You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2017/05/12 14:36:59 UTC
[20/26] ambari git commit: AMBARI-20985. HDP 3.0 TP - create service
definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
new file mode 100644
index 0000000..b849d58
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
@@ -0,0 +1,217 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import setup_ranger_audit_solr, setup_ranger_admin_passwd_change
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+import upgrade
+import os, errno
+
+class RangerAdmin(Script):
+
+ def get_component_name(self):
+ return "ranger-admin"
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+ # call config and setup db only in case of HDP version < 2.6
+ if not params.stack_supports_ranger_setup_db_on_start:
+ self.configure(env, setup_db=True)
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_rolling_upgrade and not params.stack_supports_config_versioning and os.path.isfile(format('{ranger_home}/ews/stop-ranger-admin.sh')):
+ File(format('{ranger_home}/ews/stop-ranger-admin.sh'),
+ owner=params.unix_user,
+ group = params.unix_group
+ )
+
+ Execute(format('{params.ranger_stop}'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ if params.stack_supports_pid:
+ File(params.ranger_admin_pid_file,
+ action = "delete"
+ )
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ upgrade.prestart(env, "ranger-admin")
+
+ self.set_ru_rangeradmin_in_progress(params.upgrade_marker_file)
+
+ def post_upgrade_restart(self,env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if os.path.isfile(params.upgrade_marker_file):
+ os.remove(params.upgrade_marker_file)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ # setup db only if in case HDP version is > 2.6
+ self.configure(env, upgrade_type=upgrade_type, setup_db=params.stack_supports_ranger_setup_db_on_start)
+
+ if params.stack_supports_infra_client and params.audit_solr_enabled and params.is_solrCloud_enabled:
+ solr_cloud_util.setup_solr_client(params.config, custom_log4j = params.custom_log4j)
+ setup_ranger_audit_solr()
+
+ ranger_service('ranger_admin')
+
+
+ def status(self, env):
+ import status_params
+
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_admin_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ if self.is_ru_rangeradmin_in_progress(status_params.upgrade_marker_file):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Logger.debug('Ranger admin process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def configure(self, env, upgrade_type=None, setup_db=False):
+ import params
+ env.set_params(params)
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import ranger
+ else:
+ from setup_ranger import ranger
+
+ # set up db if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db()
+
+ ranger('ranger_admin', upgrade_type=upgrade_type)
+
+ # set up java patches if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch()
+
+ if params.stack_supports_ranger_admin_password_change:
+ setup_ranger_admin_passwd_change()
+
+ def set_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ config_dir = os.path.dirname(upgrade_marker_file)
+ try:
+ msg = "Starting Upgrade"
+ if (not os.path.exists(config_dir)):
+ os.makedirs(config_dir)
+ ofp = open(upgrade_marker_file, 'w')
+ ofp.write(msg)
+ ofp.close()
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(config_dir):
+ pass
+ else:
+ raise
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+ def setup_ranger_database(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.xml_configurations_supported and params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Setting Ranger database schema, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db(stack_version=stack_version)
+
+ def setup_ranger_java_patches(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.xml_configurations_supported and params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Applying Ranger java patches, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch(stack_version=stack_version)
+
+ def set_pre_start(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-admin", stack_version)
+ conf_select.select(stack_name, "ranger-admin", stack_version)
+
+ def get_log_folder(self):
+ import params
+ return params.admin_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerAdmin().execute()
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
new file mode 100644
index 0000000..0355049
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.show_logs import show_logs
+from resource_management.core.resources.system import Execute
+
+def ranger_service(name, action=None):
+ import params
+
+ env_dict = {'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_lib_path}
+
+ if name == 'ranger_admin':
+ no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
+ try:
+ Execute(params.ranger_start, environment=env_dict, user=params.unix_user, not_if=no_op_test)
+ except:
+ show_logs(params.admin_log_dir, params.unix_user)
+ raise
+ elif name == 'ranger_usersync':
+ no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
+ if params.stack_supports_usersync_non_root:
+ try:
+ Execute(params.usersync_start,
+ environment=env_dict,
