You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/11/11 21:58:47 UTC
[03/10] incubator-ranger git commit: RANGER-714: Enhancements to the
db admin setup scripts
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 40a6c49..5564737 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -30,6 +30,8 @@ globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
+jisql_debug=True
+
if os_name == "LINUX":
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
if RANGER_ADMIN_HOME is None:
@@ -104,8 +106,20 @@ def password_validation(password, userType):
else:
log("[I] "+userType+" user password validated","info")
else:
- log("[E] Blank password is not allowed,please enter valid password.","error")
- sys.exit(1)
+ if userType == "DBA root":
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
+
+def jisql_log(query, db_root_password):
+ if jisql_debug == True:
+ if os_name == "WINDOWS":
+ query = query.replace(' -p "'+db_root_password+'"' , ' -p "********"')
+ log("[JISQL] "+query, "info")
+ else:
+ query = query.replace(" -p '"+db_root_password+"'" , " -p '********'")
+ log("[JISQL] "+query, "info")
class BaseDB(object):
@@ -133,10 +147,10 @@ class MysqlConf(BaseDB):
#TODO: User array for forming command
path = RANGER_ADMIN_HOME
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
self.JAVA_BIN = self.JAVA_BIN.strip("'")
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -146,6 +160,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -159,6 +174,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"SELECT version();\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT version();\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
#log("[I] Checking connection passed.", "info")
@@ -182,9 +198,11 @@ class MysqlConf(BaseDB):
log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if os_name == "LINUX":
query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, host, db_user, get_cmd, dryMode):
@@ -199,9 +217,11 @@ class MysqlConf(BaseDB):
log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if os_name == "LINUX":
query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\" -c ;" %(db_user, host, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode):
@@ -224,6 +244,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -243,6 +264,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name)
if dryMode == False:
log("[I] Database does not exist, Creating database " + db_name,"info")
+ jisql_log(query, db_root_password)
if os_name == "LINUX":
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
@@ -264,38 +286,27 @@ class MysqlConf(BaseDB):
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
hosts_arr =["%", "localhost"]
hosts_arr.append(self.host)
- '''
- if is_revoke:
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- '''
-
for host in hosts_arr:
if dryMode == False:
log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
if os_name == "LINUX":
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] ---------- FLUSH PRIVILEGES ----------" , "info")
if os_name == "LINUX":
query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;"
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
@@ -314,24 +325,28 @@ class MysqlConf(BaseDB):
if dryMode == False:
log("[I] ---------- Setup audit user ----------","info")
self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode)
- '''
- if is_revoke:
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- '''
self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password,dryMode)
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to MySQL Server from a MySQL dba user(i.e 'root') to execute below sql statements.")
+ hosts_arr =["%", "localhost"]
+ if not self.host == "localhost": hosts_arr.append(self.host)
+ for host in hosts_arr:
+ logFile("create user '%s'@'%s' identified by '%s';" %(db_user, host, db_password))
+ logFile("create database %s;"%(db_name))
+ for host in hosts_arr:
+ logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(db_name, db_user, host))
+ logFile("FLUSH PRIVILEGES;")
+ if not db_user == audit_db_user:
+ for host in hosts_arr:
+ logFile("create user '%s'@'%s' identified by '%s';"%(audit_db_user, host, audit_db_password))
+ if not db_name == audit_db_name:
+ logFile("create database %s;"%(audit_db_name))
+ if not db_name == audit_db_name:
+ for host in hosts_arr:
+ logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(audit_db_name, db_user, host))
+ logFile("FLUSH PRIVILEGES;")
class OracleConf(BaseDB):
@@ -344,13 +359,21 @@ class OracleConf(BaseDB):
def get_jisql_cmd(self, user, password):
#TODO: User array for forming command
path = RANGER_ADMIN_HOME
- #print "self.JAVA_BIN=" + self.JAVA_BIN
- self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+ if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
+ self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
+
+ #if self.host.count(":") == 2:
+ if self.host.count(":") == 2 or self.host.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(self.host)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(self.host)
+
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, cstring, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password)
- #print jisql_cmd
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -360,6 +383,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select * from v$version;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from v$version;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Connection success", "info")
@@ -376,6 +400,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select username from all_users where upper(username)=upper('%s');\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -393,9 +418,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_user, db_root_password,dryMode):
@@ -403,9 +430,11 @@ class OracleConf(BaseDB):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
@@ -430,6 +459,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name+' |'):
return True
@@ -446,6 +476,7 @@ class OracleConf(BaseDB):
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query).strip()
