You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2015/06/01 11:07:03 UTC
ambari git commit: AMBARI-11537. AMBARI-11537 : Fixes required for
SSL Issues on Ranger with new properties (aonishuk)
Repository: ambari
Updated Branches:
refs/heads/trunk 933745e2e -> 60ea8dbf5
AMBARI-11537. AMBARI-11537 : Fixes required for SSL Issues on Ranger with new properties (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/60ea8dbf
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/60ea8dbf
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/60ea8dbf
Branch: refs/heads/trunk
Commit: 60ea8dbf5457267d5754c72e6a15c7ba010efd56
Parents: 933745e
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Mon Jun 1 12:06:51 2015 +0300
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Mon Jun 1 12:06:51 2015 +0300
----------------------------------------------------------------------
.../functions/setup_ranger_plugin_xml.py | 6 +-
.../0.4.0/configuration/admin-properties.xml | 4 +-
.../RANGER/0.4.0/package/scripts/params.py | 5 +
.../0.4.0/package/scripts/service_check.py | 23 +-
.../0.4.0/package/scripts/setup_ranger_xml.py | 22 +-
.../configuration/ranger-kms-audit.xml | 6 +
.../configuration/ranger-kms-policymgr-ssl.xml | 4 +-
.../0.5.0.2.3/configuration/ranger-kms-site.xml | 7 +-
.../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 8 +-
.../0.5.0.2.3/package/scripts/params.py | 4 +-
.../HBASE/configuration/ranger-hbase-audit.xml | 6 +
.../ranger-hbase-policymgr-ssl.xml | 4 +-
.../HDFS/configuration/ranger-hdfs-audit.xml | 10 +-
.../configuration/ranger-hdfs-policymgr-ssl.xml | 4 +-
.../HIVE/configuration/ranger-hive-audit.xml | 6 +
.../configuration/ranger-hive-policymgr-ssl.xml | 4 +-
.../KAFKA/configuration/ranger-kafka-audit.xml | 6 +
.../ranger-kafka-policymgr-ssl.xml | 4 +-
.../KNOX/configuration/ranger-knox-audit.xml | 6 +
.../RANGER/configuration/ranger-admin-site.xml | 2 +-
.../RANGER/configuration/ranger-ugsync-site.xml | 9 +-
.../STORM/configuration/ranger-storm-audit.xml | 6 +
.../YARN/configuration/ranger-yarn-audit.xml | 10 +-
.../configuration/ranger-yarn-policymgr-ssl.xml | 4 +-
.../stacks/2.2/RANGER/test_ranger_admin.py | 12 +-
.../stacks/2.2/RANGER/test_ranger_usersync.py | 12 +-
.../2.2/configs/ranger-admin-default.json | 306 +++++++++++++++++++
.../2.2/configs/ranger-admin-secured.json | 180 +++++++++++
ambari-web/app/data/HDP2.3/site_properties.js | 10 +
29 files changed, 626 insertions(+), 64 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
index cfa51da..1a24723 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
@@ -150,13 +150,13 @@ def setup_ranger_plugin_keystore(service_name, audit_db_is_enabled, hdp_version,
cred_setup_prefix = format('python /usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py -l "{cred_lib_path}"')
if audit_db_is_enabled:
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
File(credential_file,
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
index 1862f37..0d7457f 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml
@@ -98,8 +98,8 @@
<property>
<name>policymgr_external_url</name>
- <value>http://localhost:6080</value>
- <description>Policy Manager external url</description>
+ <value></value>
+ <description>Policy Manager external url eg: http://RANGER_HOST:6080</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 7a6dacf..5c1b5a7 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -142,3 +142,8 @@ if xml_configurations_supported:
ranger_usersync_keystore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.password"])
ranger_usersync_ldap_ldapbindpassword = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.ldapbindpassword"])
ranger_usersync_truststore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.truststore.password"])
+ ranger_usersync_keystore_file = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.file"]
+ default_dn_name = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
+
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
+is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py
index 0a2f5ae..85ac6f5 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py
@@ -29,21 +29,18 @@ class RangerServiceCheck(Script):
import params
env.set_params(params)
- self.check_ranger_admin_service()
- self.check_ranger_usersync_service()
+ self.check_ranger_admin_service(params.ranger_external_url)
+ if not params.is_ranger_ha_enabled:
+ self.check_ranger_usersync_service()
- def check_ranger_admin_service(self):
- cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
- code, output = shell.call(cmd, timeout=20)
- if code == 0:
- Logger.info('Ranger admin process up and running')
+ def check_ranger_admin_service(self, ranger_external_url):
+ if (self.is_ru_rangeradmin_in_progress()):
+ Logger.info('Ranger admin process not running - skipping as rolling upgrade is in progress')
else:
- if (self.is_ru_rangeradmin_in_progress()):
- Logger.info('Ranger admin process not running - skipping as rolling upgrade is in progress')
- else:
- Logger.debug('Ranger admin process not running')
- raise ComponentIsNotRunning()
-
+ Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp | grep 200"),
+ tries = 10,
+ try_sleep=3,
+ logoutput=True)
def check_ranger_usersync_service(self):
cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index d845eb4..0b366ef 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -169,7 +169,7 @@ def do_keystore_setup(rolling_upgrade=False):
if not is_empty(params.ranger_credential_provider_path):
jceks_path = params.ranger_credential_provider_path
- cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_jdbc_credential_alias}" -v "{ranger_ambari_db_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_jdbc_credential_alias}" -v "{ranger_ambari_db_password!p}" -c 1')
Execute(cred_setup, environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
@@ -180,7 +180,7 @@ def do_keystore_setup(rolling_upgrade=False):
if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
jceks_path = params.ranger_credential_provider_path
- cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_audit_jdbc_credential_alias}" -v "{ranger_ambari_audit_db_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_audit_jdbc_credential_alias}" -v "{ranger_ambari_audit_db_password!p}" -c 1')
Execute(cred_setup, environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
@@ -214,13 +214,13 @@ def setup_usersync():
cred_lib = os.path.join(params.usersync_home,"lib","*")
- cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync_ssl_key_password" -v "{ranger_usersync_keystore_password}" -c 1')
+ cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.key.password" -v "{ranger_usersync_keystore_password!p}" -c 1')
Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
- cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "ranger.usersync.ldap.bindalias" -v "{ranger_usersync_ldap_ldapbindpassword}" -c 1')
+ cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "ranger.usersync.ldap.bindalias" -v "{ranger_usersync_ldap_ldapbindpassword!p}" -c 1')
Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
- cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.truststore.password" -v "{ranger_usersync_truststore_password}" -c 1')
+ cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.truststore.password" -v "{ranger_usersync_truststore_password!p}" -c 1')
Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
File(params.ugsync_jceks_path,
@@ -240,4 +240,14 @@ def setup_usersync():
Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
not_if=format("ls /usr/bin/ranger-usersync"),
only_if=format("ls {usersync_services_file}"),
- sudo=True)
+ sudo=True)
+
+ if not os.path.isfile(params.ranger_usersync_keystore_file):
+ cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass '{ranger_usersync_keystore_password!p}' -storepass '{ranger_usersync_keystore_password!p}' -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
+
+ Execute(cmd, logoutput=True)
+
+ File(params.ranger_usersync_keystore_file,
+ owner = params.unix_user,
+ group = params.unix_group
+ )
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
index 7052dbc..661f818 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/kms/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml
index b0f56a5..fb4a4e6 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/ranger/kms/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/ranger-kms/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/ranger/kms/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/ranger-kms/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml
index 5446dcd..0cdc653 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml
@@ -27,7 +27,12 @@
<property>
<name>ranger.service.http.port</name>
- <value>9292</value>
+ <value>{{kms_port}}</value>
+ </property>
+
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>9393</value>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 9f274bc..a8db58a 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -99,7 +99,7 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password)
import params
if cred_provider_path is not None:
- cred_setup = format('{cred_setup_prefix} -f {cred_provider_path} -k "{credential_alias}" -v "{credential_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {cred_provider_path} -k "{credential_alias}" -v "{credential_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
@@ -267,13 +267,13 @@ def enable_kms_plugin():
mode=0744)
if params.xa_audit_db_is_enabled:
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
- cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password}" -c 1')
+ cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password!p}" -c 1')
Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
File(params.credential_file,
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index 9b806eb..a3ea0ce 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -36,7 +36,7 @@ stack_is_hdp23_or_further = Script.is_hdp_stack_greater_or_equal("2.3")
if stack_is_hdp23_or_further:
kms_home = '/usr/hdp/current/ranger-kms'
- kms_conf_dir = '/etc/ranger/kms/conf'
+ kms_conf_dir = '/usr/hdp/current/ranger-kms/conf'
kms_log_dir = config['configurations']['kms-env']['kms_log_dir']
java_home = config['hostLevelParams']['java_home']
@@ -65,7 +65,7 @@ masterkey_alias = config['configurations']['dbks-site']['ranger.ks.masterkey.cre
repo_name = str(config['clusterName']) + '_kms'
cred_lib_path = os.path.join(kms_home,"cred","lib","*")
