You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/07/06 13:10:28 UTC
[35/50] [abbrv] ambari git commit: AMBARI-21058 HDP 3.0 - Changing
common service version for Ranger & Ranger Kms (mugdha)
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml
new file mode 100644
index 0000000..b5f2a7a
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_usersync_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger usersync Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_usersync_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger usersync Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>usersync-log4j template</display-name>
+ <description>usersync-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+log4j.rootLogger = info,logFile
+
+# logFile
+log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.logFile.file=${logdir}/usersync.log
+log4j.appender.logFile.datePattern='.'yyyy-MM-dd
+log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
+log4j.appender.logFile.MaxFileSize = {{ranger_usersync_log_maxfilesize}}MB
+log4j.appender.logFile.MaxBackupIndex = {{ranger_usersync_log_maxbackupindex}}
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.Target=System.out
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
new file mode 100644
index 0000000..1fc8acf
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
@@ -0,0 +1,153 @@
+{
+ "services": [
+ {
+ "name": "RANGER",
+ "identities": [
+ {
+ "name": "/spnego"
+ },
+ {
+ "name": "/smokeuser"
+ }
+ ],
+ "configurations": [
+ {
+ "ranger-admin-site": {
+ "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+ "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+ "xasecure.audit.jaas.Client.option.storeKey": "false",
+ "xasecure.audit.jaas.Client.option.serviceName": "solr"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "RANGER_ADMIN",
+ "identities": [
+ {
+ "name": "rangeradmin",
+ "principal": {
+ "value": "rangeradmin/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "ranger-admin-site/ranger.admin.kerberos.principal",
+ "local_username" : "${ranger-env/ranger_user}"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangeradmin.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-admin-site/ranger.admin.kerberos.keytab"
+ }
+ },
+ {
+ "name": "rangerlookup",
+ "principal": {
+ "value": "rangerlookup/_HOST@${realm}",
+ "configuration": "ranger-admin-site/ranger.lookup.kerberos.principal",
+ "type" : "service"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerlookup.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-admin-site/ranger.lookup.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/spnego",
+ "keytab": {
+ "configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER/RANGER_ADMIN/rangeradmin",
+ "principal": {
+ "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
+ },
+ "keytab": {
+ "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.keyTab"
+ }
+ },
+ {
+ "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "when" : {
+ "contains" : ["services", "AMBARI_INFRA"]
+ }
+ }
+ ]
+ },
+ {
+ "name": "RANGER_USERSYNC",
+ "identities": [
+ {
+ "name": "rangerusersync",
+ "principal": {
+ "value": "rangerusersync/_HOST@${realm}",
+ "type" : "service",
+ "configuration" : "ranger-ugsync-site/ranger.usersync.kerberos.principal",
+ "local_username" : "rangerusersync"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerusersync.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-ugsync-site/ranger.usersync.kerberos.keytab"
+ }
+ }
+ ]
+ },
+ {
+ "name": "RANGER_TAGSYNC",
+ "identities": [
+ {
+ "name": "rangertagsync",
+ "principal": {
+ "value": "rangertagsync/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.principal",
+ "local_username" : "rangertagsync"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangertagsync.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
+ "principal": {
+ "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
+ },
+ "keytab": {
+ "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab"
+ }
+ }
+ ],
+ "configurations": [
+ {
+ "tagsync-application-properties": {
+ "atlas.jaas.KafkaClient.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "atlas.jaas.KafkaClient.loginModuleControlFlag": "required",
+ "atlas.jaas.KafkaClient.option.useKeyTab": "true",
+ "atlas.jaas.KafkaClient.option.storeKey": "true",
+ "atlas.jaas.KafkaClient.option.serviceName": "kafka",
+ "atlas.kafka.sasl.kerberos.service.name": "kafka",
+ "atlas.kafka.security.protocol": "PLAINTEXTSASL"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml
new file mode 100644
index 0000000..c452f2e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml
@@ -0,0 +1,177 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER</name>
+ <displayName>Ranger</displayName>
+ <comment>Comprehensive security for Hadoop</comment>
+ <version>1.0.0.3.0</version>
+ <components>
+
+ <component>
+ <name>RANGER_ADMIN</name>
+ <displayName>Ranger Admin</displayName>
+ <category>MASTER</category>
+ <cardinality>1+</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <dependencies>
