You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by al...@apache.org on 2016/03/03 01:06:31 UTC
[07/50] [abbrv] incubator-ranger git commit: RANGER-614.2 : Provide
support of SQL Anywhere as a DB in Ranger
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 0d6c49b..a010e19 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -1162,6 +1162,260 @@ class SqlServerConf(BaseDB):
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
+class SqlAnywhereConf(BaseDB):
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
+ def get_jisql_cmd(self, user, password, db_name):
+ path = RANGER_ADMIN_HOME
+ self.JAVA_BIN = self.JAVA_BIN.strip("'")
+ if os_name == "LINUX":
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ elif os_name == "WINDOWS":
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ return jisql_cmd
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"SELECT 1;\""
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ output = check_output(query)
+ if output.strip('1 |'):
+ log("[I] Connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection", "error")
+ sys.exit(1)
+
+ def import_db_file(self, db_name, db_user, db_password, file_name):
+ name = basename(file_name)
+ if os.path.isfile(file_name):
+ log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] "+name + " DB schema imported successfully","info")
+ else:
+ log("[E] "+name + " DB Schema import failed!","error")
+ sys.exit(1)
+
+ def check_table(self, db_name, db_user, db_password, TABLE_NAME):
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\"" %(TABLE_NAME)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\" -c ;" %(TABLE_NAME)
+ output = check_output(query)
+ if output.strip(TABLE_NAME + " |"):
+ log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
+ return True
+ else:
+ log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info")
+ return False
+
+ def grant_audit_db_user(self, audit_db_name, db_user, audit_db_user, db_password, audit_db_password,TABLE_NAME):
+ log("[I] Granting permission to audit user '" + audit_db_user + "' on db '" + audit_db_name + "'","info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\"" %(audit_db_user)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\" -c ;" %(audit_db_user)
+ ret = subprocess.call(query)
+ if ret != 0 :
+ sys.exit(1)
+ else:
+ log("[I] Permission granted to audit user " + audit_db_user , "info")
+
+ def import_db_patches(self, db_name, db_user, db_password, file_name):
+ name = basename(file_name)
+ if os.path.isfile(file_name):
+ version = name.split('-')[0]
+ log("[I] Executing patch on " + db_name + " from file: " + name,"info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Patch "+ name +" is already applied" ,"info")
+ else:
+ if os_name == "LINUX":
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -input %s" %file_name
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] "+name + " patch applied","info")
+ if os_name == "LINUX":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c \;" %(version,db_user,xa_db_host,db_user,xa_db_host)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] Patch version updated", "info")
+ else:
+ log("[E] Updating patch version failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] "+name + " import failed!","error")
+ sys.exit(1)
+
+ def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
+ log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
+ self.set_options(audit_db_name, db_user, db_password, TABLE_NAME)
+ output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
+ if output == True:
+ name = basename(file_name)
+ if os.path.isfile(file_name):
+ version = name.split('-')[0]
+ log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info")
+ get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Patch "+ name +" is already applied" ,"info")
+ else:
+ get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
+ if os_name == "LINUX":
+ query = get_cmd2 + " -input %s" %file_name
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd2 + " -input %s" %file_name
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] "+name + " patch applied","info")
+ if os_name == "LINUX":
+ query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c \;" %(version,db_user,xa_db_host,db_user,xa_db_host)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] Patch version updated", "info")
+ else:
+ log("[E] Updating patch version failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] "+name + " import failed!","error")
+ sys.exit(1)
+ else:
+ log("[I] Table XA_ACCESS_AUDIT does not exists in " +audit_db_name,"error")
+ sys.exit(1)
+
+ def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name,db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
+ log("[I] --------- Check admin user connection --------- ","info")
+ self.check_connection(audit_db_name, db_user, db_password)
+ log("[I] --------- Check audit user connection --------- ","info")
+ self.check_connection(audit_db_name, audit_db_user, audit_db_password)
+ log("[I] --------- Check audit table exists --------- ","info")
+ self.set_options(audit_db_name, db_user, db_password, TABLE_NAME)
+ output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
+ if output == False:
+ self.import_db_file(audit_db_name ,db_user, db_password, file_name)