cred_setup_prefix = format('python {kms_home}/ranger_credential_helper.py -l "{cred_lib_path}"')
-credential_file = format('/etc/ranger/kms/{repo_name}/cred.jceks')
+credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
if has_ranger_admin:
policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
index b7f80b9..d064065 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/hbase/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
index 43d5050..1254902 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/hbase/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/hbase/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
index a2b6362..8f8de30 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/hadoop/hdfs/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
@@ -76,7 +82,7 @@
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
- <value>/var/log/hadoop/audit/hdfs/spool</value>
+ <value>/var/log/hadoop/hdfs/audit/hdfs/spool</value>
<description></description>
</property>
@@ -100,7 +106,7 @@
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
- <value>/var/log/hadoop/audit/solr/spool</value>
+ <value>/var/log/hadoop/hdfs/audit/solr/spool</value>
<description></description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
index 0c57c23..5c8d400 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
index 057978f..1106efa 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/hive/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
index 12c4c51..401fa48 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/hive/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/hive-server2/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/hive/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/hive-server2/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
index 6aa5101..864d81b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/kafka/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
index ecf0cc0..6cdd80a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/kafka/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/kafka-broker/config/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/kafka/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/kafka-broker/config/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
index d20a68b..a70bfc6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/knox/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
index b9da3a5..c76afd5 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
@@ -50,7 +50,7 @@
<property>
<name>ranger.service.https.attrib.clientAuth</name>
- <value>false</value>
+ <value>want</value>
<description></description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
index acd77a1..d4cdfd7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -32,7 +32,7 @@
<property>
<name>ranger.usersync.keystore.file</name>
- <value>./conf/cert/unixauthservice.jks</value>
+ <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
<description></description>
</property>
@@ -45,7 +45,7 @@
<property>
<name>ranger.usersync.truststore.file</name>
- <value>./conf/cert/mytruststore.jks</value>
+ <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
<description></description>
</property>
@@ -136,7 +136,8 @@
<property>
<name>ranger.usersync.ldap.ldapbindpassword</name>
- <value>admin321</value>
+ <value></value>
+ <property-type>PASSWORD</property-type>
<description></description>
</property>
@@ -274,7 +275,7 @@
<property>
<name>ranger.usersync.credstore.filename</name>
- <value>/etc/ranger/usersync/ugsync.jceks</value>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
<description></description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
index ad08922..7552043 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/storm/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
index 776b000..2cc354a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml
@@ -63,6 +63,12 @@
</property>
<property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/var/log/hadoop/yarn/audit/db/spool</value>
+ <description></description>
+ </property>
+
+ <property>
<name>xasecure.audit.destination.hdfs</name>
<value>true</value>
<description></description>
@@ -76,7 +82,7 @@
<property>
<name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
- <value>/var/log/yarn/audit/hdfs/spool</value>
+ <value>/var/log/hadoop/yarn/audit/hdfs/spool</value>
<description></description>
</property>
@@ -100,7 +106,7 @@
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
- <value>/var/log/yarn/audit/solr/spool</value>
+ <value>/var/log/hadoop/yarn/audit/solr/spool</value>
<description></description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
index 026c80b..32154f3 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml
@@ -22,7 +22,7 @@
<property>
<name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+ <value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-keystore.jks</value>
<description>Java Keystore files</description>
</property>
@@ -34,7 +34,7 @@
<property>
<name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+ <value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-truststore.jks</value>
<description>java truststore file</description>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
