You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2021/12/30 11:22:17 UTC
[ranger] branch ranger-2.3 updated (52a8558 -> 71218ab)
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a change to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 52a8558 RANGER-3550: enhancement to support use of user/tag attributes in row-filter/condition expressions
new 35c8bc3 RANGER-3488:Docker setup for Apache Ranger Knox plugin
new acde646 RANGER-3563: fixed plugin installation failure in docker due to recent changes in RANGER-3540
new 71218ab RANGER-3564: fixed failure in installation of Ranger plugin for HDFS
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
agents-installer/pom.xml | 10 ++
dev-support/ranger-docker/.dockerignore | 1 +
dev-support/ranger-docker/.env | 1 +
dev-support/ranger-docker/Dockerfile.ranger | 1 +
dev-support/ranger-docker/Dockerfile.ranger-base | 2 +
dev-support/ranger-docker/Dockerfile.ranger-knox | 49 ++++++
dev-support/ranger-docker/README.md | 6 +-
...er-kafka.yml => docker-compose.ranger-knox.yml} | 16 +-
dev-support/ranger-docker/download-archives.sh | 1 +
.../ranger-docker/scripts/ranger-hadoop-mkdir.sh | 2 +
.../ranger-docker/scripts/ranger-hadoop-setup.sh | 4 +
.../scripts/ranger-hbase-plugin-install.properties | 6 +
.../scripts/ranger-hdfs-plugin-install.properties | 6 +
.../scripts/ranger-hive-plugin-install.properties | 6 +
.../scripts/ranger-kafka-plugin-install.properties | 6 +
.../ranger-knox-expect.sh} | 14 +-
...rties => ranger-knox-plugin-install.properties} | 22 ++-
.../ranger-docker/scripts/ranger-knox-sandbox.xml | 175 +++++++++++++++++++++
...dev_yarn.py => ranger-knox-service-dev_knox.py} | 2 +-
...{ranger-hbase-setup.sh => ranger-knox-setup.sh} | 13 +-
.../scripts/{ranger-hbase.sh => ranger-knox.sh} | 20 +--
.../scripts/ranger-yarn-plugin-install.properties | 6 +
dev-support/ranger-docker/scripts/ranger.sh | 1 +
distro/src/main/assembly/hdfs-agent.xml | 3 +
distro/src/main/assembly/knox-agent.xml | 3 +
knox-agent/pom.xml | 6 +
26 files changed, 347 insertions(+), 35 deletions(-)
create mode 100644 dev-support/ranger-docker/Dockerfile.ranger-knox
copy dev-support/ranger-docker/{docker-compose.ranger-kafka.yml => docker-compose.ranger-knox.yml} (59%)
copy dev-support/ranger-docker/{Dockerfile.ranger-zk => scripts/ranger-knox-expect.sh} (77%)
copy dev-support/ranger-docker/scripts/{ranger-hdfs-plugin-install.properties => ranger-knox-plugin-install.properties} (83%)
create mode 100644 dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml
copy dev-support/ranger-docker/scripts/{ranger-yarn-service-dev_yarn.py => ranger-knox-service-dev_knox.py} (68%)
copy dev-support/ranger-docker/scripts/{ranger-hbase-setup.sh => ranger-knox-setup.sh} (79%)
copy dev-support/ranger-docker/scripts/{ranger-hbase.sh => ranger-knox.sh} (64%)
[ranger] 01/03: RANGER-3488:Docker setup for Apache Ranger Knox plugin
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 35c8bc3923ad9961d9d5809f1269b586368b2330
Author: Ramesh Mani <rm...@apache.org>
AuthorDate: Sun Oct 24 21:25:23 2021 -0700
RANGER-3488:Docker setup for Apache Ranger Knox plugin
Signed-off-by: Ramesh Mani <rm...@apache.org>
