You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2015/04/15 09:33:30 UTC
incubator-ranger git commit: RANGER-247: combined setup of ranger-kms
with kms-authz-plugin
Repository: incubator-ranger
Updated Branches:
refs/heads/master 917833cd3 -> d6cce39bb
RANGER-247: combined setup of ranger-kms with kms-authz-plugin
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d6cce39b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d6cce39b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d6cce39b
Branch: refs/heads/master
Commit: d6cce39bbf626fad6150eb85c8766daf5b995917
Parents: 917833c
Author: sneethiraj <sn...@apache.org>
Authored: Wed Apr 15 03:31:03 2015 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Wed Apr 15 03:31:03 2015 -0400
----------------------------------------------------------------------
kms/scripts/db_setup.py | 2 +-
kms/scripts/dba_script.py | 29 ++
kms/scripts/install.properties | 109 +++++-
kms/scripts/kms-initd | 78 ----
kms/scripts/ranger-kms | 48 ++-
kms/scripts/ranger-kms-services.sh | 4 +-
kms/scripts/setup.sh | 61 +++-
.../apache/hadoop/crypto/key/RangerKMSDB.java | 2 +
.../crypto/key/RangerKeyStoreProvider.java | 12 +-
plugin-kms/scripts/enable-kms-plugin.sh | 39 +-
plugin-kms/scripts/install.properties | 112 ------
plugin-kms/scripts/install.sh | 364 -------------------
.../scripts/kms-plugin-install.properties | 23 --
plugin-kms/scripts/uninstall.sh | 70 ----
pom.xml | 2 +-
src/main/assembly/kms.xml | 25 +-
16 files changed, 253 insertions(+), 727 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index b022e08..f9a14e0 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -62,7 +62,7 @@ def populate_global_dict():
read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties'))
elif os_name == "WINDOWS":
read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties'))
- library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*")
+ library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*")
for each_line in read_config_file.read().split('\n') :
if len(each_line) == 0 : continue
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index 68ac76e..a69eea7 100644
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -30,6 +30,30 @@ globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
+if os_name == "LINUX":
+ RANGER_KMS_HOME = os.getcwd()
+elif os_name == "WINDOWS":
+ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
+
+def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
+ finalLibPath = libpath.replace('\\','/').replace('//','/')
+ finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
+ if getorcreate == 'create':
+ commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
+ p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode
+ elif getorcreate == 'get':
+ commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
+ p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode, output
+ else:
+ print 'proper command not received for input need get or create'
+
+
def check_output(query):
if os_name == "LINUX":
p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE)
@@ -52,6 +76,11 @@ def log(msg,type):
def populate_global_dict():
global globalDict
+ if os_name == "LINUX":
+ read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties'))
+ elif os_name == "WINDOWS":
+ read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties'))
+ library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*")
read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
for each_line in read_config_file.read().split('\n') :
if len(each_line) == 0 : continue
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/install.properties
----------------------------------------------------------------------
diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties
index 4884369..0b463b9 100644
--- a/kms/scripts/install.properties
+++ b/kms/scripts/install.properties
@@ -14,7 +14,7 @@
# limitations under the License.
#
-# This file provides list of deployment variables for the Policy Manager Web Application
+# This file provides list of deployment variables for the Ranger KMS Web Application
#
#------------------------- DB CONFIG - BEGIN ----------------------------------
@@ -55,24 +55,119 @@ db_root_password=
db_host=localhost
#
-# DB UserId used for the Ranger schema
+# DB UserId used for the Ranger KMS schema
#
-db_name=ranger
-db_user=rangeradmin
+db_name=rangerkms
+db_user=rangerkms
db_password=
#------------------------- DB CONFIG - END ----------------------------------
+#------------------------- RANGER KMS Master Key Crypt Key ------------------
+KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd
+
#
# ------- UNIX User CONFIG ----------------
#
-unix_user=ranger
-unix_group=ranger
-
+unix_user=kms
+unix_group=kms
#
# ------- UNIX User CONFIG - END ----------------
#
+#
+# -------
+#
+
+# Location of Policy Manager URL
+#
+# Example:
+# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
+#
+POLICY_MGR_URL=
+
+#
+# This is the repository name created within policy manager
+#
+# Example:
+# REPOSITORY_NAME=kmsdev
+#
+REPOSITORY_NAME=kms
+
+#
+# AUDIT DB Configuration
+#
+# This information should match with the one you specified during the PolicyManager Installation
+#
+# Example:
+# XAAUDIT.DB.IS_ENABLED=true
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+# XAAUDIT.DB.HOSTNAME=localhost
+# XAAUDIT.DB.DATABASE_NAME=ranger_audit
+# XAAUDIT.DB.USER_NAME=rangerlogger
+# XAAUDIT.DB.PASSWORD=rangerlogger
+#
+XAAUDIT.DB.IS_ENABLED=true
+XAAUDIT.DB.FLAVOUR=MYSQL
+XAAUDIT.DB.HOSTNAME=
+XAAUDIT.DB.DATABASE_NAME=
+XAAUDIT.DB.USER_NAME=
+XAAUDIT.DB.PASSWORD=
+
+#
+# Audit to HDFS Configuration
+#
+# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
+# that start with __REPLACE__ with appropriate values
+# XAAUDIT.HDFS.IS_ENABLED=true
+# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit
+# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive
+#
+#
+# Example:
+# XAAUDIT.HDFS.IS_ENABLED=true
+# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/kms/audit
+# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/kms/audit/archive
+#
+XAAUDIT.HDFS.IS_ENABLED=false
+XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit
+XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive
+
+XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
+XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
+XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
+XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
+XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
+XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
+
+#Solr Audit Provder
+XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
+XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
+XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
+
+#
+# SSL Client Certificate Information
+#
+# Example:
+# SSL_KEYSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-keystore.jks
+# SSL_KEYSTORE_PASSWORD=none
+# SSL_TRUSTSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-truststore.jks
+# SSL_TRUSTSTORE_PASSWORD=none
+#
+# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
+#
+SSL_KEYSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit
+
# ################# DO NOT MODIFY ANY VARIABLES BELOW #########################
#
# --- These deployment variables are not to be modified unless you understand the full impact of the changes
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/kms-initd
----------------------------------------------------------------------
diff --git a/kms/scripts/kms-initd b/kms/scripts/kms-initd
deleted file mode 100644
index b699f6a..0000000
--- a/kms/scripts/kms-initd
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-### BEGIN INIT INFO
-# Provides: ranger-kms
-# Required-Start: $local_fs $remote_fs $network $named $syslog $time
-# Required-Stop: $local_fs $remote_fs $network $named $syslog $time
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: Start/Stop Ranger KMS
-### END INIT INFO
-
-LINUX_USER=ranger
-BIN_PATH=/usr/bin
-MOD_NAME=ranger-kms
-pidf=/var/run/ranger/kms.pid
-pid=""
-if [ -f ${pidf} ]
-then
- pid=`cat $pidf`
-fi
-
-case $1 in
- start)
- if [ "${pid}" != "" ]
- then
- echo "Ranger KMS Service is already running"
- exit 1
- else
- echo "Starting Ranger KMS."
- /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start"
- fi
- ;;
- stop)
- if [ "${pid}" != "" ]
- then
- echo "Stopping Ranger KMS."
- /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop"
- else
- echo "Ranger KMS Service is NOT running"
- exit 1
- fi
- ;;
- restart)
- if [ "${pid}" != "" ]
- then
- echo "Stopping Ranger KMS."
- /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop"
- sleep 10
- fi
- echo "Starting Ranger KMS."
- /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start"
- ;;
- status)
- if [ "${pid}" != "" ]
- then
- echo "Ranger KMS Service is running [pid={$pid}]"
- else
- echo "Ranger KMS Service is NOT running."
- fi
- ;;
- *)
- echo "Invalid argument [$1]; Only start | stop | restart | status, are supported."
- exit 1
- esac
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/ranger-kms
----------------------------------------------------------------------
diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms
index f049dd2..f3a79f5 100755
--- a/kms/scripts/ranger-kms
+++ b/kms/scripts/ranger-kms
@@ -21,28 +21,56 @@
# Required-Stop: $local_fs $remote_fs $network $named $syslog $time
# Default-Start: 2 3 4 5
# Default-Stop:
-# Short-Description: Start/Stop Ranger Kms
+# Short-Description: Start/Stop Ranger kms
### END INIT INFO
+LINUX_USER=kms
BIN_PATH=/usr/bin
MOD_NAME=ranger-kms
+pid=`ps -ef | grep java | grep -- '-Dproc_rangerkms' | grep -v grep | awk '{ print $2 }'`
+
case $1 in
start)
- echo "Starting Apache Ranger Kms."
- ${BIN_PATH}/${MOD_NAME} start
+ if [ "${pid}" != "" ]
+ then
+ echo "Ranger KMS Service is already running"
+ exit 1
+ else
+ echo "Starting Apache Ranger KMS."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start"
+ fi
;;
stop)
- echo "Stopping Apache Ranger Kms."
- ${BIN_PATH}/${MOD_NAME} stop
+ if [ "${pid}" != "" ]
+ then
+ echo "Stopping Apache Ranger KMS."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop"
+ else
+ echo "Ranger KMS Service is NOT running"
+ exit 1
+ fi
;;
restart)
- echo "Stopping Apache Ranger Kms."
- ${BIN_PATH}/${MOD_NAME} stop
- echo "Starting Apache Ranger Kms."
- ${BIN_PATH}/${MOD_NAME} start
+ if [ "${pid}" != "" ]
+ then
+ echo "Stopping Apache Ranger KMS."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop"
+ sleep 10
+ fi
+ echo "Starting Apache Ranger KMS."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start"
+ ;;
+status)
+ if [ "${pid}" != "" ]
+ then
+ echo "Ranger KMS Service is running [pid={$pid}]"
+ else
+ echo "Ranger KMS Service is NOT running."
+
+ fi
;;
*)
- echo "Invalid argument [$1]; Only start|stop|restart are supported."
+ echo "Invalid argument [$1]; Only start|stop|restart|status are supported."
exit 1
esac
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/ranger-kms-services.sh
----------------------------------------------------------------------
diff --git a/kms/scripts/ranger-kms-services.sh b/kms/scripts/ranger-kms-services.sh
index ce11e21..07c2910 100755
--- a/kms/scripts/ranger-kms-services.sh
+++ b/kms/scripts/ranger-kms-services.sh
@@ -32,7 +32,7 @@ RANGER_KMS_EWS_LIB_DIR="${RANGER_KMS_EWS_DIR}/lib"
JAVA_OPTS=" ${JAVA_OPTS} -XX:MaxPermSize=256m -Xmx1024m -Xms1024m "
-for custom_env_script in `find ${RANGER_KMS_DIR}/ews/conf/ -name "ranger-admin-env*"`; do
+for custom_env_script in `find ${RANGER_KMS_DIR}/ews/conf/ -name "ranger-kms-env*"`; do
if [ -f $custom_env_script ]; then
. $custom_env_script
fi
@@ -86,7 +86,7 @@ elif [ "${action^^}" == "RESTART" ]; then
echo "Restarting Apache Ranger KMS"
java ${JAVA_OPTS} ${STOP_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_STOP_LOG_FILE} 2>&1
echo "Apache Ranger KMS has been stopped."