+ <dependency>
+ <name>AMBARI_INFRA/INFRA_SOLR_CLIENT</name>
+ <scope>host</scope>
+ <auto-deploy>
+ <enabled>true</enabled>
+ </auto-deploy>
+ </dependency>
+ </dependencies>
+ <commandScript>
+ <script>scripts/ranger_admin.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_admin</logId>
+ <primary>true</primary>
+ </log>
+ <log>
+ <logId>ranger_dbpatch</logId>
+ </log>
+ </logs>
+ </component>
+
+ <component>
+ <name>RANGER_TAGSYNC</name>
+ <displayName>Ranger Tagsync</displayName>
+ <category>SLAVE</category>
+ <cardinality>0-1</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <commandScript>
+ <script>scripts/ranger_tagsync.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <configuration-dependencies>
+ <config-type>ranger-tagsync-site</config-type>
+ <config-type>tagsync-application-properties</config-type>
+ <config-type>ranger-tagsync-policymgr-ssl</config-type>
+ <config-type>atlas-tagsync-ssl</config-type>
+ </configuration-dependencies>
+ </component>
+
+ <component>
+ <name>RANGER_USERSYNC</name>
+ <displayName>Ranger Usersync</displayName>
+ <category>MASTER</category>
+ <cardinality>1</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <auto-deploy>
+ <enabled>true</enabled>
+ <co-locate>RANGER/RANGER_ADMIN</co-locate>
+ </auto-deploy>
+ <commandScript>
+ <script>scripts/ranger_usersync.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_usersync</logId>
+ <primary>true</primary>
+ </log>
+ </logs>
+ </component>
+
+ </components>
+ <configuration-dependencies>
+ <config-type>admin-properties</config-type>
+ <config-type>ranger-admin-site</config-type>
+ <config-type>ranger-ugsync-site</config-type>
+ <config-type>admin-log4j</config-type>
+ <config-type>usersync-log4j</config-type>
+ <config-type>ranger-solr-configuration</config-type>
+ </configuration-dependencies>
+
+ <commandScript>
+ <script>scripts/service_check.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>300</timeout>
+ </commandScript>
+
+ <themes>
+ <theme>
+ <fileName>theme_version_1.json</fileName>
+ <default>true</default>
+ </theme>
+ </themes>
+
+ <osSpecifics>
+ <osSpecific>
+ <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+ <packages>
+ <package>
+ <name>ranger_${stack_version}-admin</name>
+ </package>
+ <package>
+ <name>ranger_${stack_version}-usersync</name>
+ </package>
+ <package>
+ <name>ranger_${stack_version}-tagsync</name>
+ <condition>should_install_ranger_tagsync</condition>
+ </package>
+ <package>
+ <name>ambari-infra-solr-client</name>
+ <condition>should_install_infra_solr_client</condition>
+ </package>
+ </packages>
+ </osSpecific>
+ <osSpecific>
+ <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
+ <packages>
+ <package>
+ <name>ranger-${stack_version}-admin</name>
+ </package>
+ <package>
+ <name>ranger-${stack_version}-usersync</name>
+ </package>
+ <package>
+ <name>ranger-${stack_version}-tagsync</name>
+ <condition>should_install_ranger_tagsync</condition>
+ </package>
+ <package>
+ <name>ambari-infra-solr-client</name>
+ <condition>should_install_infra_solr_client</condition>
+ </package>
+ </packages>
+ </osSpecific>
+ </osSpecifics>
+
+ <quickLinksConfigurations>
+ <quickLinksConfiguration>
+ <fileName>quicklinks.json</fileName>
+ <default>true</default>
+ </quickLinksConfiguration>
+ </quickLinksConfigurations>
+
+ </service>
+ </services>
+</metainfo>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
new file mode 100644
index 0000000..8ea8070
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
@@ -0,0 +1,195 @@
+#!/usr/bin/env python
+
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import base64
+import urllib2
+import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import logging
+from resource_management.core.environment import Environment
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+logger = logging.getLogger()
+RANGER_ADMIN_URL = '{{admin-properties/policymgr_external_url}}'
+ADMIN_USERNAME = '{{ranger-env/admin_username}}'
+ADMIN_PASSWORD = '{{ranger-env/admin_password}}'
+RANGER_ADMIN_USERNAME = '{{ranger-env/ranger_admin_username}}'
+RANGER_ADMIN_PASSWORD = '{{ranger-env/ranger_admin_password}}'
+SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
+
+def get_tokens():
+ """
+ Returns a tuple of tokens in the format {{site/property}} that will be used
+ to build the dictionary passed into execute
+
+ :return tuple
+ """
+ return (RANGER_ADMIN_URL, ADMIN_USERNAME, ADMIN_PASSWORD, RANGER_ADMIN_USERNAME, RANGER_ADMIN_PASSWORD, SECURITY_ENABLED)
+
+
+def execute(configurations={}, parameters={}, host_name=None):
+ """
+ Returns a tuple containing the result code and a pre-formatted result label
+
+ Keyword arguments:
+ configurations (dictionary): a mapping of configuration key to value
+ parameters (dictionary): a mapping of script parameter key to value
+ host_name (string): the name of this host where the alert is running
+ """
+
+ if configurations is None:
+ return (('UNKNOWN', ['There were no configurations supplied to the script.']))