(cherry picked from commit 5acc0a34e8f0c458e3d73b8a0f29aef050307ef6)
---
agents-installer/pom.xml | 10 ++
dev-support/ranger-docker/.dockerignore | 1 +
dev-support/ranger-docker/.env | 1 +
dev-support/ranger-docker/Dockerfile.ranger | 1 +
dev-support/ranger-docker/Dockerfile.ranger-base | 2 +
dev-support/ranger-docker/Dockerfile.ranger-knox | 49 ++++++
dev-support/ranger-docker/README.md | 6 +-
.../ranger-docker/docker-compose.ranger-knox.yml | 29 ++++
dev-support/ranger-docker/download-archives.sh | 1 +
.../ranger-docker/scripts/ranger-hadoop-mkdir.sh | 2 +
.../ranger-docker/scripts/ranger-hadoop-setup.sh | 4 +
.../ranger-docker/scripts/ranger-knox-expect.sh | 29 ++++
.../scripts/ranger-knox-plugin-install.properties | 76 +++++++++
.../ranger-docker/scripts/ranger-knox-sandbox.xml | 175 +++++++++++++++++++++
.../scripts/ranger-knox-service-dev_knox.py | 8 +
.../ranger-docker/scripts/ranger-knox-setup.sh | 32 ++++
dev-support/ranger-docker/scripts/ranger-knox.sh | 41 +++++
dev-support/ranger-docker/scripts/ranger.sh | 1 +
distro/src/main/assembly/knox-agent.xml | 3 +
knox-agent/pom.xml | 6 +
20 files changed, 474 insertions(+), 3 deletions(-)
diff --git a/agents-installer/pom.xml b/agents-installer/pom.xml
index 76c2961..eda7f70 100644
--- a/agents-installer/pom.xml
+++ b/agents-installer/pom.xml
@@ -33,5 +33,15 @@
<artifactId>commons-cli</artifactId>
<version>${commons.cli.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-compress</artifactId>
+ <version>${commons.compress.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ <version>${commons.cli.version}</version>
+ </dependency>
</dependencies>
</project>
diff --git a/dev-support/ranger-docker/.dockerignore b/dev-support/ranger-docker/.dockerignore
index e42d865..ff26d47 100644
--- a/dev-support/ranger-docker/.dockerignore
+++ b/dev-support/ranger-docker/.dockerignore
@@ -7,5 +7,6 @@
!dist/ranger-*-hive-plugin.tar.gz
!dist/ranger-*-hbase-plugin.tar.gz
!dist/ranger-*-kafka-plugin.tar.gz
+!dist/ranger-*-knox-plugin.tar.gz
!downloads/*
!scripts/*
diff --git a/dev-support/ranger-docker/.env b/dev-support/ranger-docker/.env
index 100ed71..7381fb2 100644
--- a/dev-support/ranger-docker/.env
+++ b/dev-support/ranger-docker/.env
@@ -11,3 +11,4 @@ HBASE_VERSION=2.2.6
HIVE_VERSION=3.1.2
HIVE_HADOOP_VERSION=3.1.1
KAFKA_VERSION=2.5.0
+KNOX_VERSION=1.4.0
diff --git a/dev-support/ranger-docker/Dockerfile.ranger b/dev-support/ranger-docker/Dockerfile.ranger
index 8940014..ad895dc 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger
+++ b/dev-support/ranger-docker/Dockerfile.ranger
@@ -29,6 +29,7 @@ COPY ./scripts/ranger-yarn-service-dev_yarn.py ${RANGER_SCRIPTS}/
COPY ./scripts/ranger-hive-service-dev_hive.py ${RANGER_SCRIPTS}/
COPY ./scripts/ranger-hbase-service-dev_hbase.py ${RANGER_SCRIPTS}/
COPY ./scripts/ranger-kafka-service-dev_kafka.py ${RANGER_SCRIPTS}/
+COPY ./scripts/ranger-knox-service-dev_knox.py ${RANGER_SCRIPTS}/
RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} && \
ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin && \
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-base b/dev-support/ranger-docker/Dockerfile.ranger-base
