file" if-key-state="present"/>
+ <transfer operation="delete" delete-key="ranger.service.https.attrib.clientAuth"
+ if-type="ranger-kms-site" if-key="ranger.service.https.attrib.client.auth" if-key-state="present"/>
+ </definition>
+ </changes>
+ </component>
+ </service>
+
<service name="HDFS">
<component name="NAMENODE">
<changes>
@@ -143,4 +235,6 @@
</component>
</service>
</services>
+
+
</upgrade-config-changes>
http://git-wip-us.apache.org/repos/asf/ambari/blob/0cb9194f/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/nonrolling-upgrade-to-hdp-2.6.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
index b66c234..5b8f8d9 100644
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/upgrades/nonrolling-upgrade-to-hdp-2.6.xml
@@ -25,6 +25,7 @@
<prerequisite-checks>
<check>org.apache.ambari.server.checks.ServicesYarnWorkPreservingCheck</check>
<check>org.apache.ambari.server.checks.JavaVersionCheck</check>
+ <check>org.apache.ambari.server.checks.RangerSSLConfigCheck</check>
<configuration>
<!-- Configuration properties for all pre-reqs including required pre-reqs -->
<check-properties name="org.apache.ambari.server.checks.HiveDynamicServiceDiscoveryCheck">
@@ -117,6 +118,18 @@
<function>prepare_express_upgrade</function>
</task>
</execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Backup Ranger Database">
+ <task xsi:type="manual">
+ <message>Before continuing, please backup the Ranger Admin database on the following host(s): {{hosts.all}}.</message>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Backup Ranger KMS Database">
+ <task xsi:type="manual">
+ <message>Before continuing, please backup Ranger KMS database on the following host(s): {{hosts.all}}.</message>
+ </task>
+ </execute-stage>
</group>
<group xsi:type="stop" name="STOP_LOW_LEVEL_SERVICE_COMPONENTS" title="Stop Components for Core Services">
@@ -140,6 +153,16 @@
<component>NFS_GATEWAY</component>
</service>
+ <service name="RANGER">
+ <component>RANGER_USERSYNC</component>
+ <component>RANGER_ADMIN</component>
+ <component>RANGER_TAGSYNC</component>
+ </service>
+
+ <service name="RANGER_KMS">
+ <component>RANGER_KMS_SERVER</component>
+ </service>
+
<service name="ZOOKEEPER">
<component>ZOOKEEPER_SERVER</component>
</service>
@@ -211,6 +234,70 @@
<execute-stage service="OOZIE" component="OOZIE_SERVER" title="Apply config changes for Oozie server">
<task xsi:type="configure" id="biginsights_4_2_oozie_server_update_environment_tomcat" />
</execute-stage>
+
+ <!-- RANGER -->
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_flag"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Calculating Ranger Properties">
+ <condition xsi:type="security" type="kerberos"/>
+ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerKerberosConfigCalculation">
+ <summary>Calculating Ranger Properties</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Configuring Ranger Alerts">
+ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction">
+ <summary>Configuring Ranger Alerts</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER" component="RANGER_USERSYNC" title="Apply config changes for Ranger Usersync">
+ <task xsi:type="configure" id="hdp_2_6_0_0_disable_delta_sync_during_upgrade"/>
+ </execute-stage>
+
+ <!-- RANGER KMS -->
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS Server">
+ <task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_kms_audit_db"/>
+ </execute-stage>
+
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Parameterizing Ranger Kms Log4J Properties">
+ <task xsi:type="configure" id="kms_log4j_parameterize">
+ <summary>Updating the KMS Log4J properties to include parameterizations</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Calculating Ranger Properties">