+
+ ranger_link = None
+ ranger_auth_link = None
+ ranger_get_user = None
+ admin_username = None
+ admin_password = None
+ ranger_admin_username = None
+ ranger_admin_password = None
+ security_enabled = False
+
+ stack_version_formatted = Script.get_stack_version()
+ stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, stack_version_formatted)
+
+ if RANGER_ADMIN_URL in configurations:
+ ranger_link = configurations[RANGER_ADMIN_URL]
+ if ranger_link.endswith('/'):
+ ranger_link = ranger_link[:-1]
+ ranger_auth_link = '{0}/{1}'.format(ranger_link, 'service/public/api/repository/count')
+ ranger_get_user = '{0}/{1}'.format(ranger_link, 'service/xusers/users')
+
+ if ADMIN_USERNAME in configurations:
+ admin_username = configurations[ADMIN_USERNAME]
+
+ if ADMIN_PASSWORD in configurations:
+ admin_password = configurations[ADMIN_PASSWORD]
+
+ if RANGER_ADMIN_USERNAME in configurations:
+ ranger_admin_username = configurations[RANGER_ADMIN_USERNAME]
+
+ if RANGER_ADMIN_PASSWORD in configurations:
+ ranger_admin_password = configurations[RANGER_ADMIN_PASSWORD]
+
+ if SECURITY_ENABLED in configurations:
+ security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
+
+ label = None
+ result_code = 'OK'
+
+ try:
+ if security_enabled and stack_supports_ranger_kerberos:
+ result_code = 'UNKNOWN'
+ label = 'This alert will get skipped for Ranger Admin on kerberos env'
+ else:
+ admin_http_code = check_ranger_login(ranger_auth_link, admin_username, admin_password)
+ if admin_http_code == 200:
+ get_user_code = get_ranger_user(ranger_get_user, admin_username, admin_password, ranger_admin_username)
+ if get_user_code:
+ user_http_code = check_ranger_login(ranger_auth_link, ranger_admin_username, ranger_admin_password)
+ if user_http_code == 200:
+ result_code = 'OK'
+ label = 'Login Successful for users {0} and {1}'.format(admin_username, ranger_admin_username)
+ elif user_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(ranger_admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+ else:
+ result_code = 'OK'
+ label = 'Login Successful for user: {0}. User:{1} user not yet synced with Ranger'.format(admin_username, ranger_admin_username)
+ elif admin_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+
+ except Exception, e:
+ label = str(e)
+ result_code = 'UNKNOWN'
+ logger.exception(label)
+
+ return ((result_code, [label]))
+
+def check_ranger_login(ranger_auth_link, username, password):
+ """
+ params ranger_auth_link: ranger login url
+ params username: user credentials
+ params password: user credentials
+
+ return response code
+ """
+ try:
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(ranger_auth_link)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ if response_code == 200:
+ response = json.loads(result.read())
+ return response_code
+ except urllib2.HTTPError, e:
+ logger.exception("Error during Ranger service authentication. Http status code - {0}. {1}".format(e.code, e.read()))
+ return e.code
+ except urllib2.URLError, e:
+ logger.exception("Error during Ranger service authentication. {0}".format(e.reason))
+ return None
+ except Exception, e:
+ return 401
+
+def get_ranger_user(ranger_get_user, username, password, user):
+ """
+ params ranger_get_user: ranger get user url
+ params username: user credentials
+ params password: user credentials
+ params user: user to be search
+ return Boolean if user exist or not
+ """
+ try:
+ url = '{0}?name={1}'.format(ranger_get_user, user)
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(url)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(result.read())
+ if response_code == 200 and len(response['vXUsers']) > 0:
+ for xuser in response['vXUsers']:
+ if xuser['name'] == user:
+ return True
+ else:
+ return False
+ except urllib2.HTTPError, e:
+ logger.exception("Error getting user from Ranger service. Http status code - {0}. {1}".format(e.code, e.read()))
+ return False
+ except urllib2.URLError, e:
+ logger.exception("Error getting user from Ranger service. {0}".format(e.reason))
+ return False
+ except Exception, e:
+ return False
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py
new file mode 100644
index 0000000..e121ccb
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py
@@ -0,0 +1,449 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+import os
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions.stack_features import get_stack_feature_version
+from resource_management.libraries.functions import StackFeature
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
+
+# a map of the Ambari role to the component name
+# for use with <stack-root>/current/<component>
+SERVER_ROLE_DIRECTORY_MAP = {
+ 'RANGER_ADMIN' : 'ranger-admin',
+ 'RANGER_USERSYNC' : 'ranger-usersync',
+ 'RANGER_TAGSYNC' : 'ranger-tagsync'
+}
+
+component_directory = Script.get_component_from_role(SERVER_ROLE_DIRECTORY_MAP, "RANGER_ADMIN")
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+stack_root = Script.get_stack_root()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+version = default("/commandParams/version", None)
+
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+
+upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
+
+xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
+
+create_db_dbuser = config['configurations']['ranger-env']['create_db_dbuser']
+
+# get the correct version to use for checking stack features
+version_for_stack_feature_checks = get_stack_feature_version(config)
+
+stack_supports_rolling_upgrade = check_stack_feature(StackFeature.ROLLING_UPGRADE, version_for_stack_feature_checks)
+stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
+stack_supports_usersync_non_root = check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync = check_stack_feature(StackFeature.RANGER_TAGSYNC_COMPONENT, version_for_stack_feature_checks)
+stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_log4j = check_stack_feature(StackFeature.RANGER_LOG4J_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