index 3fa657b..688eed4 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-base
+++ b/dev-support/ranger-docker/Dockerfile.ranger-base
@@ -45,6 +45,8 @@ RUN groupadd ranger && \
useradd -g hadoop -ms /bin/bash hive && \
useradd -g hadoop -ms /bin/bash hbase && \
useradd -g hadoop -ms /bin/bash kafka && \
+ groupadd knox && \
+ useradd -g knox -ms /bin/bash knox && \
mkdir -p /home/ranger/dist && \
mkdir -p /home/ranger/scripts && \
chown -R ranger:ranger /home/ranger && \
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-knox b/dev-support/ranger-docker/Dockerfile.ranger-knox
new file mode 100644
index 0000000..bc78af9
--- /dev/null
+++ b/dev-support/ranger-docker/Dockerfile.ranger-knox
@@ -0,0 +1,49 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ranger-base:latest
+
+ARG KNOX_VERSION
+ARG RANGER_VERSION
+
+
+COPY ./dist/version /home/ranger/dist/
+COPY ./dist/ranger-${RANGER_VERSION}-knox-plugin.tar.gz /home/ranger/dist/
+COPY ./downloads/knox-${KNOX_VERSION}.tar.gz /home/ranger/dist/
+
+COPY ./scripts/ranger-knox-setup.sh /home/ranger/scripts/
+COPY ./scripts/ranger-knox.sh /home/ranger/scripts/
+COPY ./scripts/ranger-knox-plugin-install.properties /home/ranger/scripts/
+COPY ./scripts/ranger-knox-expect.sh /home/ranger/scripts/
+COPY ./scripts/ranger-knox-sandbox.xml /home/ranger/scripts/
+
+RUN apt-get update && apt-get install -y expect && \
+ tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ && \
+ ln -s /opt/knox-${KNOX_VERSION} /opt/knox && \
+ rm -f /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz && \
+ tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-knox-plugin.tar.gz --directory=/opt/ranger && \
+ ln -s /opt/ranger/ranger-${RANGER_VERSION}-knox-plugin /opt/ranger/ranger-knox-plugin && \
+ rm -f /home/ranger/dist/ranger-${RANGER_VERSION}-knox-plugin.tar.gz && \
+ cp -f /home/ranger/scripts/ranger-knox-plugin-install.properties /opt/ranger/ranger-knox-plugin/install.properties && \
+ cp -f /home/ranger/scripts/ranger-knox-sandbox.xml /opt/knox/conf/topologies/sandbox.xml
+
+ENV KNOX_HOME /opt/knox
+ENV PATH /usr/java/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/knox/bin
+
+RUN chmod a+rwx /home/ranger/scripts/ranger-knox-expect.sh
+RUN /home/ranger/scripts/ranger-knox-expect.sh
+
+ENTRYPOINT [ "/home/ranger/scripts/ranger-knox.sh" ]
diff --git a/dev-support/ranger-docker/README.md b/dev-support/ranger-docker/README.md
index 6fb9659..77ae0ac 100644
--- a/dev-support/ranger-docker/README.md
+++ b/dev-support/ranger-docker/README.md
@@ -30,7 +30,7 @@ Docker files in this folder create docker images and run them to build Apache Ra
3. Update environment variables in .env file, if necessary
-4. Execute following command to download necessary archives to setup Ranger/HDFS/Hive/HBase/Kafka services:
+4. Execute following command to download necessary archives to setup Ranger/HDFS/Hive/HBase/Kafka/Knox services:
./download-archives.sh
5. Build and deploy Apache Ranger in containers using docker-compose
@@ -41,8 +41,8 @@ Docker files in this folder create docker images and run them to build Apache Ra
Time taken to complete the build might vary (upto an hour), depending on status of ${HOME}/.m2 directory cache.