db_name = db_name.upper() +' |'
if output == db_name:
@@ -461,9 +492,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_tablespace(root_user, db_root_password, db_name,dryMode):
@@ -487,17 +520,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user , db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting Oracle user '" + db_user + "' done", "info")
@@ -526,9 +563,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(audit_db_name, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Tablespace creation failed..","error")
@@ -549,9 +588,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Tablespace creation failed..","error")
@@ -569,9 +610,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
+ jisql_log(query, audit_db_root_password)
ret1 = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, db_name)
+ jisql_log(query, audit_db_root_password)
ret1 = subprocess.call(query)
log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
@@ -579,18 +622,22 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
if os_name == "LINUX":
query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret2 = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, audit_db_name)
+ jisql_log(query, audit_db_root_password)
ret2 = subprocess.call(query)
if (ret1 == 0 and ret2 == 0):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
return True
@@ -609,9 +656,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granted permission to " + db_user, "info")
@@ -636,9 +685,11 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode):
@@ -646,9 +697,11 @@ class OracleConf(BaseDB):
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
@@ -674,17 +727,21 @@ class OracleConf(BaseDB):
get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
if os_name == "LINUX":
query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(audit_db_user, audit_db_password)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" %(audit_db_user)
+ jisql_log(query, audit_db_root_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Granting permission to " + audit_db_user + " done", "info")
@@ -700,6 +757,18 @@ class OracleConf(BaseDB):
if DBA_MODE == "TRUE":
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.")
+ logFile('create user %s identified by "%s";'%(db_user, db_password))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user))
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
+ logFile('alter user %s identified by "%s" DEFAULT tablespace %s;'%(db_user, db_password, db_name))
+ if not db_user == audit_db_user:
+ logFile('create user %s identified by "%s";'%(audit_db_user, audit_db_password))
+ logFile('GRANT CREATE SESSION TO %s;' %(audit_db_user))
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name))
+ logFile('alter user %s identified by "%s" DEFAULT tablespace %s;' %(audit_db_user, audit_db_password, audit_db_name))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user))
class PostgresConf(BaseDB):
# Constructor
@@ -713,9 +782,9 @@ class PostgresConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -726,6 +795,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -739,6 +809,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
#log("[I] connection success", "info")
@@ -758,9 +829,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
if os_name == "LINUX":
query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -782,6 +855,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -799,9 +873,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
if os_name == "LINUX":
query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -822,9 +898,11 @@ class PostgresConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting all privileges on database "+db_name+" to user "+db_user+" failed..", "error")
@@ -832,9 +910,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Granting all privileges on schema public to user "+db_user+" failed..", "error")
@@ -842,9 +922,11 @@ class PostgresConf(BaseDB):
if os_name == "LINUX":
query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\""
+ jisql_log(query, db_root_password)
output = check_output(query)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query)
for each_line in output.split('\n'):
if len(each_line) == 0 : continue
@@ -853,12 +935,14 @@ class PostgresConf(BaseDB):
tablename = tablename.strip()
if os_name == "LINUX":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(shlex.split(query1))
if ret != 0:
log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
sys.exit(1)
elif os_name == "WINDOWS":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(query1)
if ret != 0:
log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
@@ -870,6 +954,7 @@ class PostgresConf(BaseDB):
output = check_output(query)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\" -c ;"
+ jisql_log(query, db_root_password)
output = check_output(query)
for each_line in output.split('\n'):
if len(each_line) == 0 : continue
@@ -878,12 +963,14 @@ class PostgresConf(BaseDB):
sequence_name = sequence_name.strip()
if os_name == "LINUX":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(shlex.split(query1))
if ret != 0:
log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
sys.exit(1)
elif os_name == "WINDOWS":
query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user)
+ jisql_log(query1, db_root_password)
ret = subprocess.call(query1)
if ret != 0:
log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
@@ -907,6 +994,25 @@ class PostgresConf(BaseDB):
if DBA_MODE == "TRUE":
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password))
+ logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user))
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(db_name))
+ logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(db_name, db_user))
+ logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user))
+ if not db_user == audit_db_user:
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(audit_db_user, audit_db_password))
+ if not db_name == audit_db_name:
+ if not db_user == audit_db_user:
+ pass
+ else:
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.")