+stack_supports_usersync_passwd = check_stack_feature(StackFeature.RANGER_USERSYNC_PASSWORD_JCEKS, version_for_stack_feature_checks)
+stack_supports_infra_client = check_stack_feature(StackFeature.RANGER_INSTALL_INFRA_CLIENT, version_for_stack_feature_checks)
+stack_supports_pid = check_stack_feature(StackFeature.RANGER_PID_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_admin_password_change = check_stack_feature(StackFeature.RANGER_ADMIN_PASSWD_CHANGE, version_for_stack_feature_checks)
+stack_supports_ranger_setup_db_on_start = check_stack_feature(StackFeature.RANGER_SETUP_DB_ON_START, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync_ssl_xml_support = check_stack_feature(StackFeature.RANGER_TAGSYNC_SSL_XML_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_solr_configs = check_stack_feature(StackFeature.RANGER_SOLR_CONFIG_SUPPORT, version_for_stack_feature_checks)
+stack_supports_secure_ssl_password = check_stack_feature(StackFeature.SECURE_RANGER_SSL_PASSWORD, version_for_stack_feature_checks)
+
+downgrade_from_version = default("/commandParams/downgrade_from_version", None)
+upgrade_direction = default("/commandParams/upgrade_direction", None)
+
+ranger_conf = '/etc/ranger/admin/conf'
+ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
+ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
+tagsync_bin = '/usr/bin/ranger-tagsync'
+tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+security_store_path = '/etc/security/serverKeys'
+tagsync_etc_path = '/etc/ranger/tagsync/'
+ranger_tagsync_credential_file= os.path.join(tagsync_etc_path,'rangercred.jceks')
+atlas_tagsync_credential_file= os.path.join(tagsync_etc_path,'atlascred.jceks')
+ranger_tagsync_keystore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']
+ranger_tagsync_truststore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']
+atlas_tagsync_keystore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.keystore.password']
+atlas_tagsync_truststore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.truststore.password']
+
+if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.CONFIG_VERSIONING, version):
+ stack_supports_rolling_upgrade = True
+ stack_supports_config_versioning = False
+
+if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version):
+ stack_supports_usersync_non_root = False
+
+if stack_supports_rolling_upgrade:
+ ranger_home = format('{stack_root}/current/ranger-admin')
+ ranger_conf = '/etc/ranger/admin/conf'
+ ranger_stop = '/usr/bin/ranger-admin-stop'
+ ranger_start = '/usr/bin/ranger-admin-start'
+ usersync_home = format('{stack_root}/current/ranger-usersync')
+ usersync_start = '/usr/bin/ranger-usersync-start'
+ usersync_stop = '/usr/bin/ranger-usersync-stop'
+ ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+
+if stack_supports_config_versioning:
+ ranger_conf = format('{stack_root}/current/ranger-admin/conf')
+ ranger_ugsync_conf = format('{stack_root}/current/ranger-usersync/conf')
+
+if stack_supports_ranger_tagsync:
+ ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
+ tagsync_bin = '/usr/bin/ranger-tagsync'
+ ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
+ tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+
+usersync_services_file = format('{stack_root}/current/ranger-usersync/ranger-usersync-services.sh')
+
+java_home = config['hostLevelParams']['java_home']
+unix_user = config['configurations']['ranger-env']['ranger_user']
+unix_group = config['configurations']['ranger-env']['ranger_group']
+ranger_pid_dir = default("/configurations/ranger-env/ranger_pid_dir", "/var/run/ranger")
+usersync_log_dir = default("/configurations/ranger-env/ranger_usersync_log_dir", "/var/log/ranger/usersync")
+admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir", "/var/log/ranger/admin")
+ranger_admin_default_file = format('{ranger_conf}/ranger-admin-default-site.xml')
+security_app_context_file = format('{ranger_conf}/security-applicationContext.xml')
+ranger_ugsync_default_file = format('{ranger_ugsync_conf}/ranger-ugsync-default.xml')
+usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.xml')
+if stack_supports_ranger_log4j:
+ usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.properties')
+cred_validator_file = format('{usersync_home}/native/credValidator.uexe')
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+usersync_exturl = config['configurations']['admin-properties']['policymgr_external_url']
+if usersync_exturl.endswith('/'):
+ usersync_exturl = usersync_exturl.rstrip('/')
+ranger_host = config['clusterHostInfo']['ranger_admin_hosts'][0]
+ugsync_host = 'localhost'
+usersync_host_info = config['clusterHostInfo']['ranger_usersync_hosts']
+if not is_empty(usersync_host_info) and len(usersync_host_info) > 0:
+ ugsync_host = config['clusterHostInfo']['ranger_usersync_hosts'][0]
+ranger_external_url = config['configurations']['admin-properties']['policymgr_external_url']
+if ranger_external_url.endswith('/'):
+ ranger_external_url = ranger_external_url.rstrip('/')
+ranger_db_name = config['configurations']['admin-properties']['db_name']
+ranger_auditdb_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+
+sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+db_root_user = config['configurations']['admin-properties']['db_root_user']
+db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
+db_host = config['configurations']['admin-properties']['db_host']
+ranger_db_user = config['configurations']['admin-properties']['db_user']
+ranger_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+ranger_db_password = unicode(config['configurations']['admin-properties']['db_password'])
+
+#ranger-env properties
+oracle_home = default("/configurations/ranger-env/oracle_home", "-")
+
+#For curl command in ranger to get db connector
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = None
+previous_jdbc_jar_name = None
+if db_flavor.lower() == 'mysql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
+elif db_flavor.lower() == 'oracle':
+ jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
+ colon_count = db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}') if stack_supports_ranger_audit_db else None