- 5.2. Execute following command to start Ranger, Ranger enabled HDFS/YARN/HBase/Kafka and dependent services (Solr, DB) in containers:
+ 5.2. Execute following command to start Ranger, Ranger enabled HDFS/YARN/HBase/Hive/Kafka/Knox and dependent services (Solr, DB) in containers:
- docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hbase.yml -f docker-compose.ranger-kafka.yml -f docker-compose.ranger-hive.yml up -d
+ docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hbase.yml -f docker-compose.ranger-kafka.yml -f docker-compose.ranger-hive.yml -f docker-compose.ranger-knox.yml up -d
6. Ranger Admin can be accessed at http://localhost:6080 (admin/rangerR0cks!)
diff --git a/dev-support/ranger-docker/docker-compose.ranger-knox.yml b/dev-support/ranger-docker/docker-compose.ranger-knox.yml
new file mode 100644
index 0000000..5e84617
--- /dev/null
+++ b/dev-support/ranger-docker/docker-compose.ranger-knox.yml
@@ -0,0 +1,29 @@
+version: '3'
+services:
+ ranger-knox:
+ build:
+ context: .
+ dockerfile: Dockerfile.ranger-knox
+ args:
+ - KNOX_VERSION=${KNOX_VERSION}
+ - RANGER_VERSION=${RANGER_VERSION}
+ image: ranger-knox
+ container_name: ranger-knox
+ hostname: ranger-knox.example.com
+ stdin_open: true
+ tty: true
+ networks:
+ - ranger
+ ports:
+ - "8443:8443"
+ depends_on:
+ ranger:
+ condition: service_started
+ ranger-zk:
+ condition: service_started
+ environment:
+ - KNOX_VERSION
+ - RANGER_VERSION
+
+networks:
+ ranger:
diff --git a/dev-support/ranger-docker/download-archives.sh b/dev-support/ranger-docker/download-archives.sh
index e107be0..e37cc0e 100755
--- a/dev-support/ranger-docker/download-archives.sh
+++ b/dev-support/ranger-docker/download-archives.sh
@@ -49,4 +49,5 @@ downloadIfNotPresent kafka_2.12-${KAFKA_VERSION}.tgz https://archive.apac
downloadIfNotPresent apache-hive-${HIVE_VERSION}-bin.tar.gz https://archive.apache.org/dist/hive/hive-${HIVE_VERSION}
downloadIfNotPresent hadoop-${HIVE_HADOOP_VERSION}.tar.gz https://archive.apache.org/dist/hadoop/common/hadoop-${HIVE_HADOOP_VERSION}
downloadIfNotPresent postgresql-42.2.16.jre7.jar https://search.maven.org/remotecontent?filepath=org/postgresql/postgresql/42.2.16.jre7
+downloadIfNotPresent knox-${KNOX_VERSION}.tar.gz https://archive.apache.org/dist/knox/${KNOX_VERSION}
diff --git a/dev-support/ranger-docker/scripts/ranger-hadoop-mkdir.sh b/dev-support/ranger-docker/scripts/ranger-hadoop-mkdir.sh
index de16245..09bbc49 100755
--- a/dev-support/ranger-docker/scripts/ranger-hadoop-mkdir.sh
+++ b/dev-support/ranger-docker/scripts/ranger-hadoop-mkdir.sh
@@ -23,6 +23,7 @@ ${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/hbaseMaster
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/hbaseRegional
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/kafka
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/hiveServer2
+${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/knox
${HADOOP_HOME}/bin/hdfs dfs -chown hdfs:hadoop /ranger/audit/hdfs
${HADOOP_HOME}/bin/hdfs dfs -chown yarn:hadoop /ranger/audit/yarn
@@ -30,6 +31,7 @@ ${HADOOP_HOME}/bin/hdfs dfs -chown hbase:hadoop /ranger/audit/hbaseMaster
${HADOOP_HOME}/bin/hdfs dfs -chown hbase:hadoop /ranger/audit/hbaseRegional
${HADOOP_HOME}/bin/hdfs dfs -chown kafka:hadoop /ranger/audit/kafka
${HADOOP_HOME}/bin/hdfs dfs -chown hive:hadoop /ranger/audit/hiveServer2
+${HADOOP_HOME}/bin/hdfs dfs -chown knox:hadoop /ranger/audit/knox
# setup directories for HBase
${HADOOP_HOME}/bin/hdfs dfs -mkdir /hbase
diff --git a/dev-support/ranger-docker/scripts/ranger-hadoop-setup.sh b/dev-support/ranger-docker/scripts/ranger-hadoop-setup.sh