+ not_if=no_op_test,
+ user=params.unix_user
+ )
+ except:
+ show_logs(params.usersync_log_dir, params.unix_user)
+ raise
+ else:
+ # Usersync requires to be run as root for 2.2
+ Execute((params.usersync_start,),
+ environment={'JAVA_HOME': params.java_home},
+ not_if=no_op_test,
+ sudo=True
+ )
+ elif name == 'ranger_tagsync' and params.stack_supports_ranger_tagsync:
+ no_op_test = format('ps -ef | grep proc_rangertagsync | grep -v grep')
+ cmd = format('{tagsync_services_file} start')
+ try:
+ Execute(cmd,
+ environment=env_dict,
+ user=params.unix_user,
+ not_if=no_op_test
+ )
+ except:
+ show_logs(params.tagsync_log_dir, params.unix_user)
+ raise
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
new file mode 100644
index 0000000..008fb99
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
@@ -0,0 +1,139 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.core.resources.system import Execute, File
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import ranger, ranger_credential_helper
+from resource_management.core.exceptions import Fail
+import upgrade
+
+class RangerTagsync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'tagadmin.user.password', 'rangertagsync', params.tagsync_jceks_path)
+ File(params.tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ ranger('ranger_tagsync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_tagsync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ Execute(format('{tagsync_services_file} stop'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ File(params.tagsync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ check_process_status(status_params.tagsync_pid_file)
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_ranger_tagsync:
+ Logger.info("Executing Ranger Tagsync Stack Upgrade pre-restart")
+ conf_select.select(params.stack_name, "ranger-tagsync", params.version)
+ stack_select.select("ranger-tagsync", params.version)
+
+ def get_component_name(self):
+ return "ranger-tagsync"
+
+ def get_log_folder(self):
+ import params
+ return params.tagsync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+ def get_pid_files(self):
+ import status_params
+ return [status_params.tagsync_pid_file]
+
+ def configure_atlas_user_for_tagsync(self, env):
+ Logger.info("Configuring Atlas user for Tagsync service.")
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-tagsync", stack_version)
+ conf_select.select(stack_name, "ranger-tagsync", stack_version)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Upgrading Tagsync, stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Upgrading Tagsync, stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ Logger.info("Configuring Atlas user for Tagsync service done.")
+
+ def create_atlas_user_keystore(self,env):
+ import params
+ env.set_params(params)
+ ranger_credential_helper(params.tagsync_cred_lib, 'atlas.user.password', 'admin', params.atlas_tagsync_jceks_path)
+ File(params.atlas_tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+if __name__ == "__main__":
+ RangerTagsync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
new file mode 100644
index 0000000..b9366f6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
@@ -0,0 +1,124 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+import upgrade
+import os
+
+class RangerUsersync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_usersync_passwd:
+ from setup_ranger_xml import ranger_credential_helper
+ ranger_credential_helper(params.ugsync_cred_lib, params.ugsync_policymgr_alias, 'rangerusersync', params.ugsync_policymgr_keystore)
+
+ File(params.ugsync_policymgr_keystore,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if params.xml_configurations_supported:
+ from setup_ranger_xml import ranger
+ else:
+ from setup_ranger import ranger
+
+ ranger('ranger_usersync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_usersync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_usersync_non_root and os.path.isfile(params.usersync_services_file):
+ File(params.usersync_services_file,
+ mode = 0755
+ )
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True
+ )
+
+ Execute((params.usersync_stop,), environment={'JAVA_HOME': params.java_home}, sudo=True)
+ if params.stack_supports_pid:
+ File(params.ranger_usersync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_usersync_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ Logger.debug('Ranger usersync process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ upgrade.prestart(env, "ranger-usersync")
+
+ def get_component_name(self):
+ return "ranger-usersync"
+
+ def get_log_folder(self):
+ import params
+ return params.usersync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerUsersync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
new file mode 100644
index 0000000..fb6af95
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
@@ -0,0 +1,49 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+import os
+
+
+class RangerServiceCheck(Script):
+
+ def service_check(self, env):
+ import params
+
+ env.set_params(params)
+ self.check_ranger_admin_service(params.ranger_external_url, params.upgrade_marker_file)
+