+ logFile("CREATE DATABASE %s WITH OWNER %s;" %(audit_db_name, db_user))
+ logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(audit_db_name))
+ logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(audit_db_name, db_user))
+ logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user))
class SqlServerConf(BaseDB):
# Constructor
@@ -920,9 +1026,9 @@ class SqlServerConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -933,6 +1039,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from sys.sql_logins where name = '%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from sys.sql_logins where name = '%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -946,6 +1053,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -965,9 +1073,11 @@ class SqlServerConf(BaseDB):
log("[I] User does not exists, Creating Login user " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\" -c ;" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -989,6 +1099,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name from sys.databases where name='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -1005,9 +1116,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -1029,6 +1142,7 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
if dryMode == False:
@@ -1037,15 +1151,18 @@ class SqlServerConf(BaseDB):
if dryMode == False:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s for LOGIN %s;\"" %(db_user, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s for LOGIN %s;\" -c ;" %(db_user, db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
log("[I] User "+db_user+" exist ","info")
@@ -1064,9 +1181,11 @@ class SqlServerConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \" EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \" EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -1085,6 +1204,35 @@ class SqlServerConf(BaseDB):
self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke, dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(db_user, db_password))
+ logFile("create database %s;" %(db_name))
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(db_name))
+ logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user))
+ logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user))
+ if not db_user == audit_db_user:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(audit_db_user, audit_db_password))
+ if not db_name == audit_db_name:
+ if not db_user == audit_db_user:
+ pass
+ else:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.")
+ logFile("create database %s;"%(audit_db_name))
+ if db_name == audit_db_name and db_user!=audit_db_user:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(audit_db_name))
+ logFile("CREATE USER %s for LOGIN %s;" %(audit_db_user, audit_db_user))
+ if db_name != audit_db_name:
+ logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(audit_db_name))
+ if db_user==audit_db_user:
+ logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user))
+ else:
+ logFile("CREATE USER %s for LOGIN %s;" %(audit_db_user, audit_db_user))
+ logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user))
+ logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user))
+
+
class SqlAnywhereConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -1096,9 +1244,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -1109,6 +1257,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from syslogins where name = '%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name = '%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
return True
@@ -1122,6 +1271,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
+ jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
@@ -1141,9 +1291,11 @@ class SqlAnywhereConf(BaseDB):
log("[I] User does not exists, Creating Login user " + db_user, "info")
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if self.verify_user(root_user, db_root_password, db_user,dryMode):
@@ -1165,6 +1317,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"start database '%s' autostop off;\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"start database '%s' autostop off;\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
def verify_db(self, root_user, db_root_password, db_name,dryMode):
@@ -1175,6 +1328,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select alias from sa_db_info() where alias='%s';\"" %(db_name)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select alias from sa_db_info() where alias='%s';\" -c ;" %(db_name)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_name + " |"):
return True
@@ -1191,9 +1345,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, '')
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\"" %(db_name,db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\" -c ;" %(db_name,db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] Database creation failed..","error")
@@ -1216,6 +1372,7 @@ class SqlAnywhereConf(BaseDB):
query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
if dryMode == False:
@@ -1224,15 +1381,18 @@ class SqlAnywhereConf(BaseDB):
if dryMode == False:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
if os_name == "LINUX":
query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user)
+ jisql_log(query, db_root_password)
output = check_output(query)
if output.strip(db_user + " |"):
log("[I] User "+db_user+" exist ","info")
@@ -1251,9 +1411,11 @@ class SqlAnywhereConf(BaseDB):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
if os_name == "LINUX":
query = get_cmd + " -c \; -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password)
+ jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret != 0:
sys.exit(1)
@@ -1271,6 +1433,21 @@ class SqlAnywhereConf(BaseDB):
self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
self.grant_xa_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password, is_revoke, dryMode)
+ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
+ logFile("# Login to SQL Anywhere Server from a SQLA dba user(i.e 'dba') to execute below sql statements.")