index fa22613..10f04ac 100755
--- a/dev-support/ranger-docker/scripts/ranger-hadoop-setup.sh
+++ b/dev-support/ranger-docker/scripts/ranger-hadoop-setup.sh
@@ -39,6 +39,10 @@ cat <<EOF > ${HADOOP_HOME}/etc/hadoop/hdfs-site.xml
<name>dfs.replication</name>
<value>1</value>
</property>
+ <property>
+ <name>dfs.webhdfs.enabled</name>
+ <value>true</value>
+ </property>
</configuration>
EOF
diff --git a/dev-support/ranger-docker/scripts/ranger-knox-expect.sh b/dev-support/ranger-docker/scripts/ranger-knox-expect.sh
new file mode 100644
index 0000000..b0890d6
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-knox-expect.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env expect
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+
+spawn /opt/knox/bin/knoxcli.sh create-master --force
+
+expect "Enter master secret:"
+send "admin\r"
+
+expect "Enter master secret again:"
+send "admin\r"
+
+expect "Master secret has been persisted to disk."
\ No newline at end of file
diff --git a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties
new file mode 100644
index 0000000..90ae0ba
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties
@@ -0,0 +1,76 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+POLICY_MGR_URL=http://ranger:6080
+REPOSITORY_NAME=dev_knox
+COMPONENT_INSTALL_DIR_NAME=/opt/knox
+
+CUSTOM_USER=knox
+CUSTOM_GROUP=knox
+
+XAAUDIT.SOLR.IS_ENABLED=true
+XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
+XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
+XAAUDIT.SOLR.SOLR_URL=http://ranger-solr:8983/solr/ranger_audits
+
+# Following properties are needed to get past installation script! Please don't remove
+XAAUDIT.HDFS.IS_ENABLED=false
+XAAUDIT.HDFS.DESTINATION_DIRECTORY=/ranger/audit
+XAAUDIT.HDFS.DESTINTATION_FILE=hadoop
+XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
+XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
+XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/knox/audit
+XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/knox/audit/archive
+XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
+XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
+XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
+
+XAAUDIT.SOLR.ENABLE=true
+XAAUDIT.SOLR.URL=http://ranger-solr:8983/solr/ranger_audits
+XAAUDIT.SOLR.USER=NONE
+XAAUDIT.SOLR.PASSWORD=NONE
+XAAUDIT.SOLR.ZOOKEEPER=NONE
+XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool
+
+XAAUDIT.ELASTICSEARCH.ENABLE=false
+XAAUDIT.ELASTICSEARCH.URL=NONE
+XAAUDIT.ELASTICSEARCH.USER=NONE
+XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
+XAAUDIT.ELASTICSEARCH.INDEX=NONE
+XAAUDIT.ELASTICSEARCH.PORT=NONE
+XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
+
+XAAUDIT.HDFS.ENABLE=true
+XAAUDIT.HDFS.HDFS_DIR=hdfs://ranger-hadoop:9000/ranger/audit
+XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hadoop/knox/audit/hdfs/spool
+
+XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
+XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
+
+XAAUDIT.LOG4J.ENABLE=false
+XAAUDIT.LOG4J.IS_ASYNC=false
+XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
+XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
+XAAUDIT.LOG4J.DESTINATION.LOG4J=false
+XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+
+SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit
diff --git a/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml b/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml
new file mode 100644
index 0000000..c6ae986
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml
@@ -0,0 +1,175 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<topology>
+
+ <gateway>
+