+ else:
+ audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}') if stack_supports_ranger_audit_db else None
+elif db_flavor.lower() == 'postgres':
+ jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
+elif db_flavor.lower() == 'mssql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
+elif db_flavor.lower() == 'sqla':
+ jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+previous_jdbc_jar = format("{java_share_dir}/{previous_jdbc_jar_name}")
+if stack_supports_config_versioning:
+ driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+ previous_jdbc_jar = format("{ranger_home}/ews/lib/{previous_jdbc_jar_name}")
+
+if db_flavor.lower() == 'sqla':
+ downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
+ jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
+ libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
+ jdbc_libs_dir = format("{ranger_home}/native/lib64")
+ ld_lib_path = format("{jdbc_libs_dir}")
+
+#for db connection
+check_db_connection_jar_name = "DBConnectionVerification.jar"
+check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
+ranger_jdbc_connection_url = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.url"]
+ranger_jdbc_driver = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.driver"]
+
+ranger_credential_provider_path = config["configurations"]["ranger-admin-site"]["ranger.credential.provider.path"]
+ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"]
+ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"])
+
+ranger_jpa_audit_jdbc_credential_alias = default('/configurations/ranger-admin-site/ranger.jpa.audit.jdbc.credential.alias', 'rangeraudit')
+ranger_ambari_audit_db_password = ''
+if not is_empty(config["configurations"]["admin-properties"]["audit_db_password"]) and stack_supports_ranger_audit_db:
+ ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"])
+
+ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"]
+ugsync_cred_lib = os.path.join(usersync_home,"lib","*")
+cred_lib_path = os.path.join(ranger_home,"cred","lib","*")
+cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+ranger_audit_source_type = config["configurations"]["ranger-admin-site"]["ranger.audit.source.type"]
+
+ranger_usersync_keystore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.password"])
+ranger_usersync_ldap_ldapbindpassword = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.ldapbindpassword"])
+ranger_usersync_truststore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.truststore.password"])
+ranger_usersync_keystore_file = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.file"]
+default_dn_name = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
+
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
+is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
+ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"]
+ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
+ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
+ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]
+current_host = config['hostname']
+if current_host in ranger_admin_hosts:
+ ranger_host = current_host
+
+# ranger-tagsync
+ranger_tagsync_hosts = default("/clusterHostInfo/ranger_tagsync_hosts", [])
+has_ranger_tagsync = len(ranger_tagsync_hosts) > 0
+
+tagsync_log_dir = default("/configurations/ranger-tagsync-site/ranger.tagsync.logdir", "/var/log/ranger/tagsync")
+tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.keystore.filename"]
+atlas_tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.source.atlasrest.keystore.filename"]
+tagsync_application_properties = dict(config["configurations"]["tagsync-application-properties"]) if has_ranger_tagsync else None
+tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
+tagsync_cred_lib = os.path.join(ranger_tagsync_home, "lib", "*")
+
+ranger_usersync_log_maxfilesize = default('/configurations/usersync-log4j/ranger_usersync_log_maxfilesize',256)
+ranger_usersync_log_maxbackupindex = default('/configurations/usersync-log4j/ranger_usersync_log_maxbackupindex',20)
+ranger_tagsync_log_maxfilesize = default('/configurations/tagsync-log4j/ranger_tagsync_log_maxfilesize',256)
+ranger_tagsync_log_number_of_backup_files = default('/configurations/tagsync-log4j/ranger_tagsync_log_number_of_backup_files',20)
+ranger_xa_log_maxfilesize = default('/configurations/admin-log4j/ranger_xa_log_maxfilesize',256)
+ranger_xa_log_maxbackupindex = default('/configurations/admin-log4j/ranger_xa_log_maxbackupindex',20)
+
+# ranger log4j.properties
+admin_log4j = config['configurations']['admin-log4j']['content']
+usersync_log4j = config['configurations']['usersync-log4j']['content']
+tagsync_log4j = config['configurations']['tagsync-log4j']['content']
+
+# ranger kerberos
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+namenode_hosts = default("/clusterHostInfo/namenode_host", [])
+has_namenode = len(namenode_hosts) > 0
+
+ugsync_policymgr_alias = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.alias"]
+ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.keystore"]
+
+# ranger solr
+audit_solr_enabled = default('/configurations/ranger-env/xasecure.audit.destination.solr', False)
+ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set']
+ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name']
+ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards']
+replication_factor = config['configurations']['ranger-env']['ranger_solr_replication_factor']
+ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
+infra_solr_hosts = default("/clusterHostInfo/infra_solr_hosts", [])
+has_infra_solr = len(infra_solr_hosts) > 0
+is_solrCloud_enabled = default('/configurations/ranger-env/is_solrCloud_enabled', False)
+is_external_solrCloud_enabled = default('/configurations/ranger-env/is_external_solrCloud_enabled', False)
+solr_znode = '/ranger_audits'
+if stack_supports_infra_client and is_solrCloud_enabled:
+ solr_znode = default('/configurations/ranger-admin-site/ranger.audit.solr.zookeepers', 'NONE')
+ if solr_znode != '' and solr_znode.upper() != 'NONE':