+ self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME)
+
+ def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
+ my_dict = {}
+ version = ""
+ className = ""
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+ javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
+
+ if not os.path.exists(javaFiles):
+ log("[I] No java patches to apply!","info")
+ else:
+ files = os.listdir(javaFiles)
+ if files:
+ for filename in files:
+ f = re.match("^Patch.*?.class$",filename)
+ if f:
+ className = re.match("(Patch.*?)_.*.class",filename)
+ className = className.group(1)
+ version = re.match("Patch.*?_(.*).class",filename)
+ version = version.group(1)
+ key3 = int(version.strip("J"))
+ my_dict[key3] = filename
+
+ keylist = my_dict.keys()
+ keylist.sort()
+ for key in keylist:
+ #print "%s: %s" % (key, my_dict[key])
+ version = str(key)
+ className = my_dict[key]
+ className = className.strip(".class")
+ if version != "":
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c \;" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] java patch "+ className +" is already applied" ,"info")
+ else:
+ log ("[I] java patch "+ className +" is being applied..","info")
+ if os_name == "LINUX":
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ get_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className)
+ if os_name == "LINUX":
+ ret = subprocess.call(shlex.split(get_cmd))
+ elif os_name == "WINDOWS":
+ ret = subprocess.call(get_cmd)
+ if ret == 0:
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c \;" %(version,db_user,xa_db_host,db_user,xa_db_host)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] java patch "+ className +" applied", "info")
+ else:
+ log("[E] java patch "+ className +" failed", "error")
+ sys.exit(1)
+ else:
+ log("[E] java patch "+ className +" failed", "error")
+ sys.exit(1)
+
+ def set_options(self, db_name, db_user, db_password, TABLE_NAME):
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"set option public.reserved_keywords='LIMIT';\""
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"set option public.reserved_keywords='LIMIT';\" -c ;"
+ ret = subprocess.call(shlex.split(query))
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"set option public.max_statement_count=0;\""
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"set option public.max_statement_count=0;\" -c;"
+ ret = subprocess.call(shlex.split(query))
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"set option public.max_cursor_count=0;\""
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"set option public.max_cursor_count=0;\" -c;"
+ ret = subprocess.call(shlex.split(query))
def main(argv):
populate_global_dict()
@@ -1218,6 +1472,12 @@ def main(argv):
sqlserver_patches = os.path.join('db','sqlserver','patches')
sqlserver_auditdb_patches = os.path.join('db','sqlserver','patches','audit')
+ sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql')
+ sqlanywhere_core_file = globalDict['sqlanywhere_core_file']
+ sqlanywhere_audit_file = globalDict['sqlanywhere_audit_file']
+ sqlanywhere_patches = os.path.join('db','sqlanywhere','patches')
+ sqlanywhere_auditdb_patches = os.path.join('db','sqlanywhere','patches','audit')
+
db_name = globalDict['db_name']
db_user = globalDict['db_user']
db_password = globalDict['db_password']
@@ -1261,6 +1521,19 @@ def main(argv):
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_patches)
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,sqlserver_auditdb_patches)
+
+ elif XA_DB_FLAVOR == "SQLANYWHERE":
+ if not os_name == "WINDOWS" :
+ if os.environ['LD_LIBRARY_PATH'] == "":
+ log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
+ xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_dbversion_catalog)
+ xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_core_file)
+ xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_patches)
+ audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_auditdb_patches)
+
else:
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
@@ -1284,6 +1557,11 @@ def main(argv):
SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_audit_file)
+
+ elif AUDIT_DB_FLAVOR == "SQLANYWHERE":
+ SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ audit_sqlObj = SqlAnywhereConf(audit_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
+ audit_db_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_audit_file)
else:
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 045990d..0d5d573 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -1086,6 +1086,191 @@ class SqlServerConf(BaseDB):
self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke, dryMode)
+class SqlAnywhereConf(BaseDB):
+ # Constructor
+ def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+ self.host = host
+ self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
+ self.JAVA_BIN = JAVA_BIN
+
+ def get_jisql_cmd(self, user, password, db_name):
+ path = RANGER_ADMIN_HOME
+ self.JAVA_BIN = self.JAVA_BIN.strip("'")
+ if os_name == "LINUX":
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ elif os_name == "WINDOWS":
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ return jisql_cmd
+
+ def verify_user(self, root_user, db_root_password, db_user,dryMode):
+ if dryMode == False:
+ log("[I] Verifying user " + db_user , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"select name from syslogins where name = '%s';\"" %(db_user)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select name from syslogins where name = '%s';\" -c ;" %(db_user)
+ output = check_output(query)
+ if output.strip(db_user + " |"):
+ return True
+ else:
+ return False
+
+ def check_connection(self, db_name, db_user, db_password):
+ log("[I] Checking connection", "info")
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"SELECT 1;\""
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ output = check_output(query)
+ if output.strip('1 |'):
+ log("[I] Connection success", "info")
+ return True
+ else:
+ log("[E] Can't establish connection", "error")
+ sys.exit(1)
+
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
+ if self.check_connection('', root_user, db_root_password):
+ if self.verify_user(root_user, db_root_password, db_user,dryMode):
+ if dryMode == False:
+ log("[I] SQL Anywhere user " + db_user + " already exists.", "info")
+ else:
+ if dryMode == False:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
+ log("[I] User does not exists, Creating Login user " + db_user, "info")
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user,db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user,dryMode):
+ log("[I] SQL Anywhere user " + db_user + " created", "info")
+ else:
+ log("[E] SQL Anywhere user " +db_user+" creation failed..", "error")
+ sys.exit(1)
+ else:
+ log("[E] SQL Anywhere user " +db_user+" creation failed..", "error")
+ sys.exit(1)
+ else:
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user,db_password))
+
+ def start_db(self,root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Starting database " + db_name, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"start database '%s' autostop off;\"" %(db_name)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"start database '%s' autostop off;\" -c ;" %(db_name)
+ output = check_output(query)
+
+ def verify_db(self, root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Verifying database " + db_name, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"select alias from sa_db_info() where alias='%s';\"" %(db_name)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select alias from sa_db_info() where alias='%s';\" -c ;" %(db_name)
+ output = check_output(query)
+ if output.strip(db_name + " |"):
+ return True
+ else:
+ return False
+
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Database " + db_name + " already exists.","info")
+ else:
+ if dryMode == False:
+ log("[I] Database does not exist. Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\"" %(db_name,db_user, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\" -c ;" %(db_name,db_user, db_password)
+ ret = subprocess.call(query)
+ if ret != 0:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ self.start_db(root_user, db_root_password, db_name,dryMode)
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ self.create_user(root_user, db_name ,db_user, db_password, db_root_password,dryMode)
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ logFile("create database %s dba user '%s' dba password '%s' database size 100MB;" %(db_name,db_user, db_password))
+
+ def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode):
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ output = check_output(query)
+ if output.strip(db_user + " |"):
+ if dryMode == False:
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ if dryMode == False:
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ output = check_output(query)
+ if output.strip(db_user + " |"):
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password))
+
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
+ if dryMode == False:
+ log("[I] Granting permission to user '" + db_user + "' on db '" + db_name + "'" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -c \; -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ ret = subprocess.call(query)
+ if ret != 0:
+ sys.exit(1)
+ else:
+ logFile("GRANT CONNECT to %s IDENTIFIED BY '%s';" %(db_user, db_password))
+
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
+ is_revoke=False
+ if DBA_MODE == "TRUE":
+ if dryMode == False:
+ log("[I] ---------- Setup audit user ---------- ","info")
+ self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password,dryMode)
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode)
+ self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, db_user, db_password,dryMode)
+ self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
+ self.grant_xa_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password, is_revoke, dryMode)
def main(argv):
@@ -1167,7 +1352,7 @@ def main(argv):
else:
XA_DB_FLAVOR=''
while XA_DB_FLAVOR == "":
- log("Enter db flavour{MYSQL|ORACLE|POSTGRES|MSSQL} :","info")
+ log("Enter db flavour{MYSQL|ORACLE|POSTGRES|MSSQL|SQLANYWHERE} :","info")
XA_DB_FLAVOR=raw_input()
AUDIT_DB_FLAVOR = XA_DB_FLAVOR
@@ -1296,6 +1481,11 @@ def main(argv):
sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql')
sqlserver_patches = os.path.join('db','sqlserver','patches')
+ sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql')