+ <provider>
+ <role>authentication</role>
+ <name>ShiroProvider</name>
+ <enabled>true</enabled>
+ <param>
+ <!--
+ session timeout in minutes, this is really idle timeout,
+ defaults to 30mins, if the property value is not defined,,
+ current client authentication would expire if client idles contiuosly for more than this value
+ -->
+ <name>sessionTimeout</name>
+ <value>30</value>
+ </param>
+ <param>
+ <name>main.ldapRealm</name>
+ <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value>
+ </param>
+ <param>
+ <name>main.ldapContextFactory</name>
+ <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory</name>
+ <value>$ldapContextFactory</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.userDnTemplate</name>
+ <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.url</name>
+ <value>ldap://localhost:33389</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+ <value>simple</value>
+ </param>
+ <param>
+ <name>urls./**</name>
+ <value>authcBasic</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>authorization</role>
+ <name>AclsAuthz</name>
+ <enabled>true</enabled>
+ </provider>
+
+ <provider>
+ <role>identity-assertion</role>
+ <name>Default</name>
+ <enabled>true</enabled>
+ </provider>
+
+ <provider>
+ <role>hostmap</role>
+ <name>static</name>
+ <enabled>true</enabled>
+ <param>
+ <name>localhost</name>
+ <value>sandbox,sandbox.hortonworks.com</value>
+ </param>
+ </provider>
+
+ </gateway>
+
+ <service>
+ <role>NAMENODE</role>
+ <url>hdfs://ranger-hadoop.example.com:8020</url>
+ </service>
+
+ <service>
+ <role>JOBTRACKER</role>
+ <url>rpc://ranger-hadoop.example.com:8050</url>
+ </service>
+
+ <service>
+ <role>WEBHDFS</role>
+ <url>http://ranger-hadoop.example.com:9870/webhdfs</url>
+ </service>
+
+ <service>
+ <role>WEBHCAT</role>
+ <url>http://ranger-hive.example.com:50111/templeton</url>
+ </service>
+
+ <service>
+ <role>OOZIE</role>
+ <url>http://localhost:11000/oozie</url>
+ <param>
+ <name>replayBufferSize</name>
+ <value>8</value>
+ </param>
+ </service>
+
+ <service>
+ <role>WEBHBASE</role>
+ <url>http://ranger-hbase.example.com:60080</url>
+ <param>
+ <name>replayBufferSize</name>
+ <value>8</value>
+ </param>
+ </service>
+
+ <service>
+ <role>HIVE</role>
+ <url>http://ranger-hive.example.com:10001/cliservice</url>
+ <param>
+ <name>replayBufferSize</name>
+ <value>8</value>
+ </param>
+ </service>
+
+ <service>
+ <role>RESOURCEMANAGER</role>
+ <url>http://ranger-hadoop.example.com:8088/ws</url>
+ </service>
+
+ <service>
+ <role>DRUID-COORDINATOR-UI</role>
+ <url>http://localhost:8081</url>
+ </service>
+
+ <service>
+ <role>DRUID-COORDINATOR</role>
+ <url>http://localhost:8081</url>
+ </service>
+
+ <service>
+ <role>DRUID-BROKER</role>
+ <url>http://localhost:8082</url>
+ </service>
+
+ <service>
+ <role>DRUID-ROUTER</role>
+ <url>http://localhost:8082</url>
+ </service>
+
+ <service>
+ <role>DRUID-OVERLORD</role>
+ <url>http://localhost:8090</url>
+ </service>
+
+ <service>
+ <role>DRUID-OVERLORD-UI</role>
+ <url>http://localhost:8090</url>
+ </service>
+
+ <service>
+ <role>HUE</role>
+ <url>http://localhost:8889</url>
+ </service>
+</topology>
diff --git a/dev-support/ranger-docker/scripts/ranger-knox-service-dev_knox.py b/dev-support/ranger-docker/scripts/ranger-knox-service-dev_knox.py
new file mode 100644
index 0000000..dceea53
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-knox-service-dev_knox.py
@@ -0,0 +1,8 @@
+from apache_ranger.model.ranger_service import RangerService
+from apache_ranger.client.ranger_client import RangerClient
+
+ranger_client = RangerClient('http://ranger:6080', ('admin', 'rangerR0cks!'))