index 8448bf5..5413342 100644
--- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
+++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py
@@ -29,7 +29,7 @@ class TestRangerAdmin(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
classname = "RangerAdmin",
command = "configure",
- config_file="default.json",
+ config_file="ranger-admin-default.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -40,7 +40,7 @@ class TestRangerAdmin(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
classname = "RangerAdmin",
command = "start",
- config_file="default.json",
+ config_file="ranger-admin-default.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -56,7 +56,7 @@ class TestRangerAdmin(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
classname = "RangerAdmin",
command = "stop",
- config_file="default.json",
+ config_file="ranger-admin-default.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -70,7 +70,7 @@ class TestRangerAdmin(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
classname = "RangerAdmin",
command = "configure",
- config_file="secured.json",
+ config_file="ranger-admin-secured.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -81,7 +81,7 @@ class TestRangerAdmin(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
classname = "RangerAdmin",
command = "start",
- config_file="secured.json",
+ config_file="ranger-admin-secured.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -97,7 +97,7 @@ class TestRangerAdmin(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
classname = "RangerAdmin",
command = "stop",
- config_file="secured.json",
+ config_file="ranger-admin-secured.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
index 6464efc..48358cc 100644
--- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
+++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py
@@ -30,7 +30,7 @@ class TestRangerUsersync(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
classname = "RangerUsersync",
command = "configure",
- config_file="default.json",
+ config_file="ranger-admin-default.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -41,7 +41,7 @@ class TestRangerUsersync(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
classname = "RangerUsersync",
command = "start",
- config_file="default.json",
+ config_file="ranger-admin-default.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -57,7 +57,7 @@ class TestRangerUsersync(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
classname = "RangerUsersync",
command = "stop",
- config_file="default.json",
+ config_file="ranger-admin-default.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -71,7 +71,7 @@ class TestRangerUsersync(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
classname = "RangerUsersync",
command = "configure",
- config_file="secured.json",
+ config_file="ranger-admin-secured.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -82,7 +82,7 @@ class TestRangerUsersync(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
classname = "RangerUsersync",
command = "start",
- config_file="secured.json",
+ config_file="ranger-admin-secured.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
@@ -98,7 +98,7 @@ class TestRangerUsersync(RMFTestCase):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
classname = "RangerUsersync",
command = "stop",
- config_file="secured.json",
+ config_file="ranger-admin-secured.json",
hdp_stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json b/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json
new file mode 100644
index 0000000..f012a17
--- /dev/null
+++ b/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-default.json
@@ -0,0 +1,306 @@
+{
+ "roleCommand": "SERVICE_CHECK",
+ "clusterName": "c1",
+ "hostname": "c6401.ambari.apache.org",
+ "hostLevelParams": {
+ "jdk_location": "http://c6401.ambari.apache.org:8080/resources/",
+ "ambari_db_rca_password": "mapred",
+ "ambari_db_rca_url": "jdbc:postgresql://c6401.ambari.apache.org/ambarirca",
+ "jce_name": "UnlimitedJCEPolicyJDK7.zip",
+ "stack_version": "2.2",
+ "stack_name": "HDP",
+ "ambari_db_rca_driver": "org.postgresql.Driver",
+ "jdk_name": "jdk-7u67-linux-x64.tar.gz",
+ "ambari_db_rca_username": "mapred",
+ "java_home": "/usr/jdk64/jdk1.7.0_45",
+ "java_version": "8",
+ "db_name": "ambari"
+ },
+ "commandType": "EXECUTION_COMMAND",
+ "roleParams": {},
+ "serviceName": "SLIDER",
+ "role": "SLIDER",
+ "commandParams": {
+ "version": "2.2.1.0-2067",
+ "command_timeout": "300",
+ "service_package_folder": "OOZIE",
+ "script_type": "PYTHON",
+ "script": "scripts/service_check.py",
+ "excluded_hosts": "host1,host2"
+ },
+ "taskId": 152,
+ "public_hostname": "c6401.ambari.apache.org",
+ "configurations": {
+ "admin-properties": {
+ "authentication_method": "UNIX",
+ "db_root_user": "root",
+ "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"",
+ "audit_db_name": "ranger_audit",
+ "xa_ldap_ad_domain": "\"xasecure.net\"",
+ "remoteLoginEnabled": "true",
+ "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar",
+ "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"",
+ "SQL_COMMAND_INVOKER": "mysql",
+ "db_user": "rangeradmin",
+ "db_password": "aa",
+ "authServicePort": "5151",