+ solr_znode = solr_znode.split('/')
+ if len(solr_znode) > 1 and len(solr_znode) == 2:
+ solr_znode = solr_znode[1]
+ solr_znode = format('/{solr_znode}')
+ if has_infra_solr and not is_external_solrCloud_enabled:
+ solr_znode = config['configurations']['infra-solr-env']['infra_solr_znode']
+solr_user = unix_user
+if has_infra_solr and not is_external_solrCloud_enabled:
+ solr_user = default('/configurations/infra-solr-env/infra_solr_user', unix_user)
+ infra_solr_role_ranger_admin = default('configurations/infra-solr-security-json/infra_solr_role_ranger_admin', 'ranger_user')
+ infra_solr_role_ranger_audit = default('configurations/infra-solr-security-json/infra_solr_role_ranger_audit', 'ranger_audit_user')
+ infra_solr_role_dev = default('configurations/infra-solr-security-json/infra_solr_role_dev', 'dev')
+custom_log4j = has_infra_solr and not is_external_solrCloud_enabled
+
+ranger_audit_max_retention_days = config['configurations']['ranger-solr-configuration']['ranger_audit_max_retention_days']
+ranger_audit_logs_merge_factor = config['configurations']['ranger-solr-configuration']['ranger_audit_logs_merge_factor']
+ranger_solr_config_content = config['configurations']['ranger-solr-configuration']['content']
+
+# get comma separated list of zookeeper hosts
+zookeeper_port = default('/configurations/zoo.cfg/clientPort', None)
+zookeeper_hosts = default("/clusterHostInfo/zookeeper_hosts", [])
+index = 0
+zookeeper_quorum = ""
+for host in zookeeper_hosts:
+ zookeeper_quorum += host + ":" + str(zookeeper_port)
+ index += 1
+ if index < len(zookeeper_hosts):
+ zookeeper_quorum += ","
+
+# solr kerberised
+solr_jaas_file = None
+is_external_solrCloud_kerberos = default('/configurations/ranger-env/is_external_solrCloud_kerberos', False)
+
+if security_enabled:
+ if has_ranger_tagsync:
+ ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
+ if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+ tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
+ tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
+
+ if stack_supports_ranger_kerberos:
+ ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab']
+ ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
+ if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+ ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
+ if stack_supports_infra_client and is_solrCloud_enabled and is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+ solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+ solr_kerberos_principal = ranger_admin_jaas_principal
+ solr_kerberos_keytab = ranger_admin_keytab
+ if stack_supports_infra_client and is_solrCloud_enabled and not is_external_solrCloud_enabled and not is_external_solrCloud_kerberos:
+ solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+ solr_kerberos_principal = ranger_admin_jaas_principal
+ solr_kerberos_keytab = ranger_admin_keytab
+
+# logic to create core-site.xml if hdfs not installed
+if stack_supports_ranger_kerberos and not has_namenode:
+ core_site_property = {
+ 'hadoop.security.authentication': 'kerberos' if security_enabled else 'simple'
+ }
+
+ if security_enabled:
+ realm = 'EXAMPLE.COM'
+ ranger_admin_bare_principal = 'rangeradmin'
+ ranger_usersync_bare_principal = 'rangerusersync'
+ ranger_tagsync_bare_principal = 'rangertagsync'
+
+ ranger_usersync_principal = config['configurations']['ranger-ugsync-site']['ranger.usersync.kerberos.principal']
+ if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+ ranger_admin_bare_principal = get_bare_principal(ranger_admin_principal)
+ if not is_empty(ranger_usersync_principal) and ranger_usersync_principal != '':
+ ranger_usersync_bare_principal = get_bare_principal(ranger_usersync_principal)
+ realm = config['configurations']['kerberos-env']['realm']
+
+ rule_dict = [
+ {'principal': ranger_admin_bare_principal, 'user': unix_user},
+ {'principal': ranger_usersync_bare_principal, 'user': 'rangerusersync'},
+ ]
+
+ if has_ranger_tagsync:
+ if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+ ranger_tagsync_bare_principal = get_bare_principal(ranger_tagsync_principal)
+ rule_dict.append({'principal': ranger_tagsync_bare_principal, 'user': 'rangertagsync'})
+
+ core_site_auth_to_local_property = ''
+ for item in range(len(rule_dict)):
+ rule_line = 'RULE:[2:$1@$0]({0}@{1})s/.*/{2}/\n'.format(rule_dict[item]['principal'], realm, rule_dict[item]['user'])
+ core_site_auth_to_local_property = rule_line + core_site_auth_to_local_property
+
+ core_site_auth_to_local_property = core_site_auth_to_local_property + 'DEFAULT'
+ core_site_property['hadoop.security.auth_to_local'] = core_site_auth_to_local_property
+
+upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
+
+# ranger service pid
+user_group = config['configurations']['cluster-env']['user_group']
+ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
+ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
+
+# admin credential
+admin_username = config['configurations']['ranger-env']['admin_username']
+admin_password = config['configurations']['ranger-env']['admin_password']
+default_admin_password = 'admin'
+
+ranger_is_solr_kerberised = "false"
+if audit_solr_enabled and is_solrCloud_enabled:
+ # Check internal solrCloud
+ if security_enabled and not is_external_solrCloud_enabled:
+ ranger_is_solr_kerberised = "true"
+ # Check external solrCloud
+ if is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+ ranger_is_solr_kerberised = "true"
+
+hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", [])
+is_hbase_ha_enabled = True if len(hbase_master_hosts) > 1 else False
+is_namenode_ha_enabled = True if len(namenode_hosts) > 1 else False
+ranger_hbase_plugin_enabled = False
+ranger_hdfs_plugin_enabled = False
+
+
+if is_hbase_ha_enabled:
+ if not is_empty(config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']):
+ ranger_hbase_plugin_enabled = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes'
+if is_namenode_ha_enabled:
+ if not is_empty(config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled']):