+ def check_ranger_admin_service(self, ranger_external_url, upgrade_marker_file):
+ if (self.is_ru_rangeradmin_in_progress(upgrade_marker_file)):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp | grep 200"),
+ tries = 10,
+ try_sleep=3,
+ logoutput=True)
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+if __name__ == "__main__":
+ RangerServiceCheck().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
new file mode 100644
index 0000000..b0e8bad
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
@@ -0,0 +1,153 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import sys
+import fileinput
+import os
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.resources.properties_file import PropertiesFile
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.core.source import DownloadSource
+from resource_management.core.logger import Logger
+from resource_management.core.shell import as_sudo
+from resource_management.core.exceptions import Fail
+from resource_management.core.resources.system import Directory, Execute, File
+
+
+def ranger(name=None, upgrade_type=None):
+ if name == 'ranger_admin':
+ setup_ranger_admin(upgrade_type=upgrade_type)
+
+ if name == 'ranger_usersync':
+ setup_usersync(upgrade_type=upgrade_type)
+
+def setup_ranger_admin(upgrade_type=None):
+ import params
+
+ check_db_connnection()
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(params.driver_curl_target, mode=0644)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = params.config['configurations']['admin-properties']
+ )
+
+ custom_config = dict()
+ custom_config['unix_user'] = params.unix_user
+ custom_config['unix_group'] = params.unix_group
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties=custom_config
+ )
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')}
+ )
+
+ ##if db flavor == oracle - set oracle home env variable
+ if params.db_flavor.lower() == 'oracle' and params.oracle_home:
+ env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
+ else:
+ env_dict = {'JAVA_HOME': params.java_home}
+
+ setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
+ Execute(setup_sh,
+ environment=env_dict,
+ logoutput=True,
+ )
+
+ ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"),
+ properties = params.config['configurations']['ranger-site'],
+ )
+
+ ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"),
+ properties = params.config['configurations']['ranger-site'],
+ mode=0744
+ )
+
+ Directory(params.admin_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+def setup_usersync(upgrade_type=None):
+ import params
+
+ PropertiesFile(format("{usersync_home}/install.properties"),
+ properties = params.config['configurations']['usersync-properties'],
+ )
+
+ custom_config = dict()
+ custom_config['unix_user'] = params.unix_user
+ custom_config['unix_group'] = params.unix_group
+
+ ModifyPropertiesFile(format("{usersync_home}/install.properties"),
+ properties=custom_config
+ )
+
+ cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')])
+ Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+
+ File([params.usersync_start, params.usersync_stop],
+ owner = params.unix_user
+ )
+ File(params.usersync_services_file,
+ mode = 0755,
+ )
+
+ Directory(params.usersync_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+def check_db_connnection():
+ import params
+
+ Logger.info('Checking DB connection')
+ env_dict = {}
+ if params.db_flavor.lower() == 'mysql':
+ cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password!p} -h {db_host} -s -e "select version();"')
+ elif params.db_flavor.lower() == 'oracle':
+ cmd = format("{sql_command_invoker} '{db_root_user}/\"{db_root_password}\"@{db_host}' AS SYSDBA")
+ env_dict = {'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
+ elif params.db_flavor.lower() == 'postgres':
+ cmd = 'true'
+ elif params.db_flavor.lower() == 'mssql':
+ cmd = 'true'
+
+ try:
+ Execute(cmd,
+ environment=env_dict,
+ logoutput=True)
+ except Fail as ex:
+ Logger.error(str(ex))
+ raise Fail('Ranger Database connection check failed')
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
new file mode 100644
index 0000000..26e6578
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
@@ -0,0 +1,853 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+import re
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.default import default
+from resource_management.core.logger import Logger
+from resource_management.core.resources.system import File, Directory, Execute, Link
+from resource_management.core.source import DownloadSource, InlineTemplate, Template
+from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.libraries.resources.properties_file import PropertiesFile
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.decorator import retry
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.core.utils import PasswordString
+from resource_management.core.shell import as_sudo
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.core.exceptions import ExecutionFailed
+
+# This file contains functions used for setup/configure of Ranger Admin and Ranger Usersync.
+# The design is to mimic what is done by the setup.sh script bundled by Ranger component currently.