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password))
+ logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(db_name, db_user ,db_password))
+ logFile("start database '%s' autostop off;" %(db_name))
+ if not db_user == audit_db_user:
+ logFile("CREATE USER %s IDENTIFIED BY '%s';" %(audit_db_user, audit_db_password))
+ if not db_name == audit_db_name:
+ logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(audit_db_name, db_user ,db_password))
+ logFile("start database '%s' autostop off;" %(audit_db_name))
+ if not db_user == audit_db_user:
+ logFile("# Login to SQL Anywhere Server from '%s' user on '%s' database to execute below sql statements."%(db_user,audit_db_name))
+ logFile("GRANT CONNECT to %s IDENTIFIED BY '%s';" %(audit_db_user, audit_db_password))
+
+
def main(argv):
FORMAT = '%(asctime)-15s %(message)s'
@@ -1281,7 +1458,7 @@ def main(argv):
dryMode=False
is_revoke=False
- if len(argv) == 3:
+ if len(argv) == 4 and argv[3] == 'password_validation':
password_validation(argv[1],argv[2]);
return;
@@ -1334,20 +1511,24 @@ def main(argv):
else:
log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
sys.exit(1)
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
else:
- if os.environ['JAVA_HOME'] == "":
- log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
- sys.exit(1)
- JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
- if os_name == "WINDOWS" :
- JAVA_BIN = JAVA_BIN+'.exe'
- if os.path.isfile(JAVA_BIN):
- pass
- else :
- while os.path.isfile(JAVA_BIN) == False:
- log("Enter java executable path: :","info")
- JAVA_BIN=raw_input()
- log("[I] Using Java:" + str(JAVA_BIN),"info")
+ JAVA_BIN=''
+ if not dryMode:
+ if os.environ['JAVA_HOME'] == "":
+ log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
+ if os_name == "WINDOWS" :
+ JAVA_BIN = JAVA_BIN+'.exe'
+ if os.path.isfile(JAVA_BIN):
+ pass
+ else :
+ while os.path.isfile(JAVA_BIN) == False:
+ log("Enter java executable path: :","info")
+ JAVA_BIN=raw_input()
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
+
if (quiteMode):
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
@@ -1366,121 +1547,135 @@ def main(argv):
if (quiteMode):
CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
else:
- if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL":
- log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
- CONNECTOR_JAR=raw_input()
- while os.path.isfile(CONNECTOR_JAR) == False:
- log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=''
+ if not dryMode:
+ if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL" or XA_DB_FLAVOR == "SQLA":
+ log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
CONNECTOR_JAR=raw_input()
- else:
- log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
- sys.exit(1)
+ while os.path.isfile(CONNECTOR_JAR) == False:
+ log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=raw_input()
+ else:
+ log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
+ sys.exit(1)
if (quiteMode):
xa_db_host = globalDict['db_host']
audit_db_host = globalDict['db_host']
+ log("[I] DB Host:" + str(xa_db_host),"info")
else:
- xa_db_host=''
- while xa_db_host == "":
- log("Enter DB Host :","info")
- xa_db_host=raw_input()
- audit_db_host=xa_db_host
- log("[I] DB Host:" + str(xa_db_host),"info")
+ if (dryMode):
+ xa_db_host='127.0.0.1'
+ audit_db_host='127.0.0.1'
+ else:
+ xa_db_host=''
+ while xa_db_host == "":
+ log("Enter DB Host :","info")
+ xa_db_host=raw_input()
+ audit_db_host=xa_db_host
+ log("[I] DB Host:" + str(xa_db_host),"info")
if (quiteMode):
xa_db_root_user = globalDict['db_root_user']
xa_db_root_password = globalDict['db_root_password']
else:
- xa_db_root_user=''
- while xa_db_root_user == "":
- log("Enter db root user:","info")
- xa_db_root_user=raw_input()
- log("Enter db root password:","info")
- xa_db_root_password = getpass.getpass("Enter db root password:")
+ if (dryMode):
+ xa_db_root_user='db_root_user'
+ xa_db_root_password='*****'
+ else:
+ xa_db_root_user=''
+ while xa_db_root_user == "":
+ log("Enter db root user:","info")
+ xa_db_root_user=raw_input()
+ log("Enter db root password:","info")
+ xa_db_root_password = getpass.getpass("Enter db root password:")
if (quiteMode):
db_name = globalDict['db_name']
else:
- db_name = ''
- while db_name == "":
- log("Enter DB Name :","info")
- db_name=raw_input()
+ if (dryMode):
+ db_name='ranger_db'
+ else:
+ db_name = ''
+ while db_name == "":
+ log("Enter DB Name :","info")
+ db_name=raw_input()
if (quiteMode):
db_user = globalDict['db_user']
else:
- db_user=''
- while db_user == "":
- log("Enter db user name:","info")
- db_user=raw_input()
+ if (dryMode):
+ db_user='ranger_admin_user'