+ "audit_db_password": "aa",
+ "DB_FLAVOR": "MYSQL",
+ "audit_db_user": "rangerlogger",
+ "db_root_password": "aa",
+ "xa_ldap_url": "\"ldap://71.127.43.33:389\"",
+ "db_name": "ranger",
+ "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"",
+ "authServiceHostName": "localhost",
+ "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"",
+ "policymgr_external_url": "http://localhost:6080",
+ "policymgr_http_enabled": "true",
+ "db_host": "localhost",
+ "xa_ldap_groupRoleAttribute": "\"cn\""
+ },
+ "ranger-site": {
+ "http.enabled": "true",
+ "http.service.port": "6080",
+ "https.attrib.keystorePass": "ranger",
+ "https.attrib.clientAuth": "want",
+ "https.attrib.keystoreFile": "/etc/ranger/admin/keys/server.jks",
+ "https.service.port": "6182",
+ "https.attrib.keyAlias": "myKey"
+ },
+ "usersync-properties": {
+ "SYNC_INTERVAL": "1",
+ "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_FILTER": "-",
+ "SYNC_LDAP_URL": "ldap://localhost:389",
+ "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_SCOPE": "sub",
+ "SYNC_LDAP_BIND_PASSWORD": "admin321",
+ "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn",
+ "MIN_UNIX_USER_ID_TO_SYNC": "1000",
+ "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_OBJECT_CLASS": "person",
+ "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks",
+ "SYNC_SOURCE": "unix",
+ "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof",
+ "logdir": "logs"
+ },
+ "usersync-properties": {
+ "SYNC_INTERVAL": "1",
+ "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_FILTER": "-",
+ "SYNC_LDAP_URL": "ldap://localhost:389",
+ "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_SCOPE": "sub",
+ "SYNC_LDAP_BIND_PASSWORD": "admin321",
+ "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn",
+ "MIN_UNIX_USER_ID_TO_SYNC": "1000",
+ "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_OBJECT_CLASS": "person",
+ "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks",
+ "SYNC_SOURCE": "unix",
+ "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof",
+ "logdir": "logs"
+ },
+ "ranger-env": {
+ "ranger_group": "ranger",
+ "ranger_admin_log_dir": "/var/log/ranger/admin",
+ "oracle_home": "-",
+ "admin_username": "admin",
+ "ranger_user": "ranger",
+ "ranger_admin_username": "amb_ranger_admin",
+ "admin_password": "admin",
+ "ranger_admin_password": "aa",
+ "ranger_usersync_log_dir": "/var/log/ranger/usersync",
+ "xml_configurations_supported" : "false"
+ },
+ "spark-javaopts-properties": {
+ "content": " "
+ },
+ "hadoop-env": {
+ "dtnode_heapsize": "1024m",
+ "namenode_opt_maxnewsize": "256m",
+ "hdfs_log_dir_prefix": "/var/log/hadoop",
+ "namenode_heapsize": "1024m",
+ "proxyuser_group": "users",
+ "hadoop_pid_dir_prefix": "/var/run/hadoop",
+ "content": "\n# Set Hadoop-specific environment variables here.\n\n# The only required environment variable is JAVA_HOME. All others are\n# optional. When running a distributed configuration it is best to\n# set JAVA_HOME in this file, so that it is correctly defined on\n# remote nodes.\n\n# The java implementation to use. Required.\nexport JAVA_HOME={{java_home}}\nexport HADOOP_HOME_WARN_SUPPRESS=1\n\n# Hadoop home directory\nexport HADOOP_HOME=${HADOOP_HOME:-{{hadoop_home}}}\n\n# Hadoop Configuration Directory\n\n{# this is different for HDP1 #}\n# Path to jsvc required by secure HDP 2.0 datanode\nexport JSVC_HOME={{jsvc_path}}\n\n\n# The maximum amount of heap to use, in MB. Default is 1000.\nexport HADOOP_HEAPSIZE=\"{{hadoop_heapsize}}\"\n\nexport HADOOP_NAMENODE_INIT_HEAPSIZE=\"-Xms{{namenode_heapsize}}\"\n\n# Extra Java runtime options. Empty by default.\nexport HADOOP_OPTS=\"-Djava.net.preferIPv4Stack=true ${HADOOP_OPTS}\"\n\n# Command specific options appende
d to HADOOP_OPTS when specified\nexport HADOOP_NAMENODE_OPTS=\"-server -XX:ParallelGCThreads=8 -XX:+UseConcMarkSweepGC -XX:ErrorFile={{hdfs_log_dir_prefix}}/$USER/hs_err_pid%p.log -XX:NewSize={{namenode_opt_newsize}} -XX:MaxNewSize={{namenode_opt_maxnewsize}} -XX:PermSize={{namenode_opt_permsize}} -XX:MaxPermSize={{namenode_opt_maxpermsize}} -Xloggc:{{hdfs_log_dir_prefix}}/$USER/gc.log-`date +'%Y%m%d%H%M'` -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCDateStamps -Xms{{namenode_heapsize}} -Xmx{{namenode_heapsize}} -Dhadoop.security.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT ${HADOOP_NAMENODE_OPTS}\"\nHADOOP_JOBTRACKER_OPTS=\"-server -XX:ParallelGCThreads=8 -XX:+UseConcMarkSweepGC -XX:ErrorFile={{hdfs_log_dir_prefix}}/$USER/hs_err_pid%p.log -XX:NewSize={{jtnode_opt_newsize}} -XX:MaxNewSize={{jtnode_opt_maxnewsize}} -Xloggc:{{hdfs_log_dir_prefix}}/$USER/gc.log-`date +'%Y%m%d%H%M'` -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCDateStam
ps -Xmx{{jtnode_heapsize}} -Dhadoop.security.logger=INFO,DRFAS -Dmapred.audit.logger=INFO,MRAUDIT -Dhadoop.mapreduce.jobsummary.logger=INFO,JSA ${HADOOP_JOBTRACKER_OPTS}\"\n\nHADOOP_TASKTRACKER_OPTS=\"-server -Xmx{{ttnode_heapsize}} -Dhadoop.security.logger=ERROR,console -Dmapred.audit.logger=ERROR,console ${HADOOP_TASKTRACKER_OPTS}\"\nexport HADOOP_DATANODE_OPTS=\"-server -XX:ParallelGCThreads=4 -XX:+UseConcMarkSweepGC -XX:ErrorFile=/var/log/hadoop/$USER/hs_err_pid%p.log -XX:NewSize=200m -XX:MaxNewSize=200m -XX:PermSize=128m -XX:MaxPermSize=256m -Xloggc:/var/log/hadoop/$USER/gc.log-`date +'%Y%m%d%H%M'` -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCDateStamps -Xms{{dtnode_heapsize}} -Xmx{{dtnode_heapsize}} -Dhadoop.security.logger=INFO,DRFAS -Dhdfs.audit.logger=INFO,DRFAAUDIT ${HADOOP_DATANODE_OPTS}\"\nHADOOP_BALANCER_OPTS=\"-server -Xmx{{hadoop_heapsize}}m ${HADOOP_BALANCER_OPTS}\"\n\nexport HADOOP_SECONDARYNAMENODE_OPTS=$HADOOP_NAMENODE_OPTS\n\n# The following