+
+def ranger(name=None, upgrade_type=None):
+ """
+ parameter name: name of ranger service component
+ """
+ if name == 'ranger_admin':
+ setup_ranger_admin(upgrade_type=upgrade_type)
+
+ if name == 'ranger_usersync':
+ setup_usersync(upgrade_type=upgrade_type)
+
+ if name == 'ranger_tagsync':
+ setup_tagsync(upgrade_type=upgrade_type)
+
+def setup_ranger_admin(upgrade_type=None):
+ import params
+
+ if upgrade_type is None:
+ upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
+
+ ranger_home = params.ranger_home
+ ranger_conf = params.ranger_conf
+
+ Directory(ranger_conf,
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True
+ )
+
+ copy_jdbc_connector()
+
+ File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
+ content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
+ mode = 0644,
+ )
+
+ cp = format("{check_db_connection_jar}")
+ if params.db_flavor.lower() == 'sqla':
+ cp = cp + os.pathsep + format("{ranger_home}/ews/lib/sajdbc4.jar")
+ else:
+ cp = cp + os.pathsep + format("{driver_curl_target}")
+ cp = cp + os.pathsep + format("{ranger_home}/ews/lib/*")
+
+ db_connection_check_command = format(
+ "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_jdbc_connection_url}' {ranger_db_user} {ranger_db_password!p} {ranger_jdbc_driver}")
+
+ env_dict = {}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
+
+ Execute(('ln','-sf', format('{ranger_home}/ews/webapp/WEB-INF/classes/conf'), format('{ranger_home}/conf')),
+ not_if=format("ls {ranger_home}/conf"),
+ only_if=format("ls {ranger_home}/ews/webapp/WEB-INF/classes/conf"),
+ sudo=True)
+
+ if upgrade_type is not None:
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+ dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+ dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ Directory(format('{ranger_home}/'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ recursive_ownership = True,
+ )
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_conf}/ranger-admin-env-piddir.sh'),
+ content = format("export RANGER_PID_DIR_PATH={ranger_pid_dir}\nexport RANGER_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.admin_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True,
+ cd_access='a',
+ mode=0755
+ )
+
+ File(format('{ranger_conf}/ranger-admin-env-logdir.sh'),
+ content = format("export RANGER_ADMIN_LOG_DIR={admin_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ if os.path.isfile(params.ranger_admin_default_file):
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+ else:
+ Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.ranger_admin_default_file, ranger_conf))
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+ dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.security_app_context_file):
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+ else:
+ Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.security_app_context_file, ranger_conf))
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+ dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+
+ if upgrade_type is not None and params.stack_supports_config_versioning:
+ if os.path.islink('/usr/bin/ranger-admin'):
+ Link('/usr/bin/ranger-admin', action="delete")
+
+ Link('/usr/bin/ranger-admin',
+ to=format('{ranger_home}/ews/ranger-admin-services.sh'))
+
+ if default("/configurations/ranger-admin-site/ranger.authentication.method", "") == 'PAM':
+ d = '/etc/pam.d'
+ if os.path.isdir(d):
+ if os.path.isfile(os.path.join(d, 'ranger-admin')):
+ Logger.info('ranger-admin PAM file already exists.')
+ else:
+ File(format('{d}/ranger-admin'),
+ content=Template('ranger_admin_pam.j2'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0644
+ )
+ if os.path.isfile(os.path.join(d, 'ranger-remote')):
+ Logger.info('ranger-remote PAM file already exists.')
+ else:
+ File(format('{d}/ranger-remote'),
+ content=Template('ranger_remote_pam.j2'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0644
+ )
+ else:
+ Logger.error("Unable to use PAM authentication, /etc/pam.d/ directory does not exist.")
+
+ Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
+ not_if=format("ls /usr/bin/ranger-admin"),
+ only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
+ sudo=True)
+
+ # remove plain-text password from xml configs
+
+ ranger_admin_site_copy = {}
+ ranger_admin_site_copy.update(params.config['configurations']['ranger-admin-site'])
+ for prop in params.ranger_admin_password_properties:
+ if prop in ranger_admin_site_copy:
+ ranger_admin_site_copy[prop] = "_"
+
+ XmlConfig("ranger-admin-site.xml",
+ conf_dir=ranger_conf,
+ configurations=ranger_admin_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-admin-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ Directory(os.path.join(ranger_conf,'ranger_jaas'),
+ mode=0700,
+ owner=params.unix_user,
+ group=params.unix_group,
+ )
+
+ if params.stack_supports_ranger_log4j:
+ File(format('{ranger_home}/ews/webapp/WEB-INF/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.admin_log4j),
+ mode=0644
+ )
+
+ do_keystore_setup(upgrade_type=upgrade_type)
+
+ create_core_site_xml(ranger_conf)
+
+ if params.stack_supports_ranger_kerberos and params.security_enabled:
+ if params.is_hbase_ha_enabled and params.ranger_hbase_plugin_enabled:
+ XmlConfig("hbase-site.xml",
+ conf_dir=ranger_conf,
+ configurations=params.config['configurations']['hbase-site'],
+ configuration_attributes=params.config['configuration_attributes']['hbase-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+ if params.is_namenode_ha_enabled and params.ranger_hdfs_plugin_enabled:
+ XmlConfig("hdfs-site.xml",
+ conf_dir=ranger_conf,
+ configurations=params.config['configurations']['hdfs-site'],
+ configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+def setup_ranger_db(stack_version=None):
+ import params
+
+ ranger_home = params.ranger_home
+ version = params.version
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+ version = stack_version
+
+ copy_jdbc_connector(stack_version=version)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'audit_store': params.ranger_audit_source_type},
+ owner = params.unix_user,
+ )
+
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ # User wants us to setup the DB user and DB?