+
+service = RangerService({'name': 'dev_knox', 'type': 'knox', 'configs': {'username':'knox', 'password':'knox', 'knox.url': 'http://ranger-hadoop:8088'}})
+
+ranger_client.create_service(service)
diff --git a/dev-support/ranger-docker/scripts/ranger-knox-setup.sh b/dev-support/ranger-docker/scripts/ranger-knox-setup.sh
new file mode 100755
index 0000000..c5c9bca
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-knox-setup.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cat <<EOF > /etc/ssh/ssh_config
+Host *
+ StrictHostKeyChecking no
+ UserKnownHostsFile=/dev/null
+EOF
+
+chown -R knox:knox /opt/knox/
+
+mkdir -p /opt/knox/logs
+chown -R knox:knox /opt/knox/
+chmod g+w /opt/knox/logs
+
+cd ${RANGER_HOME}/ranger-knox-plugin
+./enable-knox-plugin.sh
diff --git a/dev-support/ranger-docker/scripts/ranger-knox.sh b/dev-support/ranger-docker/scripts/ranger-knox.sh
new file mode 100755
index 0000000..7548ae6
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-knox.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+service ssh start
+
+if [ ! -e ${KNOX_HOME}/.setupDone ]
+then
+ su -c "ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa" knox
+ su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" knox
+ su -c "chmod 0600 ~/.ssh/authorized_keys" knox
+
+ echo "ssh" > /etc/pdsh/rcmd_default
+
+ ${RANGER_SCRIPTS}/ranger-knox-setup.sh
+
+ touch ${KNOX_HOME}/.setupDone
+fi
+
+su -c "${KNOX_HOME}/bin/ldap.sh start" knox
+
+su -c "${KNOX_HOME}/bin/gateway.sh start" knox
+
+KNOX_GATEWAY_PID=`ps -ef | grep -v grep | grep -i "gateway.jar" | awk '{print $2}'`
+
+# prevent the container from exiting
+tail --pid=$KNOX_GATEWAY_PID -f /dev/null
diff --git a/dev-support/ranger-docker/scripts/ranger.sh b/dev-support/ranger-docker/scripts/ranger.sh
index 04ac7cb..e2c0ddb 100755
--- a/dev-support/ranger-docker/scripts/ranger.sh
+++ b/dev-support/ranger-docker/scripts/ranger.sh
@@ -43,6 +43,7 @@ then
python3 ${RANGER_SCRIPTS}/ranger-hive-service-dev_hive.py
python3 ${RANGER_SCRIPTS}/ranger-hbase-service-dev_hbase.py
python3 ${RANGER_SCRIPTS}/ranger-kafka-service-dev_kafka.py
+ python3 ${RANGER_SCRIPTS}/ranger-knox-service-dev_knox.py
fi
RANGER_ADMIN_PID=`ps -ef | grep -v grep | grep -i "org.apache.ranger.server.tomcat.EmbeddedServer" | awk '{print $2}'`
diff --git a/distro/src/main/assembly/knox-agent.xml b/distro/src/main/assembly/knox-agent.xml
index 0532e5a..095ae1a 100644
--- a/distro/src/main/assembly/knox-agent.xml
+++ b/distro/src/main/assembly/knox-agent.xml
@@ -54,6 +54,7 @@
<directoryMode>755</directoryMode>
<fileMode>644</fileMode>
<includes>
+ <include>com.sun.jersey:jersey-client:jar:${jersey-bundle.version}</include>
<include>org.apache.commons:commons-configuration2</include>
<include>com.google.code.gson:gson*</include>
<include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
@@ -99,6 +100,7 @@
<includes>
<include>commons-cli:commons-cli</include>
<include>commons-collections:commons-collections</include>
+ <include>org.apache.commons:commons-lang3:jar:${commons.lang3.version}</include>
<include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
<include>commons-io:commons-io:jar:${commons.io.version}</include>
<include>commons-lang:commons-lang</include>
@@ -110,6 +112,7 @@
<include>org.codehaus.woodstox:stax2-api</include>
<include>com.fasterxml.woodstox:woodstox-core</include>
<include>org.apache.htrace:htrace-core4</include>
+ <include>org.apache.commons:commons-compress:jar:${commons.compress.version}</include>
</includes>
</binaries>
</moduleSet>
diff --git a/knox-agent/pom.xml b/knox-agent/pom.xml
index 638d277..5248d89 100644
--- a/knox-agent/pom.xml
+++ b/knox-agent/pom.xml
@@ -57,6 +57,12 @@
<artifactId>jersey-client</artifactId>
</dependency>
<dependency>
+ <groupId>com.sun.jersey</groupId>
+ <artifactId>jersey-client</artifactId>
+ <type>jar</type>
+ <version>${jersey-bundle.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