applies to multiple commands (fs, dfs, fsck, distcp etc)\nexport HADOOP_CLIENT_OPTS=\"-Xmx${HADOOP_HEAPSIZE}m -XX:MaxPermSize=512m $HADOOP_CLIENT_OPTS\"\n\n# On secure datanodes, user to run the datanode as after dropping privileges\nexport HADOOP_SECURE_DN_USER=${HADOOP_SECURE_DN_USER:-{{hadoop_secure_dn_user}}}\n\n# Extra ssh options. Empty by default.\nexport HADOOP_SSH_OPTS=\"-o ConnectTimeout=5 -o SendEnv=HADOOP_CONF_DIR\"\n\n# Where log files are stored. $HADOOP_HOME/logs by default.\nexport HADOOP_LOG_DIR={{hdfs_log_dir_prefix}}/$USER\n\n# History server logs\nexport HADOOP_MAPRED_LOG_DIR={{mapred_log_dir_prefix}}/$USER\n\n# Where log files are stored in the secure data environment.\nexport HADOOP_SECURE_DN_LOG_DIR={{hdfs_log_dir_prefix}}/$HADOOP_SECURE_DN_USER\n\n# File naming remote slave hosts. $HADOOP_HOME/conf/slaves by default.\n# export HADOOP_SLAVES=${HADOOP_HOME}/conf/slaves\n\n# host:path where hadoop code should be rsync'd from. Unset by default.\n# export HAD
OOP_MASTER=master:/home/$USER/src/hadoop\n\n# Seconds to sleep between slave commands. Unset by default. This\n# can be useful in large clusters, where, e.g., slave rsyncs can\n# otherwise arrive faster than the master can service them.\n# export HADOOP_SLAVE_SLEEP=0.1\n\n# The directory where pid files are stored. /tmp by default.\nexport HADOOP_PID_DIR={{hadoop_pid_dir_prefix}}/$USER\nexport HADOOP_SECURE_DN_PID_DIR={{hadoop_pid_dir_prefix}}/$HADOOP_SECURE_DN_USER\n\n# History server pid\nexport HADOOP_MAPRED_PID_DIR={{mapred_pid_dir_prefix}}/$USER\n\nYARN_RESOURCEMANAGER_OPTS=\"-Dyarn.server.resourcemanager.appsummary.logger=INFO,RMSUMMARY\"\n\n# A string representing this instance of hadoop. $USER by default.\nexport HADOOP_IDENT_STRING=$USER\n\n# The scheduling priority for daemon processes. See 'man nice'.\n\n# export HADOOP_NICENESS=10\n\n# Use libraries from standard classpath\nJAVA_JDBC_LIBS=\"\"\n#Add libraries required by mysql connector\nfor jarFile in `ls /usr/share/
java/*mysql* 2>/dev/null`\ndo\n JAVA_JDBC_LIBS=${JAVA_JDBC_LIBS}:$jarFile\ndone\n# Add libraries required by oracle connector\nfor jarFile in `ls /usr/share/java/*ojdbc* 2>/dev/null`\ndo\n JAVA_JDBC_LIBS=${JAVA_JDBC_LIBS}:$jarFile\ndone\n# Add libraries required by nodemanager\nMAPREDUCE_LIBS={{mapreduce_libs_path}}\nexport HADOOP_CLASSPATH=${HADOOP_CLASSPATH}${JAVA_JDBC_LIBS}:${MAPREDUCE_LIBS}\n\n# added to the HADOOP_CLASSPATH\nif [ -d \"/usr/hdp/current/tez-client\" ]; then\n if [ -d \"/etc/tez/conf/\" ]; then\n # When using versioned RPMs, the tez-client will be a symlink to the current folder of tez in HDP.\n export HADOOP_CLASSPATH=${HADOOP_CLASSPATH}:/usr/hdp/current/tez-client/*:/usr/hdp/current/tez-client/lib/*:/etc/tez/conf/\n fi\nfi\n\n\n# Setting path to hdfs command line\nexport HADOOP_LIBEXEC_DIR={{hadoop_libexec_dir}}\n\n# Mostly required for hadoop 2.0\nexport JAVA_LIBRARY_PATH=${JAVA_LIBRARY_PATH}\n\nexport HADOOP_OPTS=\"-Dhdp.version=$HDP_VERSION $HADOOP_
OPTS\"",
+ "hdfs_user": "hdfs",
+ "namenode_opt_newsize": "256m",
+ "dfs.datanode.data.dir.mount.file": "/etc/hadoop/conf/dfs_data_dir_mount.hist",
+ "hadoop_root_logger": "INFO,RFA",
+ "hadoop_heapsize": "1024",
+ "namenode_opt_maxpermsize": "256m",
+ "namenode_opt_permsize": "128m"
+ },
+ "slider-client": {
+ "slider.yarn.queue": "default"
+ },
+ "core-site": {
+ "fs.defaultFS": "hdfs://c6401.ambari.apache.org:8020"
+ },
+ "hdfs-site": {
+ "a": "b"
+ },
+ "yarn-site": {
+ "yarn.application.classpath": "/etc/hadoop/conf,/usr/lib/hadoop/*,/usr/lib/hadoop/lib/*,/usr/lib/hadoop-hdfs/*,/usr/lib/hadoop-hdfs/lib/*,/usr/lib/hadoop-yarn/*,/usr/lib/hadoop-yarn/lib/*,/usr/lib/hadoop-mapreduce/*,/usr/lib/hadoop-mapreduce/lib/*",
+ "yarn.resourcemanager.address": "c6401.ambari.apache.org:8050",
+ "yarn.resourcemanager.scheduler.address": "c6401.ambari.apache.org:8030"
+ },
+ "cluster-env": {
+ "security_enabled": "false",
+ "ignore_groupsusers_create": "false",
+ "smokeuser": "ambari-qa",
+ "kerberos_domain": "EXAMPLE.COM",
+ "user_group": "hadoop"
+ },
+ "ranger-knox-plugin-properties": {
+ "POLICY_MGR_URL": "{{policymgr_mgr_url}}",
+ "XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS": "900",
+ "KNOX_HOME": "/usr/hdp/current/knox-server",
+ "XAAUDIT.HDFS.DESTINATION_DIRECTORY": "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit",
+ "common.name.for.certificate": "-",
+ "XAAUDIT.HDFS.IS_ENABLED": "false",
+ "SQL_CONNECTOR_JAR": "{{sql_connector_jar}}",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
+ "REPOSITORY_NAME": "{{repo_name}}",
+ "SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
+ "XAAUDIT.DB.IS_ENABLED": "true",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS": "600",
+ "XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
