You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ga...@apache.org on 2016/04/19 09:20:07 UTC

ambari git commit: AMBARI-15878. Update code for creating jceks credential for Ranger and Ranger Kms services (Mugdha Varadkar via gautam)

Repository: ambari
Updated Branches:
  refs/heads/trunk 91122e4fc -> 6c192789f


AMBARI-15878. Update code for creating jceks credential for Ranger and Ranger Kms services (Mugdha Varadkar via gautam)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6c192789
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6c192789
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6c192789

Branch: refs/heads/trunk
Commit: 6c192789fe8b6d99c97df35da36dbf70bb3f3144
Parents: 91122e4
Author: Gautam Borad <ga...@apache.org>
Authored: Thu Apr 14 14:20:38 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Tue Apr 19 12:49:54 2016 +0530

----------------------------------------------------------------------
 .../0.4.0/package/scripts/setup_ranger_xml.py   | 51 ++++++--------------
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py |  6 ++-
 2 files changed, 20 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/6c192789/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index f3f9c7e..9f31983 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -230,17 +230,10 @@ def do_keystore_setup(upgrade_type=None):
 
   ranger_home = params.ranger_home
   cred_lib_path = params.cred_lib_path
-  cred_setup_prefix = params.cred_setup_prefix
 
-  if not is_empty(params.ranger_credential_provider_path):    
-    jceks_path = params.ranger_credential_provider_path
-    cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_jdbc_credential_alias, '-v', PasswordString(params.ranger_ambari_db_password), '-c', '1')
+  if not is_empty(params.ranger_credential_provider_path):
+    ranger_credential_helper(cred_lib_path, params.ranger_jpa_jdbc_credential_alias, params.ranger_ambari_db_password, params.ranger_credential_provider_path)
 
-    Execute(cred_setup, 
-            environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, 
-            logoutput=True, 
-            sudo=True
-    )
     File(params.ranger_credential_provider_path,
       owner = params.unix_user,
       group = params.unix_group,
@@ -248,13 +241,7 @@ def do_keystore_setup(upgrade_type=None):
     )
 
   if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
-    jceks_path = params.ranger_credential_provider_path
-    cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias, '-v', PasswordString(params.ranger_ambari_audit_db_password), '-c', '1')
-    Execute(cred_setup, 
-            environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, 
-            logoutput=True, 
-            sudo=True
-    )
+    ranger_credential_helper(cred_lib_path, params.ranger_jpa_audit_jdbc_credential_alias, params.ranger_ambari_audit_db_password, params.ranger_credential_provider_path)
 
     File(params.ranger_credential_provider_path,
       owner = params.unix_user,
@@ -382,21 +369,14 @@ def setup_usersync(upgrade_type=None):
   if os.path.isfile(params.cred_validator_file):
     File(params.cred_validator_file, group=params.unix_group, mode=04555)
 
-  cred_file = format('{ranger_home}/ranger_credential_helper.py')
-  if os.path.isfile(format('{usersync_home}/ranger_credential_helper.py')):
-    cred_file = format('{usersync_home}/ranger_credential_helper.py')
-
   cred_lib = os.path.join(usersync_home,"lib","*")
-  cred_setup_prefix = (cred_file, '-l', cred_lib)
 
-  cred_setup = cred_setup_prefix + ('-f', params.ugsync_jceks_path, '-k', 'usersync.ssl.key.password', '-v', PasswordString(params.ranger_usersync_keystore_password), '-c', '1')
-  Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+  ranger_credential_helper(cred_lib, 'usersync.ssl.key.password', params.ranger_usersync_keystore_password, params.ugsync_jceks_path)
 
-  cred_setup = cred_setup_prefix + ('-f', params.ugsync_jceks_path, '-k', 'ranger.usersync.ldap.bindalias', '-v', PasswordString(params.ranger_usersync_ldap_ldapbindpassword), '-c', '1')
-  Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+  if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+    ranger_credential_helper(cred_lib, 'ranger.usersync.ldap.bindalias', params.ranger_usersync_ldap_ldapbindpassword, params.ugsync_jceks_path)
 
-  cred_setup = cred_setup_prefix + ('-f', params.ugsync_jceks_path, '-k', 'usersync.ssl.truststore.password', '-v', PasswordString(params.ranger_usersync_truststore_password), '-c', '1')
-  Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+  ranger_credential_helper(cred_lib, 'usersync.ssl.truststore.password', params.ranger_usersync_truststore_password, params.ugsync_jceks_path)
 
   File(params.ugsync_jceks_path,
        owner = params.unix_user,
@@ -497,17 +477,10 @@ def setup_tagsync(upgrade_type=None):
     Execute(('cp', '-f', src_file, dst_file), sudo=True)
     File(tagsync_log4j_file, owner=params.unix_user, group=params.unix_group)
 
-  cred_file = format('{ranger_home}/ranger_credential_helper.py')
-  if os.path.isfile(format('{ranger_tagsync_home}/ranger_credential_helper.py')):
-    cred_file = format('{ranger_tagsync_home}/ranger_credential_helper.py')
-
   cred_lib = os.path.join(ranger_tagsync_home,"lib","*")
-  cred_setup_prefix = (cred_file, '-l', cred_lib)
 
   if not is_empty(params.tagsync_jceks_path) and not is_empty(params.ranger_tagsync_tagadmin_password) and params.tagsync_enabled:
-    cred_setup = cred_setup_prefix + ('-f', params.tagsync_jceks_path, '-k', 'tagadmin.user.password', '-v', PasswordString(params.ranger_tagsync_tagadmin_password), '-c', '1')
-    Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
-
+    ranger_credential_helper(cred_lib, 'tagadmin.user.password', params.ranger_tagsync_tagadmin_password, params.tagsync_jceks_path)
     File(params.tagsync_jceks_path,
          owner = params.unix_user,
          group = params.unix_group,
@@ -522,3 +495,11 @@ def setup_tagsync(upgrade_type=None):
     not_if=format("ls /usr/bin/ranger-tagsync"),
     only_if=format("ls {tagsync_services_file}"),
     sudo=True)
+
+def ranger_credential_helper(lib_path, alias_key, alias_value, file_path):
+  import params
+
+  java_bin = format('{java_home}/bin/java')
+  file_path = format('jceks://file{file_path}')
+  cmd = (java_bin, '-cp', lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', alias_key, '-value', PasswordString(alias_value), '-provider', file_path)
+  Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/6c192789/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index dd91acf..f63d660 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -111,8 +111,10 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password)
   import params
 
   if cred_provider_path is not None:
-    cred_setup = params.cred_setup_prefix + ('-f', cred_provider_path, '-k', credential_alias, '-v', PasswordString(credential_password), '-c', '1')
-    Execute(cred_setup, 
+    java_bin = format('{java_home}/bin/java')
+    file_path = format('jceks://file{cred_provider_path}')
+    cmd = (java_bin, '-cp', params.cred_lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', credential_alias, '-value', PasswordString(credential_password), '-provider', file_path)
+    Execute(cmd,
             environment={'JAVA_HOME': params.java_home}, 
             logoutput=True, 
             sudo=True,