+ ranger_hdfs_plugin_enabled = config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled'].lower() == 'yes'
+
+ranger_admin_password_properties = ['ranger.jpa.jdbc.password', 'ranger.jpa.audit.jdbc.password', 'ranger.ldap.bind.password', 'ranger.ldap.ad.bind.password']
+ranger_usersync_password_properties = ['ranger.usersync.ldap.ldapbindpassword']
+ranger_tagsync_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
+if stack_supports_secure_ssl_password:
+ ranger_admin_password_properties.extend(['ranger.service.https.attrib.keystore.pass', 'ranger.truststore.password'])
+ ranger_usersync_password_properties.extend(['ranger.usersync.keystore.password', 'ranger.usersync.truststore.password'])
+
+ranger_auth_method = config['configurations']['ranger-admin-site']['ranger.authentication.method']
+ranger_ldap_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.binddn.credential.alias', 'ranger.ldap.bind.password')
+ranger_ad_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.ad.binddn.credential.alias', 'ranger.ldap.ad.bind.password')
+ranger_https_keystore_alias = default('/configurations/ranger-admin-site/ranger.service.https.attrib.keystore.credential.alias', 'keyStoreCredentialAlias')
+ranger_truststore_alias = default('/configurations/ranger-admin-site/ranger.truststore.alias', 'trustStoreAlias')
+https_enabled = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.ssl.enabled']
+http_enabled = config['configurations']['ranger-admin-site']['ranger.service.http.enabled']
+https_keystore_password = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.keystore.pass']
+truststore_password = config['configurations']['ranger-admin-site']['ranger.truststore.password']
+
+# need this to capture cluster name for ranger tagsync
+cluster_name = config['clusterName']
+ranger_ldap_bind_auth_password = config['configurations']['ranger-admin-site']['ranger.ldap.bind.password']
+ranger_ad_bind_auth_password = config['configurations']['ranger-admin-site']['ranger.ldap.ad.bind.password']
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py
new file mode 100644
index 0000000..bdf7661
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py
@@ -0,0 +1,210 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import setup_ranger_audit_solr, setup_ranger_admin_passwd_change
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+from setup_ranger_xml import ranger
+import upgrade
+import os, errno
+
+class RangerAdmin(Script):
+
+ def get_component_name(self):
+ return "ranger-admin"
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+ # call config and setup db only in case of stack version < 2.6
+ if not params.stack_supports_ranger_setup_db_on_start:
+ self.configure(env, setup_db=True)
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_rolling_upgrade and not params.stack_supports_config_versioning and os.path.isfile(format('{ranger_home}/ews/stop-ranger-admin.sh')):
+ File(format('{ranger_home}/ews/stop-ranger-admin.sh'),
+ owner=params.unix_user,
+ group = params.unix_group
+ )
+
+ Execute(format('{params.ranger_stop}'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ if params.stack_supports_pid:
+ File(params.ranger_admin_pid_file,
+ action = "delete"
+ )
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ upgrade.prestart(env, "ranger-admin")
+
+ self.set_ru_rangeradmin_in_progress(params.upgrade_marker_file)
+
+ def post_upgrade_restart(self,env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if os.path.isfile(params.upgrade_marker_file):
+ os.remove(params.upgrade_marker_file)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ # setup db only if in case stack version is > 2.6
+ self.configure(env, upgrade_type=upgrade_type, setup_db=params.stack_supports_ranger_setup_db_on_start)
+
+ if params.stack_supports_infra_client and params.audit_solr_enabled and params.is_solrCloud_enabled:
+ solr_cloud_util.setup_solr_client(params.config, custom_log4j = params.custom_log4j)
+ setup_ranger_audit_solr()
+
+ ranger_service('ranger_admin')
+
+ def status(self, env):
+ import status_params
+
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_admin_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ if self.is_ru_rangeradmin_in_progress(status_params.upgrade_marker_file):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Logger.debug('Ranger admin process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def configure(self, env, upgrade_type=None, setup_db=False):
+ import params
+ env.set_params(params)
+
+ # set up db if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db()
+
+ ranger('ranger_admin', upgrade_type=upgrade_type)
+
+ # set up java patches if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch()
+
+ if params.stack_supports_ranger_admin_password_change:
+ setup_ranger_admin_passwd_change()
+
+ def set_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ config_dir = os.path.dirname(upgrade_marker_file)
+ try:
+ msg = "Starting Upgrade"
+ if (not os.path.exists(config_dir)):
+ os.makedirs(config_dir)
+ ofp = open(upgrade_marker_file, 'w')
+ ofp.write(msg)
+ ofp.close()
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(config_dir):
+ pass
+ else:
+ raise
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+ def setup_ranger_database(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Setting Ranger database schema, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db(stack_version=stack_version)
+
+ def setup_ranger_java_patches(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Applying Ranger java patches, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch(stack_version=stack_version)
+
+ def set_pre_start(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-admin", stack_version)
+ conf_select.select(stack_name, "ranger-admin", stack_version)
+
+ def get_log_folder(self):
+ import params
+ return params.admin_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerAdmin().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py
new file mode 100644
index 0000000..a0ecfac
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.show_logs import show_logs