+ if params.create_db_dbuser:
+ Logger.info('Setting up Ranger DB and DB User')
+ dba_setup = format('ambari-python-wrap {ranger_home}/dba_script.py -q')
+ Execute(dba_setup,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+ else:
+ Logger.info('Separate DBA property not set. Assuming Ranger DB and DB User exists!')
+
+ db_setup = format('ambari-python-wrap {ranger_home}/db_setup.py')
+ Execute(db_setup,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+
+
+def setup_java_patch(stack_version=None):
+ import params
+
+ ranger_home = params.ranger_home
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ setup_java_patch = format('ambari-python-wrap {ranger_home}/db_setup.py -javapatch')
+ Execute(setup_java_patch,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+
+
+def do_keystore_setup(upgrade_type=None):
+ import params
+
+ ranger_home = params.ranger_home
+ cred_lib_path = params.cred_lib_path
+
+ if not is_empty(params.ranger_credential_provider_path):
+ ranger_credential_helper(cred_lib_path, params.ranger_jpa_jdbc_credential_alias, params.ranger_ambari_db_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
+ ranger_credential_helper(cred_lib_path, params.ranger_jpa_audit_jdbc_credential_alias, params.ranger_ambari_audit_db_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.ranger_auth_method.upper() == "LDAP":
+ ranger_credential_helper(params.cred_lib_path, params.ranger_ldap_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.ranger_auth_method.upper() == "ACTIVE_DIRECTORY":
+ ranger_credential_helper(params.cred_lib_path, params.ranger_ad_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.stack_supports_secure_ssl_password:
+ ranger_credential_helper(params.cred_lib_path, params.ranger_truststore_alias, params.truststore_password, params.ranger_credential_provider_path)
+
+ if params.https_enabled and not params.http_enabled:
+ ranger_credential_helper(params.cred_lib_path, params.ranger_https_keystore_alias, params.https_keystore_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+def password_validation(password):
+ import params
+ if password.strip() == "":
+ raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+ if re.search("[\\\`'\"]",password):
+ raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `")
+ else:
+ Logger.info("password validated")
+
+def copy_jdbc_connector(stack_version=None):
+ import params
+
+ if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
+ error_message = format("{db_flavor} jdbc driver cannot be downloaded from {jdk_location}\nPlease run 'ambari-server setup --jdbc-db={db_flavor} --jdbc-driver={{path_to_jdbc}}' on ambari-server host.")
+ raise Fail(error_message)
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ ranger_home = params.ranger_home
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+
+ driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+
+ if params.db_flavor.lower() == 'sqla':
+ Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
+
+ Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(ranger_home, 'ews', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(ranger_home, 'ews', 'lib', 'sajdbc4.jar'), mode=0644)
+
+ Directory(params.jdbc_libs_dir,
+ cd_access="a",
+ create_parents=True)
+
+ Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
+ path=["/bin", "/usr/bin/"])
+ else:
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(ranger_home, 'ews', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(ranger_home, 'ews', 'lib',params.jdbc_jar_name), mode=0644)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = params.config['configurations']['admin-properties'],
+ owner = params.unix_user,
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{ranger_home}/ews/lib/sajdbc4.jar')},
+ owner = params.unix_user,
+ )
+ else:
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
+ owner = params.unix_user,
+ )
+
+def setup_usersync(upgrade_type=None):
+ import params
+
+ usersync_home = params.usersync_home
+ ranger_home = params.ranger_home
+ ranger_ugsync_conf = params.ranger_ugsync_conf
+
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_ugsync_conf}/ranger-usersync-env-piddir.sh'),
+ content = format("export USERSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_USERSYNC_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.usersync_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group,
+ cd_access = 'a',
+ create_parents=True,
+ mode=0755,
+ recursive_ownership = True
+ )
+
+ File(format('{ranger_ugsync_conf}/ranger-usersync-env-logdir.sh'),
+ content = format("export logdir={usersync_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(format("{ranger_ugsync_conf}/"),
+ owner = params.unix_user
+ )
+
+ if upgrade_type is not None:
+ src_file = format('{usersync_home}/conf.dist/ranger-ugsync-default.xml')
+ dst_file = format('{usersync_home}/conf/ranger-ugsync-default.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ if params.stack_supports_ranger_log4j:
+ File(format('{usersync_home}/conf/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.usersync_log4j),
+ mode=0644
+ )