- echo "Starting Apache Ranger Admin.."
+ echo "Starting Apache Ranger KMS."
java -D${PROC_NAME} ${JAVA_OPTS} ${START_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_LOG_FILE} 2>&1 &
echo "Apache Ranger KMS has started successfully."
exit
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh
index fe9f60c..4fb12c0 100644
--- a/kms/scripts/setup.sh
+++ b/kms/scripts/setup.sh
@@ -22,12 +22,14 @@
PROPFILE=$PWD/install.properties
propertyValue=''
-. $PROPFILE
-if [ ! $? = "0" ];then
- log "$PROPFILE file not found....!!";
+if [ ! -f ${PROPFILE} ]
+then
+ echo "$PROPFILE file not found....!!";
exit 1;
fi
+eval `grep -v '^XAAUDIT.' ${PROPFILE} | grep -v '^$' | grep -v '^#'`
+
DB_HOST="${db_host}"
usage() {
@@ -131,12 +133,15 @@ init_logfiles () {
init_variables(){
curDt=`date '+%Y%m%d%H%M%S'`
- VERSION=`cat ${PWD}/version`
+ if [ -f ${PWD}/version ]
+ then
+ VERSION=`cat ${PWD}/version`
+ else
+ VERSION="0.5.0"
+ fi
KMS_DIR=$PWD
- RANGER_KMS_INITD=kms-initd
-
RANGER_KMS=ranger-kms
INSTALL_DIR=${KMS_DIR}
@@ -267,9 +272,15 @@ copy_db_connector(){
setup_kms(){
#copying ranger kms provider
+ oldP=${PWD}
cd $PWD/ews/webapp
log "[I] Adding ranger kms provider as services in hadoop-common jar"
- jar -uf lib/hadoop-common*.jar META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory
+ for f in lib/hadoop-common*.jar
+ do
+ jar -uf ${f} META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory
+ chown ${unix_user}:${unix_group} ${f}
+ done
+ cd ${oldP}
}
update_properties() {
@@ -355,16 +366,21 @@ update_properties() {
echo "Starting configuration for XA DB credentials:"
- db_password_alias=ranger.ks.jdbc.password
+ MK_CREDENTIAL_ATTR="ranger.db.encrypt.key.password"
+ DB_CREDENTIAL_ATTR="ranger.ks.jpa.jdbc.password"
+
+ MK_CREDENTIAL_ALIAS="ranger.ks.masterkey.password"
+ DB_CREDENTIAL_ALIAS="ranger.ks.jpa.jdbc.credential.alias"
if [ "${keystore}" != "" ]
then
mkdir -p `dirname "${keystore}"`
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
+ $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${DB_CREDENTIAL_ALIAS}" -value "$db_password" -provider jceks://file$keystore
+ $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${MK_CREDENTIAL_ALIAS}" -value "${KMS_MASTER_KEY_PASSWD}" -provider jceks://file$keystore
propertyName=ranger.ks.jpa.jdbc.credential.alias
- newPropertyValue="${db_password_alias}"
+ newPropertyValue="${DB_CREDENTIAL_ALIAS}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
propertyName=ranger.ks.jpa.jdbc.credential.provider.path
@@ -375,9 +391,13 @@ update_properties() {
newPropertyValue="_"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
else
- propertyName=ranger.ks.jpa.jdbc.password
+ propertyName="${DB_CREDENTIAL_ATTR}"
newPropertyValue="${db_password}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
+
+ propertyName="${MK_CREDENTIAL_ATTR}"
+ newPropertyValue="${KMS_MASTER_KEY_PASSWD}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file
fi
if test -f $keystore; then
@@ -386,9 +406,14 @@ update_properties() {
chmod 640 ${keystore}
else
#echo "$keystore not found. so clear text password"
- propertyName=ranger.ks.jpa.jdbc.password
+
+ propertyName="${DB_CREDENTIAL_ATTR}"
newPropertyValue="${db_password}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
+
+ propertyName="${MK_CREDENTIAL_ATTR}"
+ newPropertyValue="${KMS_MASTER_KEY_PASSWD}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file
fi
###########
@@ -437,7 +462,7 @@ setup_install_files(){
if [ -d /etc/init.d ]; then
log "[I] Setting up init.d"
- cp ${INSTALL_DIR}/ews/${RANGER_KMS_INITD} /etc/init.d/${RANGER_KMS}
+ cp ${INSTALL_DIR}/${RANGER_KMS} /etc/init.d/${RANGER_KMS}
chmod ug+rx /etc/init.d/${RANGER_KMS}
@@ -500,6 +525,13 @@ setup_install_files(){
ln -sf ${INSTALL_DIR}/ranger-kms-services.sh /usr/bin/ranger-kms
chmod ug+rx /usr/bin/ranger-kms
fi
+
+ if [ ! -d /var/log/ranger/kms ]
+ then
+ mkdir -p /var/log/ranger/kms
+ fi
+ chgrp ${unix_group} /var/log/ranger/kms
+ chmod g+rwx /var/log/ranger/kms
}
init_logfiles
@@ -526,4 +558,7 @@ else
log "[E] DB schema setup failed! Please contact Administrator."
exit 1
fi
+
+./enable-kms-plugin.sh
+
echo "Installation of Ranger KMS is completed."