+ sqlanywhere_core_file = os.path.join('db','sqlanywhere','xa_core_db_sqlanywhere.sql')
+ sqlanywhere_audit_file = os.path.join('db','sqlanywhere','xa_audit_db_sqlanywhere.sql')
+ sqlanywhere_patches = os.path.join('db','sqlanywhere','patches')
+
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
x_user = 'x_portal_user'
@@ -1339,6 +1529,17 @@ def main(argv):
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_patches)
+
+ elif XA_DB_FLAVOR == "SQLANYWHERE":
+ if not os_name == "WINDOWS" :
+ if os.environ['LD_LIBRARY_PATH'] == "":
+ log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ SQLANYWHERE_CONNECTOR_JAR=CONNECTOR_JAR
+ xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
+ xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_dbversion_catalog)
+ xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_core_file)
+ xa_patch_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_patches)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
@@ -1374,6 +1575,11 @@ def main(argv):
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_audit_file)
+
+ elif AUDIT_DB_FLAVOR == "SQLANYWHERE":
+ SQLANYWHERE_CONNECTOR_JAR=CONNECTOR_JAR
+ audit_sqlObj = SqlAnywhereConf(audit_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
+ audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_audit_file)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
@@ -1394,7 +1600,8 @@ def main(argv):
logFile("===============================================\n")
xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
+ if not XA_DB_FLAVOR == "SQLANYWHERE":
+ xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
logFile("===============================================\n")
if (dryMode==False):
@@ -1403,7 +1610,8 @@ def main(argv):
log("[I] ---------- Creating Ranger Admin database ----------","info")
xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
log("[I] ---------- Granting permission to Ranger Admin db user ----------","info")
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
+ if not XA_DB_FLAVOR == "SQLANYWHERE":
+ xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
# Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
if audit_store == "db":
log("[I] ---------- Verifying/Creating audit user --------- ","info")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 820d9c7..294b0e8 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -14,7 +14,7 @@
# limitations under the License.
#
-# This file provides list of deployment variables for the Policy Manager Web Application
+# This file provides list of deployment variables for the Policy Manager Web Application
#
#------------------------- DB CONFIG - BEGIN ----------------------------------
@@ -23,10 +23,10 @@
PYTHON_COMMAND_INVOKER=python
-#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL
+#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLANYWHERE
DB_FLAVOR=MYSQL
#
-# The executable path to be used to invoke command-line MYSQL
+# The executable path to be used to invoke command-line MYSQL
#
#SQL_COMMAND_INVOKER='mysql'
#SQL_COMMAND_INVOKER='sqlplus'
@@ -39,17 +39,18 @@ SQL_COMMAND_INVOKER='mysql'
#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar
#SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar
+#SQL_CONNECTOR_JAR=/opt/sqlanywhere17/java/sajdbc4.jar
SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#
# DB password for the DB admin user-id
# **************************************************************************
-# ** If the password is left empty or not-defined here,
-# ** it will be prompted to enter the password during installation process
+# ** If the password is left empty or not-defined here,
+# ** it will be prompted to enter the password during installation process
# **************************************************************************
#
-#db_root_user=root|SYS|postgres|sa
+#db_root_user=root|SYS|postgres|sa|dba
db_root_user=root
db_root_password=
db_host=localhost
@@ -61,7 +62,7 @@ db_name=ranger
db_user=rangeradmin
db_password=
-#Source for Audit DB
+#Source for Audit DB
# * audit_db is solr or db
audit_store=db
@@ -74,9 +75,9 @@ audit_solr_zookeepers=
#
# DB UserId for storing auditlog infromation
-#
+#
# * audit_db can be same as the Ranger schema db
-# * audit_db must exists in the same ${db_host} as Ranger database ${db_name}
+# * audit_db must exists in the same ${db_host} as Ranger database ${db_name}
# * audit_user must be a different user than db_user (as audit user has access to only audit tables)
#
audit_db_name=ranger_audit
@@ -197,4 +198,7 @@ postgres_core_file=db/postgres/xa_core_db_postgres.sql
postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
sqlserver_core_file=db/sqlserver/xa_core_db_sqlserver.sql
sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql
+#
+sqlanywhere_core_file=db/sqlanywhere/xa_core_db_sqlanywhere.sql
+sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql
cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index b79cba4..a88b264 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -303,6 +303,19 @@ sanity_check_files() {
log "[E] ${sqlserver_core_file} does not exists" ; exit 1;
fi
fi
+ if [ "${DB_FLAVOR}" == "SQLANYWHERE" ]
+ then
+ if [ "${LD_LIBRARY_PATH}" == "" ]
+ then
+ log "[E] LD_LIBRARY_PATH environment property not defined, aborting installation."