+ elif upgrade_type is not None and not params.stack_supports_ranger_log4j:
+ src_file = format('{usersync_home}/conf.dist/log4j.xml')
+ dst_file = format('{usersync_home}/conf/log4j.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ # remove plain-text password from xml configs
+ ranger_ugsync_site_copy = {}
+ ranger_ugsync_site_copy.update(params.config['configurations']['ranger-ugsync-site'])
+ for prop in params.ranger_usersync_password_properties:
+ if prop in ranger_ugsync_site_copy:
+ ranger_ugsync_site_copy[prop] = "_"
+
+ XmlConfig("ranger-ugsync-site.xml",
+ conf_dir=ranger_ugsync_conf,
+ configurations=ranger_ugsync_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-ugsync-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ if os.path.isfile(params.ranger_ugsync_default_file):
+ File(params.ranger_ugsync_default_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.usgsync_log4j_file):
+ File(params.usgsync_log4j_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.cred_validator_file):
+ File(params.cred_validator_file, group=params.unix_group, mode=04555)
+
+ ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.key.password', params.ranger_usersync_keystore_password, params.ugsync_jceks_path)
+
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ ranger_credential_helper(params.ugsync_cred_lib, 'ranger.usersync.ldap.bindalias', params.ranger_usersync_ldap_ldapbindpassword, params.ugsync_jceks_path)
+
+ ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.truststore.password', params.ranger_usersync_truststore_password, params.ugsync_jceks_path)
+
+ File(params.ugsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ File([params.usersync_start, params.usersync_stop],
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+ File(params.usersync_services_file,
+ mode = 0755,
+ )
+
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True)
+
+ if not os.path.isfile(params.ranger_usersync_keystore_file):
+ cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass {ranger_usersync_keystore_password!p} -storepass {ranger_usersync_keystore_password!p} -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
+
+ Execute(cmd, logoutput=True, user = params.unix_user)
+
+ File(params.ranger_usersync_keystore_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ create_core_site_xml(ranger_ugsync_conf)
+
+def setup_tagsync(upgrade_type=None):
+ import params
+
+ ranger_tagsync_home = params.ranger_tagsync_home
+ ranger_home = params.ranger_home
+ ranger_tagsync_conf = params.ranger_tagsync_conf
+
+ Directory(format("{ranger_tagsync_conf}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True
+ )
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ create_parents=True,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_tagsync_conf}/ranger-tagsync-env-piddir.sh'),
+ content = format("export TAGSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_TAGSYNC_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.tagsync_log_dir,
+ create_parents = True,
+ owner = params.unix_user,
+ group = params.unix_group,
+ cd_access = "a",
+ mode=0755
+ )
+
+ File(format('{ranger_tagsync_conf}/ranger-tagsync-env-logdir.sh'),
+ content = format("export RANGER_TAGSYNC_LOG_DIR={tagsync_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ XmlConfig("ranger-tagsync-site.xml",
+ conf_dir=ranger_tagsync_conf,
+ configurations=params.config['configurations']['ranger-tagsync-site'],
+ configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack supports tagsync-ssl configurations, performing the same.")
+ setup_tagsync_ssl_configs()
+ else:
+ Logger.info("Stack doesnt support tagsync-ssl configurations, skipping the same.")
+
+ PropertiesFile(format('{ranger_tagsync_conf}/atlas-application.properties'),
+ properties = params.tagsync_application_properties,
+ mode=0755,
+ owner=params.unix_user,
+ group=params.unix_group
+ )
+
+ File(format('{ranger_tagsync_conf}/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.tagsync_log4j),
+ mode=0644
+ )
+
+ File(params.tagsync_services_file,
+ mode = 0755,
+ )
+
+ Execute(('ln','-sf', format('{tagsync_services_file}'),'/usr/bin/ranger-tagsync'),
+ not_if=format("ls /usr/bin/ranger-tagsync"),
+ only_if=format("ls {tagsync_services_file}"),
+ sudo=True)
+
+ create_core_site_xml(ranger_tagsync_conf)
+
+def ranger_credential_helper(lib_path, alias_key, alias_value, file_path):
+ import params
+
+ java_bin = format('{java_home}/bin/java')
+ file_path = format('jceks://file{file_path}')
+ cmd = (java_bin, '-cp', lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', alias_key, '-value', PasswordString(alias_value), '-provider', file_path)
+ Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+def create_core_site_xml(conf_dir):
+ import params
+
+ if params.stack_supports_ranger_kerberos:
+ if params.has_namenode:
+ XmlConfig("core-site.xml",
+ conf_dir=conf_dir,
+ configurations=params.config['configurations']['core-site'],
+ configuration_attributes=params.config['configuration_attributes']['core-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+ else:
+ Logger.warning('HDFS service not installed. Creating core-site.xml file.')