+ "XAAUDIT.SOLR.SOLR_URL": "http://localhost:6083/solr/ranger_audits",
+ "XAAUDIT.DB.DATABASE_NAME": "{{xa_audit_db_name}}",
+ "XAAUDIT.DB.HOSTNAME": "{{xa_db_host}}",
+ "XAAUDIT.SOLR.IS_ENABLED": "false",
+ "SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
+ "ranger-knox-plugin-enabled": "Yes",
+ "XAAUDIT.DB.USER_NAME": "{{xa_audit_db_user}}",
+ "policy_user": "ambari-qa",
+ "XAAUDIT.HDFS.DESTINTATION_FILE": "%hostname%-audit.log",
+ "XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS": "86400",
+ "XAAUDIT.DB.PASSWORD": "{{xa_audit_db_password}}",
+ "XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT": "10",
+ "SSL_TRUSTSTORE_PASSWORD": "changeit",
+ "XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive",
+ "REPOSITORY_CONFIG_USERNAME": "admin",
+ "XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS": "1000",
+ "XAAUDIT.DB.FLAVOUR": "{{xa_audit_db_flavor}}",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS": "60",
+ "SSL_TRUSTSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-truststore.jks",
+ "REPOSITORY_CONFIG_PASSWORD": "admin-password",
+ "XAAUDIT.SOLR.MAX_QUEUE_SIZE": "1"
+ },
+ "webhcat-site": {
+ "templeton.jar": "/usr/hdp/current/hive-webhcat/share/webhcat/svr/lib/hive-webhcat-*.jar",
+ "templeton.pig.archive": "hdfs:///hdp/apps/{{ hdp_stack_version }}/pig/pig.tar.gz",
+ "templeton.hive.archive": "hdfs:///hdp/apps/{{ hdp_stack_version }}/hive/hive.tar.gz",
+ "templeton.sqoop.archive": "hdfs:///hdp/apps/{{ hdp_stack_version }}/sqoop/sqoop.tar.gz",
+ "templeton.streaming.jar": "hdfs:///hdp/apps/{{ hdp_stack_version }}/mr/hadoop-streaming.jar"
+ },
+ "slider-log4j": {
+ "content": "log4jproperties\nline2"
+ },
+ "slider-env": {
+ "content": "envproperties\nline2"
+ },
+ "ranger-hbase-plugin-properties": {
+ "ranger-hbase-plugin-enabled":"yes"
+ },
+ "ranger-hive-plugin-properties": {
+ "ranger-hive-plugin-enabled":"yes"
+ }
+ },
+ "configuration_attributes": {
+ "yarn-site": {
+ "final": {
+ "yarn.nodemanager.disk-health-checker.min-healthy-disks": "true",
+ "yarn.nodemanager.container-executor.class": "true",
+ "yarn.nodemanager.local-dirs": "true"
+ }
+ },
+ "hdfs-site": {
+ "final": {
+ "dfs.web.ugi": "true",
+ "dfs.support.append": "true",
+ "dfs.cluster.administrators": "true"
+ }
+ },
+ "core-site": {
+ "final": {
+ "hadoop.proxyuser.hive.groups": "true",
+ "webinterface.private.actions": "true",
+ "hadoop.proxyuser.oozie.hosts": "true"
+ }
+ }
+ },
+ "configurationTags": {
+ "slider-client": {
+ "tag": "version1"
+ },
+ "slider-log4j": {
+ "tag": "version1"
+ },
+ "slider-env": {
+ "tag": "version1"
+ },
+ "core-site": {
+ "tag": "version1"
+ },
+ "hdfs-site": {
+ "tag": "version1"
+ },
+ "yarn-site": {
+ "tag": "version1"
+ },
+ "gateway-site": {
+ "tag": "version1"
+ },
+ "topology": {
+ "tag": "version1"
+ },
+ "users-ldif": {
+ "tag": "version1"
+ },
+ "kafka-env": {
+ "tag": "version1"
+ },
+ "kafka-log4j": {
+ "tag": "version1"
+ },
+ "kafka-broker": {
+ "tag": "version1"
+ }
+ },
+ "commandId": "7-1",
+ "clusterHostInfo": {
+ "ambari_server_host": [
+ "c6401.ambari.apache.org"
+ ],
+ "all_ping_ports": [
+ "8670",
+ "8670"
+ ],
+ "rm_host": [
+ "c6402.ambari.apache.org"
+ ],
+ "all_hosts": [
+ "c6401.ambari.apache.org",
+ "c6402.ambari.apache.org"
+ ],
+ "knox_gateway_hosts": [
+ "jaimin-knox-1.c.pramod-thangali.internal"
+ ],
+ "kafka_broker_hosts": [
+ "c6401.ambari.apache.org"
+ ],
+ "zookeeper_hosts": [
+ "c6401.ambari.apache.org"
+ ],
+ "ranger_admin_hosts": [
+ "c6401.ambari.apache.org"
+ ]
+
+}
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json b/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json
new file mode 100644
index 0000000..9bb1833
--- /dev/null
+++ b/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-secured.json
@@ -0,0 +1,180 @@
+{
+ "roleCommand": "SERVICE_CHECK",
+ "clusterName": "c1",
+ "hostname": "c6401.ambari.apache.org",
+ "hostLevelParams": {
+ "jdk_location": "http://c6401.ambari.apache.org:8080/resources/",
+ "ambari_db_rca_password": "mapred",
+ "ambari_db_rca_url": "jdbc:postgresql://c6401.ambari.apache.org/ambarirca",
+ "jce_name": "UnlimitedJCEPolicyJDK7.zip",
+ "stack_version": "2.2",
+ "stack_name": "HDP",
+ "ambari_db_rca_driver": "org.postgresql.Driver",
+ "jdk_name": "jdk-7u67-linux-x64.tar.gz",
+ "ambari_db_rca_username": "mapred",
+ "java_home": "/usr/jdk64/jdk1.7.0_45",
+ "java_version": "8",
+ "db_name": "ambari"
+ },
+ "commandType": "EXECUTION_COMMAND",
+ "roleParams": {},
+ "serviceName": "SLIDER",
+ "role": "SLIDER",
+ "commandParams": {
+ "command_timeout": "300",
+ "service_package_folder": "OOZIE",
+ "script_type": "PYTHON",
+ "script": "scripts/service_check.py",
+ "excluded_hosts": "host1,host2"
+ },
+ "taskId": 152,
+ "public_hostname": "c6401.ambari.apache.org",
+ "configurations": {
+ "ranger-env": {
+ "ranger_group": "ranger",
+ "ranger_admin_password": "ambari123",
+ "oracle_home": "-",
+ "admin_username": "admin",
+ "ranger_user": "ranger",
+ "ranger_admin_username": "amb_ranger_admin",
+ "admin_password": "admin",
+ "ranger_admin_log_dir": "/var/log/ranger/admin",
+ "ranger_usersync_log_dir": "/var/log/ranger/usersync",
+ "xml_configurations_supported" : false
+ },
+ "admin-properties": {
+ "db_password": "admin",
+ "db_root_user": "root",