+ exit 1
+ fi
+ if test -f ${sqlanywhere_core_file}; then
+ log "[I] ${sqlanywhere_core_file} file found"
+ else
+ log "[E] ${sqlanywhere_core_file} does not exists" ; exit 1;
+ fi
+ fi
}
create_rollback_point() {
@@ -874,6 +887,33 @@ update_properties() {
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
fi
+ if [ "${DB_FLAVOR}" == "SQLANYWHERE" ]
+ then
+ propertyName=ranger.jpa.jdbc.url
+ newPropertyValue="jdbc:sqlanywhere:database=${db_name};host=${DB_HOST}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.jpa.audit.jdbc.url
+ newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.jpa.jdbc.dialect
+ newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
+
+ propertyName=ranger.jpa.jdbc.dialect
+ newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
+
+ propertyName=ranger.jpa.jdbc.driver
+ newPropertyValue="sap.jdbc4.sqlanywhere.IDriver"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
+ propertyName=ranger.jpa.audit.jdbc.driver
+ newPropertyValue="sap.jdbc4.sqlanywhere.IDriver"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ fi
+
if [ "${audit_store}" == "solr" ]
then
propertyName=ranger.audit.solr.urls
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 6ffcd66..a536a1a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1366,6 +1366,10 @@ public class RangerBizUtil {
return AppConstants.DB_FLAVOR_POSTGRES;
} else if (StringUtils.containsIgnoreCase(propertyValue, "sqlserver")) {
return AppConstants.DB_FLAVOR_SQLSERVER;
+ } else if (StringUtils.containsIgnoreCase(propertyValue, "mssql")) {
+ return AppConstants.DB_FLAVOR_SQLSERVER;
+ } else if (StringUtils.containsIgnoreCase(propertyValue, "sqlanywhere")) {
+ return AppConstants.DB_FLAVOR_SQLANYWHERE;
} else {
if(logger.isDebugEnabled()) {
logger.debug("DB Falvor could not be determined from property - " + propertyName + "=" + propertyValue);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
index bcbb2af..ccb1855 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -20,6 +20,7 @@
package org.apache.ranger.biz;
import java.util.ArrayList;
+import java.util.Calendar;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
@@ -135,16 +136,18 @@ public class SessionMgr {
userSession.setXXPortalUser(gjUser);
userSession.setXXAuthSession(gjAuthSession);
resetUserSessionForProfiles(userSession);
-
+ Calendar cal = Calendar.getInstance();
if (details != null) {
logger.info("Login Success: loginId=" + currentLoginId
+ ", sessionId=" + gjAuthSession.getId()
+ ", sessionId=" + details.getSessionId()
- + ", requestId=" + details.getRemoteAddress());
+ + ", requestId=" + details.getRemoteAddress()
+ + ", epoch=" + cal.getTimeInMillis());
} else {
logger.info("Login Success: loginId=" + currentLoginId
+ ", sessionId=" + gjAuthSession.getId()
- + ", details is null");
+ + ", details is null"
+ + ", epoch=" + cal.getTimeInMillis());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index 491726f..5de18f6 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -372,6 +372,7 @@ public class AppConstants extends RangerCommonEnums {
* DB Favor SQLServer
*/
public static final int DB_FLAVOR_SQLSERVER = 4;
+ public static final int DB_FLAVOR_SQLANYWHERE = 5;
/***************************************************************
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
index ebdabed..5876445 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java
@@ -19,6 +19,7 @@
package org.apache.ranger.security.listener;
+import java.util.Calendar;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.SessionMgr;
import org.apache.ranger.entity.XXAuthSession;
@@ -66,9 +67,10 @@ public class SpringEventListener implements
: "";
String sessionId = details != null ? details.getSessionId() : "";
- logger.info("Login Successful:" + auth.getName() + " | Ip Address:"
- + remoteAddress + " | sessionId=" + sessionId);
-
+ Calendar cal = Calendar.getInstance();
+ logger.info("Login Successful:" + auth.getName() + " | Ip Address:"
+ + remoteAddress + " | sessionId=" + sessionId + " | Epoch=" +cal.getTimeInMillis() );
+
// success logins are processed further in
// AKASecurityContextFormationFilter
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/storm-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh
index d006379..5b7674a 100644
--- a/storm-agent/scripts/install.sh
+++ b/storm-agent/scripts/install.sh
@@ -258,6 +258,18 @@ then
newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
updatePropertyToFile $propertyName $newPropertyValue $to_file
fi
+if [ "${DB_FLAVOR}" == "SQLANYWHERE" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${audit_db_hostname}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="sap.jdbc4.sqlanywhere.IDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
for f in ${install_dir}/installer/conf/*-changes.cfg
do
if [ -f ${f} ]