You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mu...@apache.org on 2017/01/17 12:45:42 UTC
[2/4] ambari git commit: AMBARI-19044 Install & configure Ranger
plugin components independently of Ranger admin components (mugdha)
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index d07134e..d1a76cc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -452,14 +452,6 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
if webhcat_queue is not None:
putWebhcatSiteProperty("templeton.hadoop.queue.name", webhcat_queue)
-
- # Recommend Ranger Hive authorization as per Ranger Hive plugin property
- if "ranger-env" in services["configurations"] and "hive-env" in services["configurations"] and \
- "ranger-hive-plugin-enabled" in services["configurations"]["ranger-env"]["properties"]:
- rangerEnvHivePluginProperty = services["configurations"]["ranger-env"]["properties"]["ranger-hive-plugin-enabled"]
- if (rangerEnvHivePluginProperty.lower() == "yes"):
- putHiveEnvProperty("hive_security_authorization", "RANGER")
-
# Security
if ("configurations" not in services) or ("hive-env" not in services["configurations"]) or \
("properties" not in services["configurations"]["hive-env"]) or \
@@ -1178,9 +1170,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateHDFSRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-hdfs-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-hdfs-plugin-enabled'] if ranger_plugin_properties else 'No'
- if (ranger_plugin_enabled.lower() == 'yes'):
+ if 'RANGER' in servicesList and (ranger_plugin_enabled.lower() == 'yes'):
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-hdfs-plugin-enabled' in ranger_env or \
@@ -1410,6 +1403,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
validationItems = []
hive_env = properties
hive_site = getSiteProperties(configurations, "hive-site")
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
if "hive_security_authorization" in hive_env and \
str(hive_env["hive_security_authorization"]).lower() == "none" \
and str(hive_site["hive.security.authorization.enabled"]).lower() == "true":
@@ -1419,12 +1413,13 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
if "hive_security_authorization" in hive_env and \
str(hive_env["hive_security_authorization"]).lower() == "ranger":
# ranger-hive-plugin must be enabled in ranger-env
- ranger_env = getServicesSiteProperties(services, 'ranger-env')
- if not ranger_env or not 'ranger-hive-plugin-enabled' in ranger_env or \
- ranger_env['ranger-hive-plugin-enabled'].lower() != 'yes':
- validationItems.append({"config-name": 'hive_security_authorization',
- "item": self.getWarnItem(
- "ranger-env/ranger-hive-plugin-enabled must be enabled when hive_security_authorization is set to Ranger")})
+ if 'RANGER' in servicesList:
+ ranger_env = getServicesSiteProperties(services, 'ranger-env')
+ if not ranger_env or not 'ranger-hive-plugin-enabled' in ranger_env or \
+ ranger_env['ranger-hive-plugin-enabled'].lower() != 'yes':
+ validationItems.append({"config-name": 'hive_security_authorization',
+ "item": self.getWarnItem(
+ "ranger-env/ranger-hive-plugin-enabled must be enabled when hive_security_authorization is set to Ranger")})
return self.toConfigurationValidationProblems(validationItems, "hive-env")
def validateHiveConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
@@ -1578,9 +1573,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateHBASERangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-hbase-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-hbase-plugin-enabled'] if ranger_plugin_properties else 'No'
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-hbase-plugin-enabled' in ranger_env or \
@@ -1592,9 +1588,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateKnoxRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-knox-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-knox-plugin-enabled'] if ranger_plugin_properties else 'No'
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-knox-plugin-enabled' in ranger_env or \
@@ -1610,7 +1607,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
ranger_plugin_enabled = ranger_plugin_properties['ranger-kafka-plugin-enabled'] if ranger_plugin_properties else 'No'
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
security_enabled = self.isSecurityEnabled(services)
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-kafka-plugin-enabled' in ranger_env or \
@@ -1631,7 +1628,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
ranger_plugin_enabled = ranger_plugin_properties['ranger-storm-plugin-enabled'] if ranger_plugin_properties else 'No'
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
security_enabled = self.isSecurityEnabled(services)
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-storm-plugin-enabled' in ranger_env or \
@@ -1664,9 +1661,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
def validateYARNRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
ranger_plugin_properties = getSiteProperties(configurations, "ranger-yarn-plugin-properties")
ranger_plugin_enabled = ranger_plugin_properties['ranger-yarn-plugin-enabled'] if ranger_plugin_properties else 'No'
- if ranger_plugin_enabled.lower() == 'yes':
+ if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes':
# ranger-hdfs-plugin must be enabled in ranger-env
ranger_env = getServicesSiteProperties(services, 'ranger-env')
if not ranger_env or not 'ranger-yarn-plugin-enabled' in ranger_env or \
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
index 85c16c8..f670d7e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hbase/audit/db/spool</value>
<description>/var/log/hbase/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hbase/audit/hdfs/spool</value>
<description>/var/log/hbase/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hbase/audit/solr/spool</value>
<description>/var/log/hbase/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
index c761b26..79370bc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hbase-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hbase-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
index 1deb9e5..0ad5e60 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml
@@ -23,37 +23,43 @@
<name>ranger.plugin.hbase.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing HBase policies</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.hbase.policy.rest.ssl.config.file</name>
<value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hbase.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.hbase.update.xapolicies.on.grant.revoke</name>
@@ -63,6 +69,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
index 71ba3a6..e14a9e8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
index cfd8a4f..b2b8edb 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml
@@ -23,42 +23,48 @@