+ "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"",
+ "xa_ldap_ad_domain": "\"xasecure.net\"",
+ "SQL_COMMAND_INVOKER": "mysql",
+ "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar",
+ "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"",
+ "remoteLoginEnabled": "true",
+ "audit_db_name": "ranger_audit",
+ "ambari_user_password": "admin",
+ "authServicePort": "5151",
+ "audit_db_password": "admin",
+ "DB_FLAVOR": "MYSQL",
+ "audit_db_user": "rangerlogger",
+ "xa_ldap_groupRoleAttribute": "\"cn\"",
+ "xa_ldap_url": "\"ldap://71.127.43.33:389\"",
+ "db_name": "ranger",
+ "authentication_method": "UNIX",
+ "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"",
+ "policymgr_http_enabled": "true",
+ "authServiceHostName": "localhost",
+ "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"",
+ "unix_group": "ranger",
+ "policymgr_external_url": "http://localhost:6080",
+ "db_user": "rangeradmin",
+ "db_host": "localhost",
+ "unix_user": "ranger",
+ "db_root_password": "rootpassword"
+ },
+ "ranger-hdfs-plugin-properties": {
+ "XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS": "900",
+ "XAAUDIT.HDFS.DESTINATION_DIRECTORY": "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%",
+ "POLICY_USER": "ambari-qa",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit",
+ "common.name.for.certificate": "-",
+ "XAAUDIT.HDFS.IS_ENABLED": "false",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log",
+ "SSL_KEYSTORE_PASSWORD": "myKeyFilePassword",
+ "XAAUDIT.DB.IS_ENABLED": "true",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS": "600",
+ "hadoop.rpc.protection": "-",
+ "ranger-hdfs-plugin-enabled": "No",
+ "SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks",
+ "XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60",
+ "policy_user": "ambari-qa",
+ "XAAUDIT.HDFS.DESTINTATION_FILE": "%hostname%-audit.log",
+ "XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS": "86400",
+ "XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT": "10",
+ "SSL_TRUSTSTORE_PASSWORD": "changeit",
+ "XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive",
+ "REPOSITORY_CONFIG_USERNAME": "hadoop",
+ "XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS": "60",
+ "SSL_TRUSTSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-truststore.jks",
+ "REPOSITORY_CONFIG_PASSWORD": "hadoop"
+ },
+ "ranger-site": {
+ "HTTPS_KEYSTORE_FILE": "/etc/ranger/admin/keys/server.jks",
+ "HTTPS_CLIENT_AUTH": "want",
+ "HTTPS_SERVICE_PORT": "6182",
+ "HTTPS_KEY_ALIAS": "myKey",
+ "HTTPS_KEYSTORE_PASS": "ranger",
+ "HTTP_ENABLED": "true",
+ "HTTP_SERVICE_PORT": "6080"
+ },
+ "usersync-properties": {
+ "SYNC_INTERVAL": "1",
+ "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_FILTER": "-",
+ "SYNC_LDAP_URL": "ldap://localhost:389",
+ "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower",
+ "SYNC_LDAP_USER_SEARCH_SCOPE": "sub",
+ "SYNC_LDAP_BIND_PASSWORD": "admin321",
+ "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn",
+ "MIN_UNIX_USER_ID_TO_SYNC": "1000",
+ "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net",
+ "logdir": "logs",
+ "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks",
+ "SYNC_SOURCE": "unix",
+ "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net",
+ "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof",
+ "SYNC_LDAP_USER_OBJECT_CLASS": "person"
+ },
+ "spark-javaopts-properties": {
+ "content": " "
+ },
+ "cluster-env": {
+ "security_enabled": "true",
+ "ignore_groupsusers_create": "false",
+ "smokeuser": "ambari-qa",
+ "kerberos_domain": "EXAMPLE.COM",
+ "user_group": "hadoop",
+ "smokeuser_keytab": "/etc/security/keytabs/smokeuser.headless.keytab",
+ "smokeuser_principal_name": "ambari-qa@EXAMPLE.COM",
+ "kinit_path_local": "/usr/bin"
+ },
+ "slider-log4j": {
+ "content": "log4jproperties\nline2"
+ },
+ "slider-env": {
+ "content": "envproperties\nline2"
+ }
+ },
+ "configuration_attributes": {},
+ "configurationTags": {
+ "slider-client": {
+ "tag": "version1"
+ },
+ "slider-log4j": {
+ "tag": "version1"
+ },
+ "slider-env": {
+ "tag": "version1"
+ }
+ },
+ "commandId": "7-1",
+ "clusterHostInfo": {
+ "ambari_server_host": [
+ "c6401.ambari.apache.org"
+ ],
+ "all_ping_ports": [
+ "8670",
+ "8670"
+ ],
+ "rm_host": [
+ "c6402.ambari.apache.org"
+ ],
+ "ranger_admin_hosts" : [
+ "c6401.ambari.apache.org"
+ ],
+ "all_hosts": [
+ "c6401.ambari.apache.org",
+ "c6402.ambari.apache.org"
+ ]
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/60ea8dbf/ambari-web/app/data/HDP2.3/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js
index 3527e17..a2963da 100644
--- a/ambari-web/app/data/HDP2.3/site_properties.js
+++ b/ambari-web/app/data/HDP2.3/site_properties.js
@@ -791,6 +791,16 @@ hdp23properties.push({
},
{
"id": "site property",
+ "name": "ranger.usersync.ldap.ldapbindpassword",
+ "displayName": "ranger.usersync.ldap.ldapbindpassword",
+ "displayType": "password",
+ "category": "Advanced ranger-ugsync-site",
+ "isRequired": false,
+ "serviceName": "RANGER",
+ "filename": "ranger-ugsync-site.xml"
+ },
+ {
+ "id": "site property",
"name": "common.name.for.certificate",
"displayName": "common.name.for.certificate",
"category": "Advanced ranger-yarn-plugin-properties",