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
index e4490e0..0a31dca 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
@@ -81,6 +81,7 @@ public class RangerKMSDB {
//DB_PROPERTIES.list(System.out) ;
+ /*
Set keys = DB_PROPERTIES.keySet();
for (Iterator i = keys.iterator(); i.hasNext();) {
@@ -88,6 +89,7 @@ public class RangerKMSDB {
String value = (String) DB_PROPERTIES.get(key);
System.out.println(key + " = " + value);
}
+ */
entityManagerFactory = Persistence.createEntityManagerFactory("persistence_ranger_server", DB_PROPERTIES);
daoManager = new DaoManager();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
index 880f647..a0a082f 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
@@ -77,7 +77,7 @@ public class RangerKeyStoreProvider extends KeyProvider{
RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
dbStore = new RangerKeyStore(daoManager);
String password = conf.get(ENCRYPTION_KEY);
- System.out.println("RKSP Password = "+password);
+ // System.out.println("RKSP Password = "+password);
if(password == null || password.trim().equals("") || password.trim().equals("_") || password.trim().equals("crypted")){
throw new IOException("Master Key Jceks does not exists");
}
@@ -318,18 +318,18 @@ public class RangerKeyStoreProvider extends KeyProvider{
private void getFromJceks(Configuration conf, String path, String alias, String key){
//update credential from keystore
- System.out.println("getFromJCEKS path = "+path+" alias = "+alias+" key = "+key);
+ // System.out.println("getFromJCEKS path = "+path+" alias = "+alias+" key = "+key);
if(conf!=null){
String pathValue=conf.get(path);
- System.out.println("path Value = "+pathValue);
+ // System.out.println("path Value = "+pathValue);
String aliasValue=conf.get(alias);
- System.out.println("alias Value = "+aliasValue);
+ // System.out.println("alias Value = "+aliasValue);
if(pathValue!=null && aliasValue!=null){
String xaDBPassword=CredentialReader.getDecryptedString(pathValue.trim(),aliasValue.trim());
- System.out.println("xaDBPassword = "+xaDBPassword);
+ // System.out.println("xaDBPassword = "+xaDBPassword);
if(xaDBPassword!=null&& !xaDBPassword.trim().isEmpty() &&
!xaDBPassword.trim().equalsIgnoreCase("none")){
- System.out.println("inside key = "+key+" xaDBaswword "+xaDBPassword);
+ // System.out.println("inside key = "+key+" xaDBaswword "+xaDBPassword);
conf.set(key, xaDBPassword);
}else{
logger.info("Credential keystore password not applied for KMS; clear text password shall be applicable");
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/enable-kms-plugin.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh
index 1b6f52e..4e5789a 100644
--- a/plugin-kms/scripts/enable-kms-plugin.sh
+++ b/plugin-kms/scripts/enable-kms-plugin.sh
@@ -88,11 +88,6 @@ HCOMPONENT_NAME=`echo ${COMPONENT_NAME} | sed -e 's:-plugin::'`
CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}"
-if [ "${HCOMPONENT_NAME}" = "hdfs" ]
-then
- HCOMPONENT_NAME="hadoop"
-fi
-
#
# Based on script name, identify if the action is enabled or disabled
#
@@ -111,14 +106,13 @@ fi
# environment variables for enable|disable scripts
#
-PROJ_INSTALL_DIR1=`(cd ${basedir} ; pwd)`
-PROJ_INSTALL_DIR=${PROJ_INSTALL_DIR1}/..
+PROJ_INSTALL_DIR=`(cd ${basedir} ; pwd)`
SET_ENV_SCRIPT_NAME=set-${COMPONENT_NAME}-env.sh
-SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/scripts/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME}
-DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/scripts/install/conf.templates/default/configuration.xml
+SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME}
+DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/install/conf.templates/default/configuration.xml
PROJ_LIB_DIR=${PROJ_INSTALL_DIR}/ews/plugin/lib
-PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/scripts/install/lib"
-INSTALL_ARGS="${PROJ_INSTALL_DIR}/ews/webapp/config/plugin-install.properties"
+PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/install/lib"
+INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties"
COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/ews/webapp/config/${COMPONENT_NAME}-install.properties"
JAVA=$JAVA_HOME/bin/java
@@ -290,7 +284,7 @@ fi
# Run, the enable|disable ${COMPONENT} configurations
#
-if [ -d "${PROJ_INSTALL_DIR}/scripts/install/conf.templates/${action}" ]
+if [ -d "${PROJ_INSTALL_DIR}/install/conf.templates/${action}" ]
then
INSTALL_CP="${PROJ_INSTALL_LIB_DIR}/*"
if [ "${action}" = "enable" ]
@@ -298,17 +292,20 @@ then
echo "<ranger>\n<enabled>`date`</enabled>\n</ranger>" > ${HCOMPONENT_CONF_DIR}/ranger-security.xml
chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/ranger-security.xml
chmod a+r ${HCOMPONENT_CONF_DIR}/ranger-security.xml
- for cf in ${PROJ_INSTALL_DIR}/scripts/install/conf.templates/${action}/*.xml
+ for cf in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.xml
do
- cfb=`basename ${cf}`
- if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ]
+ if [ -f "${cf}" ]
then
- log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..."
- cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt}
+ cfb=`basename ${cf}`
+ if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ]
+ then
+ log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..."
+ cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt}
+ fi
+ cp ${cf} ${HCOMPONENT_CONF_DIR}/
+ chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb}
+ chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb}
fi
- cp ${cf} ${HCOMPONENT_CONF_DIR}/
- chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb}
- chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb}
done
else
if [ -f ${HCOMPONENT_CONF_DIR}/ranger-security.xml ]
@@ -364,7 +361,7 @@ then
fi
- for f in ${PROJ_INSTALL_DIR}/scripts/install/conf.templates/${action}/*.cfg
+ for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg
do
if [ -f "${f}" ]
then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/install.properties b/plugin-kms/scripts/install.properties
deleted file mode 100755
index 93cf4a1..0000000
--- a/plugin-kms/scripts/install.properties
+++ /dev/null
@@ -1,112 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# Location of Policy Manager URL
-#
-# Example:
-# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
-#
-POLICY_MGR_URL=
-
-#
-# Location of db client library (please check the location of the jar file)
-#
-# Example:
-# SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
-# SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
-#
-SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
-
-#
-# This is the repository name created within policy manager
-#
-# Example:
-# REPOSITORY_NAME=kmsdev
-#
-REPOSITORY_NAME=
-
-#
-# AUDIT DB Configuration
-#
-# This information should match with the one you specified during the PolicyManager Installation
-#
-# Example:
-# XAAUDIT.DB.IS_ENABLED=true
-# XAAUDIT.DB.FLAVOUR=MYSQL
-# XAAUDIT.DB.FLAVOUR=ORACLE
-# XAAUDIT.DB.HOSTNAME=localhost
-# XAAUDIT.DB.DATABASE_NAME=ranger_audit
-# XAAUDIT.DB.USER_NAME=rangerlogger
-# XAAUDIT.DB.PASSWORD=rangerlogger
-#
-XAAUDIT.DB.IS_ENABLED=false
-XAAUDIT.DB.FLAVOUR=MYSQL
-XAAUDIT.DB.HOSTNAME=
-XAAUDIT.DB.DATABASE_NAME=
-XAAUDIT.DB.USER_NAME=
-XAAUDIT.DB.PASSWORD=
-
-#
-# Audit to HDFS Configuration
-#
-# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
-# that start with __REPLACE__ with appropriate values
-# XAAUDIT.HDFS.IS_ENABLED=true
-# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
-# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit
-# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive
-#
-# Example:
-# XAAUDIT.HDFS.IS_ENABLED=true
-# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
-# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/kms/audit
-# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/kms/audit/archive
-#
-XAAUDIT.HDFS.IS_ENABLED=false
-XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
-XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit
-XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive
-
-XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
-XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
-XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
-XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
-XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
-XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
-XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
-XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
-
-#Solr Audit Provder
-XAAUDIT.SOLR.IS_ENABLED=false
-XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
-XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
-XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
-
-#
-# SSL Client Certificate Information
-#
-# Example:
-# SSL_KEYSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-keystore.jks
-# SSL_KEYSTORE_PASSWORD=none
-# SSL_TRUSTSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-truststore.jks
-# SSL_TRUSTSTORE_PASSWORD=none
-#
-# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
-#
-SSL_KEYSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-keystore.jks
-SSL_KEYSTORE_PASSWORD=myKeyFilePassword
-SSL_TRUSTSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-truststore.jks
-SSL_TRUSTSTORE_PASSWORD=changeit
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/install.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/install.sh b/plugin-kms/scripts/install.sh
deleted file mode 100755
index d88dadf..0000000
--- a/plugin-kms/scripts/install.sh
+++ /dev/null
@@ -1,364 +0,0 @@
-#!/bin/bash
-
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-
-function create_jceks()
-{
-
-alias=$1
-pass=$2
-jceksFile=$3
-
-ret=`hadoop credential create ${alias} -value ${pass} -provider jceks://file${jceksFile} 2>&1`
-res=`echo $ret | grep 'already exist'`
-
-if ! [ "${res}" == "" ]
-then
- echo "Credential file already exists,recreating the file..."
- hadoop credential delete ${alias} -provider jceks://file${jceksFile}
- hadoop credential create ${alias} -value ${pass} -provider jceks://file${jceksFile}
-fi
-}
-
-#Update Properties to File
-#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
-updatePropertyToFile(){
- sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
- #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
- validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
- #echo 'V1:'$validate
- if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
- echo "[I] File $3 Updated successfully : {'$1'}"
-}
-
-kms_dir=/usr/hdp/current/kms
-kms_lib_dir=${kms_dir}/lib
-kms_conf_dir=/etc/kms/conf
-
-hdp_dir=/usr/hdp/current/hadoop
-hdp_lib_dir=${hdp_dir}/lib
-hdp_conf_dir=/etc/hadoop/conf
-
-export CONFIG_FILE_OWNER="kms:hadoop"
-
-
-if [ ! -d "${hdp_dir}" ]
-then
- echo "ERROR: Invalid HADOOP HOME Directory: [${hdp_dir}]. Exiting ..."
- exit 1
-fi
-
-#echo "Hadoop Configuration Path: ${hdp_conf_dir}"
-
-if [ ! -f ${hdp_conf_dir}/hadoop-env.sh ]
-then
- echo "ERROR: Invalid HADOOP CONF Directory: [${hdp_conf_dir}]."
- echo "ERROR: Unable to locate: hadoop-env.sh. Exiting ..."
- exit 1
-fi
-
-install_dir=`dirname $0`
-
-[ "${install_dir}" = "." ] && install_dir=`pwd`
-
-#echo "Current Install Directory: [${install_dir}]"
-
-#verify sql-connector path is valid
-SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
-if test -f "$SQL_CONNECTOR_JAR"; then
- echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
-else
- echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
-fi
-#copying sql connector jar file to lib directory
-cp $SQL_CONNECTOR_JAR ${install_dir}/lib
-
-
-#
-# --- Backup current configuration for backup - START
-#
-
-COMPONENT_NAME=kms
-
-XASECURE_VERSION=`cat ${install_dir}/version`
-
-CFG_DIR=${kms_conf_dir}
-XASECURE_ROOT=/etc/xasecure/${COMPONENT_NAME}
-BACKUP_TYPE=pre
-CUR_VERSION_FILE=${XASECURE_ROOT}/.current_version
-CUR_CFG_DIR_FILE=${XASECURE_ROOT}/.config_dir
-PRE_INSTALL_CONFIG=${XASECURE_ROOT}/${BACKUP_TYPE}-${XASECURE_VERSION}
-
-backup_dt=`date '+%Y%m%d%H%M%S'`
-
-if [ -d "${PRE_INSTALL_CONFIG}" ]
-then
- PRE_INSTALL_CONFIG="${PRE_INSTALL_CONFIG}.${backup_dt}"
-fi
-
-if [ -d ${CFG_DIR} ]
-then
- ( cd ${CFG_DIR} ; find . -print | cpio -pdm ${PRE_INSTALL_CONFIG} )
- [ -f ${CUR_VERSION_FILE} ] && mv ${CUR_VERSION_FILE} ${CUR_VERSION_FILE}-${backup_dt}
- echo ${XASECURE_VERSION} > ${CUR_VERSION_FILE}
- echo ${CFG_DIR} > ${CUR_CFG_DIR_FILE}
-else
- echo "ERROR: Unable to find configuration directory: [${CFG_DIR}]"
- exit 1
-fi
-
-cp -f ${install_dir}/uninstall.sh ${XASECURE_ROOT}/
-
-#
-# --- Backup current configuration for backup - END
-
-dt=`date '+%Y%m%d%H%M%S'`
-for f in ${install_dir}/conf/*
-do
- if [ -f ${f} ]
- then
- fn=`basename $f`
- if [ ! -f ${kms_conf_dir}/${fn} ]
- then
- echo "+cp ${f} ${kms_conf_dir}/${fn}"
- cp ${f} ${kms_conf_dir}/${fn}
- else
- echo "WARN: ${fn} already exists in the ${kms_conf_dir} - Using existing configuration ${fn}"
- fi
- fi
-done
-
-#echo "Hadoop XASecure Library Path: ${hdp_lib_dir}"
-
-if [ ! -d ${kms_lib_dir} ]
-then
- echo "+mkdir -p ${kms_lib_dir}"
- mkdir -p ${kms_lib_dir}
-fi
-
-for f in ${install_dir}/dist/*.jar
-do
- if [ -f ${f} ]
- then
- fn=`basename $f`
- echo "+cp ${f} ${kms_lib_dir}/${fn}"
- cp ${f} ${kms_lib_dir}/${fn}
- fi
-done
-
-
-for f in ${install_dir}/dist/*.jar
-do
- if [ -f ${f} ]
- then
- fn=`basename $f`
- echo "+cp ${f} ${kms_lib_dir}/${fn}"
- cp ${f} ${kms_lib_dir}/${fn}
- fi
-done
-
-if [ -d ${install_dir}/lib ]
-then
- for f in ${install_dir}/lib/*.jar
- do
- if [ -f ${f} ]
- then
- fn=`basename $f`
- if [ -f ${kms_lib_dir}/${fn} ]
- then
- cdt=`date '+%s'`
- echo "+mv ${kms_lib_dir}/${fn} ${kms_lib_dir}/.${fn}.${cdt}"
- mv ${kms_lib_dir}/${fn} ${kms_lib_dir}/.${fn}.${cdt}
- fi
- echo "+cp ${f} ${kms_lib_dir}/${fn}"
- cp ${f} ${kms_lib_dir}/${fn}
- fi
- done
-fi
-
-
-CredFile=`grep '^CREDENTIAL_PROVIDER_FILE' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-
-if ! [ `echo ${CredFile} | grep '^/.*'` ]
-then
- echo "ERROR:Please enter the Credential File Store with proper file path"
- exit 1
-fi
-
-dirno=`echo ${CredFile}| awk -F"/" '{ print NF}'`
-
-if [ ${dirno} -gt 2 ];
-then
- pardir=`echo ${CredFile} | awk -F'/[^/]*$' '{ print $1 }'`
- if [ ! -d ${pardir} ];
- then
- mkdir -p ${pardir}
- if [ $? -eq 0 ];
- then
- chmod go+rx ${pardir}
- else
- echo "ERROR: Unable to create credential store file path"
- fi
- fi
-fi
-
-
-#
-# Generate Credential Provider file and Credential for Audit DB access.