+ XmlConfig("core-site.xml",
+ conf_dir=conf_dir,
+ configurations=params.core_site_property,
+ configuration_attributes={},
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+def setup_ranger_audit_solr():
+ import params
+
+ if params.security_enabled and params.stack_supports_ranger_kerberos:
+
+ if params.solr_jaas_file is not None:
+ File(format("{solr_jaas_file}"),
+ content=Template("ranger_solr_jaas_conf.j2"),
+ owner=params.unix_user
+ )
+ try:
+ check_znode()
+
+ if params.stack_supports_ranger_solr_configs:
+ Logger.info('Solr configrations supported,creating solr-configurations.')
+ File(format("{ranger_solr_conf}/solrconfig.xml"),
+ content=InlineTemplate(params.ranger_solr_config_content),
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+ solr_cloud_util.upload_configuration_to_zk(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ config_set = params.ranger_solr_config_set,
+ config_set_dir = params.ranger_solr_conf,
+ tmp_dir = params.tmp_dir,
+ java64_home = params.java_home,
+ solrconfig_content = InlineTemplate(params.ranger_solr_config_content),
+ jaas_file=params.solr_jaas_file,
+ retry=30, interval=5
+ )
+
+ else:
+ Logger.info('Solr configrations not supported, skipping solr-configurations.')
+ solr_cloud_util.upload_configuration_to_zk(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ config_set = params.ranger_solr_config_set,
+ config_set_dir = params.ranger_solr_conf,
+ tmp_dir = params.tmp_dir,
+ java64_home = params.java_home,
+ jaas_file=params.solr_jaas_file,
+ retry=30, interval=5)
+
+ if params.security_enabled and params.has_infra_solr \
+ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
+
+ solr_cloud_util.add_solr_roles(params.config,
+ roles = [params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
+ new_service_principals = [params.ranger_admin_jaas_principal])
+ service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'),
+ ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')]
+ service_principals = get_ranger_plugin_principals(service_default_principals_map)
+ solr_cloud_util.add_solr_roles(params.config,
+ roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
+ new_service_principals = service_principals)
+
+
+ solr_cloud_util.create_collection(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ collection = params.ranger_solr_collection_name,
+ config_set = params.ranger_solr_config_set,
+ java64_home = params.java_home,
+ shards = params.ranger_solr_shards,
+ replication_factor = int(params.replication_factor),
+ jaas_file = params.solr_jaas_file)
+
+ if params.security_enabled and params.has_infra_solr \
+ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
+ secure_znode(format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file)
+ secure_znode(format('{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file)
+ except ExecutionFailed as execution_exception:
+ Logger.error('Error when configuring Solr for Ranger, Kindly check Solr/Zookeeper services to be up and running:\n {0}'.format(execution_exception))
+
+def setup_ranger_admin_passwd_change():
+ import params
+
+ if params.admin_password != params.default_admin_password:
+ cmd = format('ambari-python-wrap {ranger_home}/db_setup.py -changepassword {admin_username} {default_admin_password!p} {admin_password!p}')
+ Logger.info('Updating admin password')
+ Execute(cmd, environment={'JAVA_HOME': params.java_home, 'RANGER_ADMIN_HOME': params.ranger_home}, user=params.unix_user)
+
+@retry(times=10, sleep_time=5, err_class=Fail)
+def check_znode():
+ import params
+ solr_cloud_util.check_znode(
+ zookeeper_quorum=params.zookeeper_quorum,
+ solr_znode=params.solr_znode,
+ java64_home=params.java_home)
+
+def secure_znode(znode, jaasFile):
+ import params
+ solr_cloud_util.secure_znode(config=params.config, zookeeper_quorum=params.zookeeper_quorum,
+ solr_znode=znode,
+ jaas_file=jaasFile,
+ java64_home=params.java_home, sasl_users=[params.ranger_admin_jaas_principal])
+
+def get_ranger_plugin_principals(services_defaults_tuple_list):
+ """
+ Get ranger plugin user principals from service-default value maps using ranger-*-audit configurations
+ """
+ import params
+ user_principals = []
+ if len(services_defaults_tuple_list) < 1:
+ raise Exception("Services - defaults map parameter is missing.")