+ <condition xsi:type="security" type="kerberos"/>
+ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerKmsProxyConfig">
+ <summary>Adding Ranger proxy user properties</summary>
+ </task>
+ </execute-stage>
+
+ <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_ranger_kms_duplicate_ssl"/>
+ </execute-stage>
</group>
@@ -254,6 +341,18 @@
</service>
</group>
+ <group xsi:type="restart" name="RANGER" title="Ranger">
+ <service-check>false</service-check>
+ <skippable>true</skippable>
+ <supports-auto-skip-failure>false</supports-auto-skip-failure>
+ <parallel-scheduler/>
+ <service name="RANGER">
+ <component>RANGER_ADMIN</component>
+ <component>RANGER_USERSYNC</component>
+ <component>RANGER_TAGSYNC</component>
+ </service>
+ </group>
+
<group xsi:type="restart" name="HDFS" title="HDFS">
<service-check>false</service-check>
<skippable>true</skippable>
@@ -292,6 +391,16 @@
</execute-stage>
</group>
+ <group xsi:type="restart" name="RANGER_KMS" title="Ranger KMS">
+ <service-check>false</service-check>
+ <skippable>true</skippable>
+ <supports-auto-skip-failure>false</supports-auto-skip-failure>
+ <parallel-scheduler/>
+ <service name="RANGER_KMS">
+ <component>RANGER_KMS_SERVER</component>
+ </service>
+ </group>
+
<group xsi:type="restart" name="KAFKA" title="Kafka">
<service-check>false</service-check>
<skippable>true</skippable>
@@ -374,6 +483,8 @@
<skippable>true</skippable>
<priority>
<service>ZOOKEEPER</service>
+ <service>RANGER</service>
+ <service>RANGER_KMS</service>
<service>HDFS</service>
<service>KAFKA</service>
<service>YARN</service>
@@ -567,6 +678,61 @@
</component>
</service>
+ <service name="RANGER">
+ <component name="RANGER_ADMIN">
+ <pre-upgrade>
+
+ <task xsi:type="execute" hosts="all">
+ <script>scripts/ranger_admin.py</script>
+ <function>set_pre_start</function>
+ </task>
+
+ <task xsi:type="execute" hosts="any">
+ <summary>Upgrading Ranger database schema</summary>
+ <script>scripts/ranger_admin.py</script>
+ <function>setup_ranger_database</function>
+ </task>
+
+ <task xsi:type="configure_function" hosts="all" />
+
+ <task xsi:type="execute" hosts="any">
+ <summary>Applying Ranger java patches</summary>
+ <script>scripts/ranger_admin.py</script>
+ <function>setup_ranger_java_patches</function>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade copy-upgrade="true" />
+
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+
+ </component>
+
+ <component name="RANGER_USERSYNC">
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+ </component>
+
+ <component name="RANGER_TAGSYNC">
+
+ <pre-upgrade>
+ <task xsi:type="execute" hosts="all">
+ <script>scripts/ranger_tagsync.py</script>
+ <function>configure_atlas_user_for_tagsync</function>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade copy-upgrade="true" />
+
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+ </component>
+ </service>
+
<service name="HDFS">
<component name="NAMENODE">
<upgrade>
@@ -605,6 +771,30 @@
</component>
</service>
+ <service name="RANGER_KMS">
+ <component name="RANGER_KMS_SERVER">
+ <pre-upgrade>
+ <task xsi:type="execute" hosts="any" sequential="true">
+ <summary>Upgrading Ranger KMS database schema</summary>
+ <script>scripts/kms_server.py</script>
+ <function>setup_ranger_kms_database</function>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade>
+ <task xsi:type="execute" hosts="any" sequential="true">
+ <summary>Downgrading Ranger KMS database schema</summary>
+ <script>scripts/kms_server.py</script>
+ <function>setup_ranger_kms_database</function>
+ </task>
+ </pre-downgrade>
+
+ <upgrade>
+ <task xsi:type="restart-task"/>
+ </upgrade>
+ </component>
+ </service>
+
<service name="MAPREDUCE2">
<component name="HISTORYSERVER">
<upgrade>