+ else:
+ db_user=''
+ while db_user == "":
+ log("Enter db user name:","info")
+ db_user=raw_input()
if (quiteMode):
db_password = globalDict['db_password']
else:
- db_password=''
- while db_password == "":
- log("Enter db user password:","info")
- db_password = getpass.getpass("Enter db user password:")
+ if (dryMode):
+ db_password='*****'
+ else:
+ db_password=''
+ while db_password == "":
+ log("Enter db user password:","info")
+ db_password = getpass.getpass("Enter db user password:")
if (quiteMode):
audit_db_name = globalDict['audit_db_name']
else:
- audit_db_name=''
- while audit_db_name == "":
- log("Enter audit db name:","info")
- audit_db_name = raw_input()
+ if (dryMode):
+ audit_db_name='ranger_audit_db'
+ else:
+ audit_db_name=''
+ while audit_db_name == "":
+ log("Enter audit db name:","info")
+ audit_db_name = raw_input()
if (quiteMode):
audit_db_user = globalDict['audit_db_user']
else:
- audit_db_user=''
- while audit_db_user == "":
- log("Enter audit user name:","info")
- audit_db_user = raw_input()
+ if (dryMode):
+ audit_db_user='ranger_logger_user'
+ else:
+ audit_db_user=''
+ while audit_db_user == "":
+ log("Enter audit user name:","info")
+ audit_db_user = raw_input()
if (quiteMode):
audit_db_password = globalDict['audit_db_password']
else:
- audit_db_password=''
- while audit_db_password == "":
- log("Enter audit db user password:","info")
- audit_db_password = getpass.getpass("Enter audit db user password:")
+ if (dryMode):
+ audit_db_password='*****'
+ else:
+ audit_db_password=''
+ while audit_db_password == "":
+ log("Enter audit db user password:","info")
+ audit_db_password = getpass.getpass("Enter audit db user password:")
audit_db_root_user = xa_db_root_user
audit_db_root_password = xa_db_root_password
- #audit_db_root_user = globalDict['db_root_user']
- #audit_db_root_password = globalDict['db_root_password']
- #print "Enter audit_db_root_password :"
- #log("Enter audit db root user:","info")
- #audit_db_root_user = raw_input()
- #log("Enter db root password:","info")
- #xa_db_root_password = raw_input()
mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
- #mysql_core_file = globalDict['mysql_core_file']
mysql_core_file = os.path.join('db','mysql','xa_core_db.sql')
- #mysql_audit_file = globalDict['mysql_audit_file']
mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql')
mysql_patches = os.path.join('db','mysql','patches')
oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql')
- #oracle_core_file = globalDict['oracle_core_file']
oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql')
- #oracle_audit_file = globalDict['oracle_audit_file']
oracle_audit_file = os.path.join('db','oracle','xa_audit_db_oracle.sql')
oracle_patches = os.path.join('db','oracle','patches')
postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql')
- #postgres_core_file = globalDict['postgres_core_file']
postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql')
- #postgres_audit_file = globalDict['postgres_audit_file']
postgres_audit_file = os.path.join('db','postgres','xa_audit_db_postgres.sql')
postgres_patches = os.path.join('db','postgres','patches')
sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql')
- #sqlserver_core_file = globalDict['sqlserver_core_file']
sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql')
- #sqlserver_audit_file = globalDict['sqlserver_audit_file']
sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql')
sqlserver_patches = os.path.join('db','sqlserver','patches')
@@ -1494,8 +1689,6 @@ def main(argv):
x_user = 'x_portal_user'
if XA_DB_FLAVOR == "MYSQL":
- #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,mysql_dbversion_catalog)
@@ -1503,21 +1696,16 @@ def main(argv):
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,mysql_patches)
elif XA_DB_FLAVOR == "ORACLE":
- #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
- if os_name == "LINUX":
+ if xa_db_root_user.upper() == "SYS" :
xa_db_root_user = xa_db_root_user+" AS SYSDBA"
- elif os_name == "WINDOWS":
- xa_db_root_user = xa_db_root_user
+
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,oracle_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,oracle_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,oracle_patches)
elif XA_DB_FLAVOR == "POSTGRES":
- #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
db_user=db_user.lower()
db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
@@ -1527,8 +1715,6 @@ def main(argv):
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,postgres_patches)
elif XA_DB_FLAVOR == "MSSQL":
- #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_dbversion_catalog)
@@ -1550,35 +1736,26 @@ def main(argv):