-#
-
-
-auditCredAlias="auditDBCred"
-
-auditdbCred=`grep '^XAAUDIT.DB.PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-
-create_jceks ${auditCredAlias} ${auditdbCred} ${CredFile}
-
-
-#
-# Generate Credential Provider file and Credential for SSL KEYSTORE AND TRUSTSTORE
-#
-
-
-sslkeystoreAlias="sslKeyStore"
-
-sslkeystoreCred=`head -1 /etc/xasecure/ssl/certs/${repoName}.maze`
-
-create_jceks ${sslkeystoreAlias} ${sslkeystoreCred} ${CredFile}
-
-
-
-ssltruststoreAlias="sslTrustStore"
-
-ssltruststoreCred=`grep '^SSL_TRUSTSTORE_PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-
-create_jceks ${ssltruststoreAlias} ${ssltruststoreCred} ${CredFile}
-
-chmod go+rx ${pardir}
-chmod go+r ${CredFile}
-chown ${CONFIG_FILE_OWNER} ${CredFile}
-
-PROP_ARGS="-p ${install_dir}/install.properties"
-to_file="${install_dir}/install.properties"
-DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
-if [ "${DB_FLAVOR}" == "" ]
-then
- $DB_FLAVOR="MYSQL"
-fi
-echo "[I] Updating install.properites setting for : $DB_FLAVOR"
-
-if [ "${DB_FLAVOR}" == "MYSQL" ]
-then
- audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-
- propertyName=XAAUDIT.DB.JDBC_DRIVER
- newPropertyValue="com.mysql.jdbc.Driver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-fi
-
-if [ "${DB_FLAVOR}" == "ORACLE" ]
-then
- audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-
- propertyName=XAAUDIT.DB.JDBC_DRIVER
- newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-fi
-
-if [ "${DB_FLAVOR}" == "POSTGRES" ]
-then
- audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:postgresql://${audit_db_hostname}/${audit_db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
- propertyName=XAAUDIT.DB.JDBC_DRIVER
- newPropertyValue="org.postgresql.Driver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-fi
-if [ "${DB_FLAVOR}" == "SQLSERVER" ]
-then
- audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
- propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:sqlserver://${audit_db_hostname};databaseName=${audit_db_name}"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-
- propertyName=XAAUDIT.DB.JDBC_DRIVER
- newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
- updatePropertyToFile $propertyName $newPropertyValue $to_file
-fi
-for f in ${install_dir}/installer/conf/*-changes.cfg
-do
- if [ -f ${f} ]
- then
- fn=`basename $f`
- orgfn=`echo $fn | sed -e 's:-changes.cfg:.xml:'`
- fullpathorgfn="${kms_conf_dir}/${orgfn}"
- if [ ! -f ${fullpathorgfn} ]
- then
- echo "ERROR: Unable to find ${fullpathorgfn}"
- exit 1
- fi
- archivefn="${kms_conf_dir}/.${orgfn}.${dt}"
- newfn="${kms_conf_dir}/.${orgfn}-new.${dt}"
- cp ${fullpathorgfn} ${archivefn}
- if [ $? -eq 0 ]
- then
- cp="${install_dir}/installer/lib/*:${hdp_dir}/*:${hdp_lib_dir}/*"
- java -cp "${cp}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS}
- if [ $? -eq 0 ]
- then
- diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1
- if [ $? -ne 0 ]
- then
- #echo "Changing config file: ${fullpathorgfn} with following changes:"
- #echo "==============================================================="
- #diff -w ${newfn} ${fullpathorgfn}
- #echo "==============================================================="
- echo "NOTE: Current config file: ${fullpathorgfn} is being saved as ${archivefn}"
- #echo "==============================================================="
- cp ${newfn} ${fullpathorgfn}
- fi
- else
- echo "ERROR: Unable to make changes to config. file: ${fullpathorgfn}"
- echo "exiting ...."
- exit 1
- fi
- else
- echo "ERROR: Unable to save config. file: ${fullpathorgfn} to ${archivefn}"
- echo "exiting ...."
- exit 1
- fi
- fi
-done
-
-chmod go-rwx ${kms_conf_dir}/xasecure-policymgr-ssl.xml
-
-chown ${CONFIG_FILE_OWNER} ${kms_conf_dir}/xasecure-policymgr-ssl.xml
-
-exit 0
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/kms-plugin-install.properties
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/kms-plugin-install.properties b/plugin-kms/scripts/kms-plugin-install.properties
deleted file mode 100755
index b79d529..0000000
--- a/plugin-kms/scripts/kms-plugin-install.properties
+++ /dev/null
@@ -1,23 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# installation properties for this plugin
-
-#
-# Name of the directory where the component's lib and conf directory exist.
-# This location should be relative to the parent of the directory containing
-# the plugin installation files.
-#
-COMPONENT_INSTALL_DIR_NAME=ranger-kms
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/uninstall.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/uninstall.sh b/plugin-kms/scripts/uninstall.sh
deleted file mode 100755
index e0d3584..0000000
--- a/plugin-kms/scripts/uninstall.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMPONENT_NAME=hbase
-CFG_DIR=/etc/${COMPONENT_NAME}/conf
-XASECURE_ROOT=/etc/xasecure/${COMPONENT_NAME}
-BACKUP_TYPE=pre
-CUR_VERSION_FILE=${XASECURE_ROOT}/.current_version
-CUR_CFG_DIR_FILE=${XASECURE_ROOT}/.config_dir
-if [ -f ${CUR_VERSION_FILE} ]
-then
- XASECURE_VERSION=`cat ${CUR_VERSION_FILE}`
- PRE_INSTALL_CONFIG=${XASECURE_ROOT}/${BACKUP_TYPE}-${XASECURE_VERSION}
- dt=`date '+%Y%m%d%H%M%S'`
- if [ -d "${PRE_INSTALL_CONFIG}" ]
- then
- if [ -f ${CUR_CFG_DIR_FILE} ]
- then
- CFG_DIR=`cat ${CUR_CFG_DIR_FILE}`
- fi
- [ -d ${CFG_DIR} ] && mv ${CFG_DIR} ${CFG_DIR}-${dt}
- ( cd ${PRE_INSTALL_CONFIG} ; find . -print | cpio -pdm ${CFG_DIR} )
- [ -f ${CUR_VERSION_FILE} ] && mv ${CUR_VERSION_FILE} ${CUR_VERSION_FILE}-uninstalled-${dt}
- echo "XASecure version - ${XASECURE_VERSION} has been uninstalled successfully."