+
+ for (service, default_value) in services_defaults_tuple_list:
+ user_principal = default(format("configurations/ranger-{service}-audit/xasecure.audit.jaas.Client.option.principal"), default_value)
+ user_principals.append(user_principal)
+ return user_principals
+
+
+def setup_tagsync_ssl_configs():
+ import params
+ Directory(params.security_store_path,
+ cd_access="a",
+ create_parents=True)
+
+ Directory(params.tagsync_etc_path,
+ cd_access="a",
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0775,
+ create_parents=True)
+
+ # remove plain-text password from xml configs
+ ranger_tagsync_policymgr_ssl_copy = {}
+ ranger_tagsync_policymgr_ssl_copy.update(params.config['configurations']['ranger-tagsync-policymgr-ssl'])
+ for prop in params.ranger_tagsync_password_properties:
+ if prop in ranger_tagsync_policymgr_ssl_copy:
+ ranger_tagsync_policymgr_ssl_copy[prop] = "_"
+
+ XmlConfig("ranger-policymgr-ssl.xml",
+ conf_dir=params.ranger_tagsync_conf,
+ configurations=ranger_tagsync_policymgr_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-policymgr-ssl'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.ranger_tagsync_keystore_password, params.ranger_tagsync_credential_file)
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.ranger_tagsync_truststore_password, params.ranger_tagsync_credential_file)
+
+ File(params.ranger_tagsync_credential_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ # remove plain-text password from xml configs
+ atlas_tagsync_ssl_copy = {}
+ atlas_tagsync_ssl_copy.update(params.config['configurations']['atlas-tagsync-ssl'])
+ for prop in params.ranger_tagsync_password_properties:
+ if prop in atlas_tagsync_ssl_copy:
+ atlas_tagsync_ssl_copy[prop] = "_"
+
+ XmlConfig("atlas-tagsync-ssl.xml",
+ conf_dir=params.ranger_tagsync_conf,
+ configurations=atlas_tagsync_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['atlas-tagsync-ssl'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.atlas_tagsync_keystore_password, params.atlas_tagsync_credential_file)
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.atlas_tagsync_truststore_password, params.atlas_tagsync_credential_file)
+
+ File(params.atlas_tagsync_credential_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ Logger.info("Configuring tagsync-ssl configurations done successfully.")
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
new file mode 100644
index 0000000..842430b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
+ranger_pid_dir = config['configurations']['ranger-env']['ranger_pid_dir']
+tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
+stack_name = default("/hostLevelParams/stack_name", None)
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
+ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
+stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_PID_SUPPORT, stack_version_formatted)
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
new file mode 100644
index 0000000..a07a1fd
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
@@ -0,0 +1,31 @@
+
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions.format import format
+
+def prestart(env, stack_component):
+ import params
+
+ if params.version and params.stack_supports_rolling_upgrade:
+ conf_select.select(params.stack_name, stack_component, params.version)
+ stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
new file mode 100644
index 0000000..6c5bb1f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
@@ -0,0 +1,79 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+{
+ "input":[
+ {
+ "type":"ranger_admin",
+ "rowtype":"service",
+ "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/xa_portal.log"
+ },
+ {
+ "type":"ranger_dbpatch",
+ "is_enabled":"true",
+ "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/ranger_db_patch.log"
+ },
+ {
+ "type":"ranger_usersync",
+ "rowtype":"service",
+ "path":"{{default('/configurations/ranger-env/ranger_usersync_log_dir', '/var/log/ranger/usersync')}}/usersync.log"
+ }
+ ],
+ "filter":[
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_admin",
+ "ranger_dbpatch"
+ ]
+ }
+ },
+ "log4j_format":"%d [%t] %-5p %C{6} (%F:%L) - %m%n",
+ "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
+ "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\(%{JAVAFILE:file}:%{INT:line_number}\\)%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
+ }
+ }
+ }
+ },
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_usersync"
+ ]
+ }
+ },
+ "log4j_format":"%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n",
+ "multiline_pattern":"^(%{USER_SYNC_DATE:logtime})",
+ "message_pattern":"(?m)^%{USER_SYNC_DATE:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"dd MMM yyyy HH:mm:ss"
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth sufficient pam_sss.so
+account sufficient pam_unix.so
+account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth sufficient pam_sss.so
+account sufficient pam_unix.so
+account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
new file mode 100644
index 0000000..a456688
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
@@ -0,0 +1,26 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ useTicketCache=false
+ keyTab="{{solr_kerberos_keytab}}"
+ principal="{{solr_kerberos_principal}}";
+};
\ No newline at end of file