sys.exit(1)
if AUDIT_DB_FLAVOR == "MYSQL":
- #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,mysql_audit_file)
elif AUDIT_DB_FLAVOR == "ORACLE":
- #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
- if os_name == "LINUX":
+ if audit_db_root_user.upper() == "SYS":
audit_db_root_user = audit_db_root_user+" AS SYSDBA"
- if os_name == "WINDOWS":
- audit_db_root_user = audit_db_root_user
+
audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
- #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
audit_db_user=audit_db_user.lower()
- audit_db_name=audit_db_name.lower()
+ audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
elif AUDIT_DB_FLAVOR == "MSSQL":
- #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
- #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_audit_file)
@@ -1599,22 +1776,19 @@ def main(argv):
if audit_store is None or audit_store == "":
audit_store = "db"
audit_store=audit_store.lower()
-
- log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info")
- password_validation(db_password,"admin");
- log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
- password_validation(audit_db_password,"audit");
+ if not dryMode:
+ log("[I] ---------- Verifing DB root password ---------- ","info")
+ password_validation(xa_db_root_password,"DBA root");
+ log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info")
+ password_validation(db_password,"admin");
+ log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
+ password_validation(audit_db_password,"audit");
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
- log("[I] Dry run mode:"+str(dryMode),"info")
log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
logFile("===============================================\n")
- xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
- xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
- if not XA_DB_FLAVOR == "SQLA":
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
- audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name)
logFile("===============================================\n")
if (dryMode==False):
log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index eb0c7ec..f3af716 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -26,11 +26,6 @@ PYTHON_COMMAND_INVOKER=python
#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA
DB_FLAVOR=MYSQL
#
-# The executable path to be used to invoke command-line MYSQL
-#
-#SQL_COMMAND_INVOKER='mysql'
-#SQL_COMMAND_INVOKER='sqlplus'
-SQL_COMMAND_INVOKER='mysql'
#
# Location of DB client library (please check the location of the jar file)
@@ -51,6 +46,9 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
# **************************************************************************
#
#db_root_user=root|SYS|postgres|sa|dba
+#db_host=host:port # for DB_FLAVOR=MYSQL|POSTGRES|SQLA|MSSQL #for example: db_host=localhost:3306
+#db_host=host:port:SID # for DB_FLAVOR=ORACLE #for SID example: db_host=localhost:1521:ORCL
+#db_host=host:port/ServiceName # for DB_FLAVOR=ORACLE #for Service example: db_host=localhost:1521/XE
db_root_user=root
db_root_password=
db_host=localhost
@@ -129,16 +127,16 @@ authServicePort=5151
#
# Sample Settings
#
-#xa_ldap_url="ldap://127.0.0.1:389"
-#xa_ldap_userDNpattern="uid={0},ou=users,dc=xasecure,dc=net"
-#xa_ldap_groupSearchBase="ou=groups,dc=xasecure,dc=net"
-#xa_ldap_groupSearchFilter="(member=uid={0},ou=users,dc=xasecure,dc=net)"
-#xa_ldap_groupRoleAttribute="cn"
-#xa_ldap_base_dn="dc=xasecure,dc=net"
-#xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net"
+#xa_ldap_url=ldap://127.0.0.1:389
+#xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
+#xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
+#xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
+#xa_ldap_groupRoleAttribute=cn
+#xa_ldap_base_dn=dc=xasecure,dc=net
+#xa_ldap_bind_dn=cn=admin,ou=users,dc=xasecure,dc=net
#xa_ldap_bind_password=
#xa_ldap_referral=follow|ignore
-#xa_ldap_userSearchFilter="(uid={0})"
+#xa_ldap_userSearchFilter=(uid={0})
xa_ldap_url=
xa_ldap_userDNpattern=
@@ -154,13 +152,13 @@ xa_ldap_userSearchFilter=
#
# Sample Settings
#
-#xa_ldap_ad_domain="xasecure.net"
-#xa_ldap_ad_url="ldap://127.0.0.1:389"
-#xa_ldap_ad_base_dn="dc=xasecure,dc=net"
-#xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net"
+#xa_ldap_ad_domain=xasecure.net
+#xa_ldap_ad_url=ldap://127.0.0.1:389
+#xa_ldap_ad_base_dn=dc=xasecure,dc=net
+#xa_ldap_ad_bind_dn=cn=administrator,ou=users,dc=xasecure,dc=net
#xa_ldap_ad_bind_password=
#xa_ldap_ad_referral=follow|ignore
-#xa_ldap_ad_userSearchFilter="(sAMAccountName={0})"
+#xa_ldap_ad_userSearchFilter=(sAMAccountName={0})
xa_ldap_ad_domain=
xa_ldap_ad_url=