<name>ranger.plugin.hdfs.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing Hdfs policies</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.hdfs.policy.rest.ssl.config.file</name>
<value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hdfs.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.add-hadoop-authorization</name>
<value>true</value>
<description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
index b210fca..874d0d5 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hive/audit/db/spool</value>
<description>/var/log/hive/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hive/audit/hdfs/spool</value>
<description>/var/log/hive/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hive/audit/solr/spool</value>
<description>/var/log/hive/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
index a538843..14e7b16 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hive-server2/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hive-server2/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
index ce4074a..a07972a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml
@@ -23,37 +23,43 @@
<name>ranger.plugin.hive.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this HIVE instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.hive.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/hive-server2/conf/conf.server/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.hive.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.hive.update.xapolicies.on.grant.revoke</name>
@@ -63,6 +69,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
index 24fd407..2f4c121 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
@@ -23,12 +23,12 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/kafka-broker/config/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/kafka-broker/config/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
index 1f3c1d1..abdf2bd 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/knox/audit/db/spool</value>
<description>/var/log/knox/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/knox/audit/hdfs/spool</value>
<description>/var/log/knox/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/knox/audit/solr/spool</value>
<description>/var/log/knox/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
index bb0878f..6cc2351 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/knox-server/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/knox-server/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
index 9bd1079..0f0d3a7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml
@@ -23,36 +23,42 @@
<name>ranger.plugin.knox.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this Knox instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminJersey2RESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.knox.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/knox-server/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.knox.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
index 5672f04..21658e7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml
@@ -23,12 +23,12 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/storm-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/storm-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
index f3d7530..8a3dd2e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml
@@ -23,6 +23,6 @@
<name>ranger.plugin.storm.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/storm-client/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
index a6b1baa..8237f1c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
@@ -23,7 +23,7 @@
<name>xasecure.audit.is.enabled</name>
<value>true</value>
<description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db</name>
@@ -39,19 +39,19 @@
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.url</name>
<value>{{audit_jdbc_url}}</value>
<description>Audit DB JDBC URL</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.user</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit DB JDBC User</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.password</name>
@@ -61,25 +61,25 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.jdbc.driver</name>
<value>{{jdbc_driver}}</value>
<description>Audit DB JDBC Driver</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.credential.provider.file</name>
<value>jceks://file{{credential_file}}</value>
<description>Credential file store</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.db.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/db/spool</value>
<description>/var/log/hadoop/yarn/audit/db/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs</name>
@@ -95,7 +95,7 @@
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.dir</name>
@@ -107,13 +107,13 @@
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/hdfs/spool</value>
<description>/var/log/hadoop/yarn/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr</name>
@@ -129,7 +129,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
@@ -144,7 +144,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
@@ -156,13 +156,13 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hadoop/yarn/audit/solr/spool</value>
<description>/var/log/hadoop/yarn/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.audit.provider.summary.enabled</name>
@@ -172,6 +172,6 @@
<value-attributes>
<type>boolean</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
index 97867cc..1899d44 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml
@@ -24,7 +24,7 @@
<value>ambari-qa</value>
<display-name>Policy user for YARN</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>hadoop.rpc.protection</name>
@@ -33,7 +33,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>common.name.for.certificate</name>
@@ -42,7 +42,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger-yarn-plugin-enabled</name>
@@ -59,14 +59,14 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>yarn</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
@@ -77,6 +77,6 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
index 5410104..6ad6e62 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
@@ -23,7 +23,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.password</name>
@@ -33,13 +33,13 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.password</name>
@@ -49,18 +49,18 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
index 5f69962..3c0b29f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml
@@ -23,36 +23,42 @@
<name>ranger.plugin.yarn.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing policies for this Yarn instance</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.yarn.policy.rest.ssl.config.file</name>
<value>/etc/hadoop/conf/ranger-policymgr-ssl-yarn.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.yarn.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index d986f1a..03bbdbe 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -777,6 +777,40 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port']
putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port))
+ required_services = [
+ {'service_name': 'HDFS', 'config_type': 'ranger-hdfs-security'},
+ {'service_name': 'YARN', 'config_type': 'ranger-yarn-security'},
+ {'service_name': 'HBASE', 'config_type': 'ranger-hbase-security'},
+ {'service_name': 'HIVE', 'config_type': 'ranger-hive-security'},
+ {'service_name': 'KNOX', 'config_type': 'ranger-knox-security'},
+ {'service_name': 'KAFKA', 'config_type': 'ranger-kafka-security'},
+ {'service_name': 'RANGER_KMS','config_type': 'ranger-kms-security'},
+ {'service_name': 'STORM', 'config_type': 'ranger-storm-security'}
+ ]
+
+ # recommendation for ranger url for ranger-supported plugins
+ self.recommendRangerUrlConfigurations(configurations, services, required_services)
+
+ def recommendRangerUrlConfigurations(self, configurations, services, requiredServices):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+
+ policymgr_external_url = ""
+ if 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties']:
+ if 'admin-properties' in configurations and 'policymgr_external_url' in configurations['admin-properties']['properties']:
+ policymgr_external_url = configurations['admin-properties']['properties']['policymgr_external_url']
+ else:
+ policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url']
+
+ for index in range(len(requiredServices)):
+ if requiredServices[index]['service_name'] in servicesList:
+ component_config_type = requiredServices[index]['config_type']
+ component_name = requiredServices[index]['service_name']
+ component_config_property = 'ranger.plugin.{0}.policy.rest.url'.format(component_name.lower())
+ if requiredServices[index]['service_name'] == 'RANGER_KMS':
+ component_config_property = 'ranger.plugin.kms.policy.rest.url'
+ putRangerSecurityProperty = self.putProperty(configurations, component_config_type, services)
+ if component_config_type in services["configurations"] and component_config_property in services["configurations"][component_config_type]["properties"]:
+ putRangerSecurityProperty(component_config_property, policymgr_external_url)
def recommendYARNConfigurations(self, configurations, clusterData, services, hosts):
super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts)
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
index 36677a1..efeea5f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
@@ -78,7 +78,7 @@
<name>xasecure.audit.destination.solr</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -94,7 +94,7 @@
<name>ranger.audit.solr.urls</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -107,7 +107,7 @@
<name>ranger.audit.solr.zookeepers</name>
</property>
</depends-on>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
index fd623cb..977127c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml
@@ -26,7 +26,7 @@
<display-name>Policy user for Atlas</display-name>
<description>This user must be system user and also present at Ranger
admin portal</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -36,7 +36,7 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -54,7 +54,7 @@
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -63,7 +63,7 @@
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin
</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -76,7 +76,55 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
index dcffb63..349c829 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml
@@ -24,7 +24,7 @@
<name>xasecure.policymgr.clientssl.keystore</name>
<value>/usr/hdp/current/atlas-server/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -35,14 +35,14 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
<value>/usr/hdp/current/atlas-server/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
@@ -53,21 +53,21 @@
<value-attributes>
<type>password</type>
</value-attributes>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
<value>jceks://file{{credential_file}}</value>
<description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
index ea0a026..c5588d1 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml
@@ -23,49 +23,55 @@
<name>ranger.plugin.atlas.service.name</name>
<value>{{repo_name}}</value>
<description>Name of the Ranger service containing Atlas policies</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.rest.url</name>
<value>{{policymgr_mgr_url}}</value>
<description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>ranger.plugin.atlas.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/atlas-server/conf/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.pollIntervalMs</name>
<value>30000</value>
<description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>ranger.plugin.atlas.policy.cache.dir</name>
<value>/etc/ranger/{{repo_name}}/policycache</value>
<description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
<property>
<name>xasecure.add-hadoop-authorization</name>
<value>true</value>
<description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
index 77f7be2..953e42e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
@@ -26,6 +26,54 @@
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
- <on-ambari-upgrade add="false" />
+ <on-ambari-upgrade add="true" />
+ </property>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
index 1d1b0c2..640234b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml
@@ -23,6 +23,6 @@
<name>ranger.plugin.hive.policy.rest.ssl.config.file</name>
<value>/usr/hdp/current/{{ranger_hive_component}}/conf/conf.server/ranger-policymgr-ssl.xml</value>
<description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
+ <on-ambari-upgrade add="true"/>
</property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7edd6df9/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
new file mode 100644
index 0000000..3450970
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>external_admin_username</name>
+ <value></value>
+ <display-name>External Ranger admin username</display-name>
+ <description>Add ranger default admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_admin_password</name>
+ <value></value>
+ <display-name>External Ranger admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_username</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin username</display-name>
+ <description>Add ranger default ambari admin username if want to communicate to external ranger</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+ <property>
+ <name>external_ranger_admin_password</name>
+ <value></value>
+ <display-name>External Ranger Ambari admin password</display-name>
+ <property-type>PASSWORD</property-type>
+ <description>Add ranger default ambari admin password if want to communicate to external ranger</description>
+ <value-attributes>
+ <type>password</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+
+</configuration>
\ No newline at end of file