- else
- echo "ERROR: Unable to find pre-install configuration directory: [${PRE_INSTALL_CONFIG}]"
- exit 1
- fi
-else
- cd ${CFG_DIR}
- saved_files=`find . -type f -name '.*' | sort | grep -v -- '-new.' | grep '[0-9]*$' | grep -v -- '-[0-9]*$' | sed -e 's:\.[0-9]*$::' | sed -e 's:^./::' | sort -u`
- dt=`date '+%Y%m%d%H%M%S'`
- if [ "${saved_files}" != "" ]
- then
- for f in ${saved_files}
- do
- oldf=`ls ${f}.[0-9]* | sort | head -1`
- if [ -f "${oldf}" ]
- then
- nf=`echo ${f} | sed -e 's:^\.::'`
- if [ -f "${nf}" ]
- then
- echo "+cp -p ${nf} .${nf}-${dt}"
- cp -p ${nf} .${nf}-${dt}
- echo "+cp ${oldf} ${nf}"
- cp ${oldf} ${nf}
- else
- echo "ERROR: ${nf} not found to save. However, old file is being recovered."
- echo "+cp -p ${oldf} ${nf}"
- cp -p ${oldf} ${nf}
- fi
- fi
- done
- echo "XASecure configuration has been uninstalled successfully."
- fi
-fi
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index acdf66f..55fa6e4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -96,7 +96,7 @@
<module>unixauthclient</module>
<module>unixauthservice</module>
<module>ranger-util</module>
- <!--<module>plugin-kms</module>-->
+ <module>plugin-kms</module>
</modules>
<properties>
<javac.source.version>1.7</javac.source.version>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/src/main/assembly/kms.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/kms.xml b/src/main/assembly/kms.xml
index 50a684d..28b0a27 100644
--- a/src/main/assembly/kms.xml
+++ b/src/main/assembly/kms.xml
@@ -192,7 +192,7 @@
</includes>
</dependencySet>
<dependencySet>
- <outputDirectory>/scripts/install/lib</outputDirectory>
+ <outputDirectory>/install/lib</outputDirectory>
<unpack>false</unpack>
<directoryMode>755</directoryMode>
<fileMode>644</fileMode>
@@ -224,13 +224,12 @@
<include>security_plugins.ranger-plugins-common:ranger-plugins-common</include>
<include>security_plugins.ranger-kms-plugin:ranger-kms-plugin</include>
<include>org.apache.ranger:credentialbuilder</include>
- <include>org.apache.ranger:ranger-kms-plugin</include>
</includes>
</moduleSet>
<moduleSet>
<binaries>
<includeDependencies>false</includeDependencies>
- <outputDirectory>/scripts/install/lib</outputDirectory>
+ <outputDirectory>/install/lib</outputDirectory>
<unpack>false</unpack>
</binaries>
<includes>
@@ -316,7 +315,7 @@
<!-- Plugin -->
<!-- conf.templates for enable -->
<fileSet>
- <outputDirectory>/scripts/install/conf.templates/enable</outputDirectory>
+ <outputDirectory>/install/conf.templates/enable</outputDirectory>
<directory>plugin-kms/conf</directory>
<excludes>
<exclude>*.sh</exclude>
@@ -324,12 +323,12 @@
<fileMode>700</fileMode>
</fileSet>
<fileSet>
- <outputDirectory>/scripts/install/conf.templates/disable</outputDirectory>
+ <outputDirectory>/install/conf.templates/disable</outputDirectory>
<directory>plugin-kms/disable-conf</directory>
<fileMode>700</fileMode>
</fileSet>
<fileSet>
- <outputDirectory>/scripts/install/conf.templates/default</outputDirectory>
+ <outputDirectory>/install/conf.templates/default</outputDirectory>
<directory>plugin-kms/template</directory>
<fileMode>700</fileMode>
</fileSet>
@@ -346,21 +345,9 @@
<files>
<file>
<source>plugin-kms/scripts/enable-kms-plugin.sh</source>
- <outputDirectory>/scripts</outputDirectory>
+ <outputDirectory>/</outputDirectory>
<destName>enable-kms-plugin.sh</destName>
<fileMode>755</fileMode>
</file>
- <file>
- <source>plugin-kms/scripts/install.properties</source>
- <outputDirectory>/ews/webapp/config</outputDirectory>
- <destName>plugin-install.properties</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>plugin-kms/scripts/kms-plugin-install.properties</source>
- <outputDirectory>/ews/webapp/config</outputDirectory>
- <destName>kms-plugin-install.properties</destName>
- <fileMode>755</fileMode>
- </file>
</files>
</assembly>