[ranger] 03/03: RANGER-3564: fixed failure in installation of Ranger plugin for HDFS
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 71218abafbc774ae5d6770e05f2a70435b17ac8e
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Thu Dec 30 01:38:55 2021 -0800
RANGER-3564: fixed failure in installation of Ranger plugin for HDFS
(cherry picked from commit ca37ccd0d245e17d918b8278342c074522ed32bd)
---
distro/src/main/assembly/hdfs-agent.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/distro/src/main/assembly/hdfs-agent.xml b/distro/src/main/assembly/hdfs-agent.xml
index f738ae6..cb57854 100644
--- a/distro/src/main/assembly/hdfs-agent.xml
+++ b/distro/src/main/assembly/hdfs-agent.xml
@@ -52,6 +52,8 @@
<include>commons-cli:commons-cli</include>
<include>commons-collections:commons-collections</include>
<include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
+ <include>org.apache.commons:commons-lang3:jar:${commons.lang3.version}</include>
+ <include>org.apache.commons:commons-compress:jar:${commons.compress.version}</include>
<include>commons-io:commons-io:jar:${commons.io.version}</include>
<include>commons-lang:commons-lang</include>
<include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
@@ -60,6 +62,7 @@
<include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
<include>org.codehaus.woodstox:stax2-api</include>
+ <include>org.apache.htrace:htrace-core4</include>
<include>com.fasterxml.woodstox:woodstox-core</include>
</includes>
</binaries>
[ranger] 02/03: RANGER-3563: fixed plugin installation failure in docker due to recent changes in RANGER-3540
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit acde646a57070584ef23b6320f0512d6d91504fd
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Wed Dec 29 19:20:11 2021 -0800
RANGER-3563: fixed plugin installation failure in docker due to recent changes in RANGER-3540
(cherry picked from commit 50959d7defd28f0c40226f11bd5beeb3481bda0e)
---
.../ranger-docker/scripts/ranger-hbase-plugin-install.properties | 6 ++++++
.../ranger-docker/scripts/ranger-hdfs-plugin-install.properties | 6 ++++++
.../ranger-docker/scripts/ranger-hive-plugin-install.properties | 6 ++++++
.../ranger-docker/scripts/ranger-kafka-plugin-install.properties | 6 ++++++
.../ranger-docker/scripts/ranger-knox-plugin-install.properties | 6 ++++++
.../ranger-docker/scripts/ranger-yarn-plugin-install.properties | 6 ++++++
6 files changed, 36 insertions(+)
diff --git a/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties
index eda6c8f..11734b3 100644
--- a/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties
@@ -73,6 +73,12 @@ XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
diff --git a/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties
index 806a83c..83b1710 100644
--- a/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties
@@ -70,6 +70,12 @@ XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
diff --git a/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties
index 0cca7c2..1a5dde9 100644
--- a/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties
@@ -71,6 +71,12 @@ XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks
diff --git a/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties
index 028c8b5..fb9900c 100644
--- a/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties
@@ -73,6 +73,12 @@ XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
diff --git a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties
index 90ae0ba..2e05dda 100644
--- a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties
@@ -70,6 +70,12 @@ XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
diff --git a/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties
index 1ff6127..52ebb83 100644
--- a/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties
@@ -70,6 +70,12 @@ XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks