You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mu...@apache.org on 2017/01/11 09:24:02 UTC
ambari git commit: AMBARI-19437 Remove anonymous bind option for
Ranger User sync for LDAP/AD (mugdha)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 a96880fb9 -> a444517be
AMBARI-19437 Remove anonymous bind option for Ranger User sync for LDAP/AD (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a444517b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a444517b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a444517b
Branch: refs/heads/branch-2.5
Commit: a444517be4e347d20b449c9b2e84fc60c8855351
Parents: a96880f
Author: Mugdha Varadkar <mu...@apache.org>
Authored: Tue Jan 10 12:29:53 2017 +0530
Committer: Mugdha Varadkar <mu...@apache.org>
Committed: Wed Jan 11 14:52:59 2017 +0530
----------------------------------------------------------------------
.../0.5.0/configuration/ranger-ugsync-site.xml | 10 ++++---
.../RANGER/0.7.0/configuration/ranger-env.xml | 28 ++++++++++++++++++++
.../stacks/HDP/2.3/upgrades/config-upgrade.xml | 5 ++++
.../HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml | 4 +++
.../stacks/HDP/2.3/upgrades/upgrade-2.6.xml | 1 +
.../stacks/HDP/2.4/upgrades/config-upgrade.xml | 5 ++++
.../HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml | 4 +++
.../stacks/HDP/2.4/upgrades/upgrade-2.6.xml | 1 +
.../stacks/HDP/2.5/upgrades/config-upgrade.xml | 12 +++++++++
.../HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml | 5 ++++
.../stacks/HDP/2.5/upgrades/upgrade-2.6.xml | 3 +++
11 files changed, 75 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml
index e51ab7e..439c495 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml
@@ -225,7 +225,8 @@
<name>ranger.usersync.ldap.searchBase</name>
<value>dc=hadoop,dc=apache,dc=org</value>
<description>"# search base for users and groups
-# sample value would be dc=hadoop,dc=apache,dc=org"</description>
+# sample value would be dc=hadoop,dc=apache,dc=org
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated"</description>
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
@@ -237,7 +238,8 @@
<value/>
<description>"# search base for users
# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
-# overrides value specified in ranger.usersync.ldap.searchBase"</description>
+# overrides value specified in ranger.usersync.ldap.searchBase
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: cn=users,dc=example,dc=com;ou=example1,ou=example2"</description>
<on-ambari-upgrade add="true"/>
</property>
<property>
@@ -371,7 +373,9 @@
# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase
# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase
-# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description>
+# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: ou=groups,DC=example,DC=com;ou=group1,ou=group2"
+</description>
<on-ambari-upgrade add="true"/>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
new file mode 100644
index 0000000..661089a
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="true" supports_adding_forbidden="true">
+ <property>
+ <name>bind_anonymous</name>
+ <deleted>true</deleted>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
index fe1f494..a1f03e8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
@@ -228,6 +228,11 @@
if-type="ranger-env" if-key="is_solrCloud_enabled" if-value="true"/>
</definition>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="bind_anonymous" />
+ </definition>
+
</changes>
</component>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
index a7b58f5..42918ff 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml
@@ -438,6 +438,10 @@
</task>
</execute-stage>
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
+ </execute-stage>
+
<!-- RANGER KMS -->
<execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS Server">
<task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_kms_audit_db"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
index c8baea1..1cdc416 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml
@@ -592,6 +592,7 @@
<task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction">
<summary>Configuring Ranger Alerts</summary>
</task>
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
<task xsi:type="execute" hosts="all">
<script>scripts/ranger_admin.py</script>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
index 44c2a6e..136fafe 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
@@ -134,6 +134,11 @@
if-type="ranger-env" if-key="is_solrCloud_enabled" if-value="true"/>
</definition>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="bind_anonymous" />
+ </definition>
+
</changes>
</component>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
index ce5105e..58ca724 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml
@@ -344,6 +344,10 @@
</task>
</execute-stage>
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
+ </execute-stage>
+
<!-- HDFS -->
<execute-stage service="HDFS" component="NAMENODE" title="Apply config changes for Hdfs Namenode HA">
<task xsi:type="configure" id="hdp_2_5_0_0_namenode_ha_adjustments"/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
index 2fd7a7a..fa8187d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml
@@ -581,6 +581,7 @@
<task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction">
<summary>Configuring Ranger Alerts</summary>
</task>
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
<task xsi:type="execute" hosts="all">
<script>scripts/ranger_admin.py</script>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
index 9ddb667..40052d8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml
@@ -56,5 +56,17 @@
</changes>
</component>
</service>
+
+ <service name="RANGER">
+ <component name="RANGER_ADMIN">
+ <changes>
+ <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous">
+ <type>ranger-env</type>
+ <transfer operation="delete" delete-key="bind_anonymous" />
+ </definition>
+ </changes>
+ </component>
+ </service>
+
</services>
</upgrade-config-changes>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
index 7ccd96d..78418b0 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
@@ -302,6 +302,11 @@
<execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Nimbus">
<task xsi:type="configure" id="increase_storm_zookeeper_timeouts"/>
</execute-stage>
+
+ <!--RANGER-->
+ <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
+ </execute-stage>
</group>
<!--
http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
index abd8fb9..4abf0ec 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
@@ -479,6 +479,7 @@
<service name="RANGER">
<component name="RANGER_ADMIN">
<pre-upgrade>
+ <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/>
<task xsi:type="execute" hosts="all">
<summary>Stop Ranger Admin</summary>
<script>scripts/ranger_admin.py</script>
@@ -505,6 +506,8 @@
</task>
</pre-upgrade>
+ <pre-downgrade/> <!-- no-op to prevent config changes on downgrade -->
+
<upgrade>
<task xsi:type="restart-task" />
</upgrade>