+from resource_management.core.resources.system import Execute
+
+def ranger_service(name, action=None):
+ import params
+
+ env_dict = {'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_lib_path}
+
+ if name == 'ranger_admin':
+ no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
+ try:
+ Execute(params.ranger_start, environment=env_dict, user=params.unix_user, not_if=no_op_test)
+ except:
+ show_logs(params.admin_log_dir, params.unix_user)
+ raise
+ elif name == 'ranger_usersync':
+ no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
+ if params.stack_supports_usersync_non_root:
+ try:
+ Execute(params.usersync_start,
+ environment=env_dict,
+ not_if=no_op_test,
+ user=params.unix_user
+ )
+ except:
+ show_logs(params.usersync_log_dir, params.unix_user)
+ raise
+ else:
+ # Usersync requires to be run as root for 2.2
+ Execute((params.usersync_start,),
+ environment={'JAVA_HOME': params.java_home},
+ not_if=no_op_test,
+ sudo=True
+ )
+ elif name == 'ranger_tagsync' and params.stack_supports_ranger_tagsync:
+ no_op_test = format('ps -ef | grep proc_rangertagsync | grep -v grep')
+ cmd = format('{tagsync_services_file} start')
+ try:
+ Execute(cmd,
+ environment=env_dict,
+ user=params.unix_user,
+ not_if=no_op_test
+ )
+ except:
+ show_logs(params.tagsync_log_dir, params.unix_user)
+ raise
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py
new file mode 100644
index 0000000..c1e32ba
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py
@@ -0,0 +1,139 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.core.resources.system import Execute, File
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import ranger, ranger_credential_helper
+from resource_management.core.exceptions import Fail
+import upgrade
+
+class RangerTagsync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'tagadmin.user.password', 'rangertagsync', params.tagsync_jceks_path)
+ File(params.tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ ranger('ranger_tagsync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_tagsync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ Execute(format('{tagsync_services_file} stop'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ File(params.tagsync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ check_process_status(status_params.tagsync_pid_file)
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_ranger_tagsync:
+ Logger.info("Executing Ranger Tagsync Stack Upgrade pre-restart")
+ conf_select.select(params.stack_name, "ranger-tagsync", params.version)
+ stack_select.select("ranger-tagsync", params.version)
+
+ def get_component_name(self):
+ return "ranger-tagsync"
+
+ def get_log_folder(self):
+ import params
+ return params.tagsync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+ def get_pid_files(self):
+ import status_params
+ return [status_params.tagsync_pid_file]
+
+ def configure_atlas_user_for_tagsync(self, env):
+ Logger.info("Configuring Atlas user for Tagsync service.")
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-tagsync", stack_version)
+ conf_select.select(stack_name, "ranger-tagsync", stack_version)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Upgrading Tagsync, stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Upgrading Tagsync, stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ Logger.info("Configuring Atlas user for Tagsync service done.")
+
+ def create_atlas_user_keystore(self,env):
+ import params
+ env.set_params(params)
+ ranger_credential_helper(params.tagsync_cred_lib, 'atlas.user.password', 'admin', params.atlas_tagsync_jceks_path)
+ File(params.atlas_tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+if __name__ == "__main__":
+ RangerTagsync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py
new file mode 100644
index 0000000..ca84528
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+from setup_ranger_xml import ranger
+import upgrade
+import os
+
+class RangerUsersync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_usersync_passwd:
+ from setup_ranger_xml import ranger_credential_helper
+ ranger_credential_helper(params.ugsync_cred_lib, params.ugsync_policymgr_alias, 'rangerusersync', params.ugsync_policymgr_keystore)
+
+ File(params.ugsync_policymgr_keystore,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ ranger('ranger_usersync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_usersync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_usersync_non_root and os.path.isfile(params.usersync_services_file):
+ File(params.usersync_services_file,
+ mode = 0755
+ )
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True
+ )
+
+ Execute((params.usersync_stop,), environment={'JAVA_HOME': params.java_home}, sudo=True)
+ if params.stack_supports_pid:
+ File(params.ranger_usersync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_usersync_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ Logger.debug('Ranger usersync process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ upgrade.prestart(env, "ranger-usersync")
+
+ def get_component_name(self):
+ return "ranger-usersync"
+
+ def get_log_folder(self):
+ import params
+ return params.usersync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerUsersync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py
new file mode 100644
index 0000000..fb6af95
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py
@@ -0,0 +1,49 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+import os
+
+
+class RangerServiceCheck(Script):
+
+ def service_check(self, env):
+ import params
+
+ env.set_params(params)
+ self.check_ranger_admin_service(params.ranger_external_url, params.upgrade_marker_file)
+
+ def check_ranger_admin_service(self, ranger_external_url, upgrade_marker_file):
+ if (self.is_ru_rangeradmin_in_progress(upgrade_marker_file)):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp | grep 200"),
+ tries = 10,
+ try_sleep=3,
+ logoutput=True)
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+if __name__ == "__main__":
+ RangerServiceCheck().execute()