You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/08 03:57:51 UTC
incubator-ranger git commit: RANGER-177 : Run Ranger usersync as
non-root user
Repository: incubator-ranger
Updated Branches:
refs/heads/master aae97d767 -> b3b773216
RANGER-177 : Run Ranger usersync as non-root user
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b3b77321
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b3b77321
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b3b77321
Branch: refs/heads/master
Commit: b3b773216ca7d0ccfec7b31ae2ca0b4de2f4d086
Parents: aae97d7
Author: Gautam Borad <gb...@gmail.com>
Authored: Thu Apr 2 17:26:11 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Tue Apr 7 21:53:40 2015 -0400
----------------------------------------------------------------------
unixauthservice/scripts/initd | 47 +++++++++++---
.../scripts/ranger-usersync-services.sh | 66 ++++++++++----------
unixauthservice/scripts/setup.sh | 10 ++-
3 files changed, 83 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3b77321/unixauthservice/scripts/initd
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/initd b/unixauthservice/scripts/initd
index 0ff6da4..a1062af 100644
--- a/unixauthservice/scripts/initd
+++ b/unixauthservice/scripts/initd
@@ -23,23 +23,56 @@
# Short-Description: Start/Stop Ranger Usersync
### END INIT INFO
+LINUX_USER=ranger
BIN_PATH=/usr/bin
MOD_NAME=ranger-usersync
+pidf=/var/run/ranger/usersync.pid
+pid=""
+if [ -f ${pidf} ]
+then
+ pid=`cat $pidf`
+fi
case $1 in
start)
- ${BIN_PATH}/${MOD_NAME} start
+ if [ "${pid}" != "" ]
+ then
+ echo "Ranger Usersync Service is already running"
+ exit 1
+ else
+ echo "Starting Ranger Usersync."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start"
+ fi
;;
stop)
- ${BIN_PATH}/${MOD_NAME} stop
+ if [ "${pid}" != "" ]
+ then
+ echo "Stopping Ranger Usersync."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop"
+ else
+ echo "Ranger Usersync Service is NOT running"
+ exit 1
+ fi
;;
restart)
- echo "Stopping Apache Ranger Usersync."
- ${BIN_PATH}/${MOD_NAME} stop
- echo "Starting Apache Ranger Usersync."
- ${BIN_PATH}/${MOD_NAME} start
+ if [ "${pid}" != "" ]
+ then
+ echo "Stopping Ranger Usersync."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop"
+ sleep 10
+ fi
+ echo "Starting Ranger Usersync."
+ /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start"
;;
+ status)
+ if [ "${pid}" != "" ]
+ then
+ echo "Ranger Usersync Service is running [pid={$pid}]"
+ else
+ echo "Ranger Usersync Service is NOT running."
+ fi
+ ;;
*)
- echo "Invalid argument [$1]; Only start | stop | restart, are supported."
+ echo "Invalid argument [$1]; Only start | stop | restart | status, are supported."
exit 1
esac
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3b77321/unixauthservice/scripts/ranger-usersync-services.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/ranger-usersync-services.sh b/unixauthservice/scripts/ranger-usersync-services.sh
index 27978d3..65f2e39 100644
--- a/unixauthservice/scripts/ranger-usersync-services.sh
+++ b/unixauthservice/scripts/ranger-usersync-services.sh
@@ -27,7 +27,7 @@ realScriptDir=`dirname $realScriptPath`
cd $realScriptDir
cdir=`pwd`
-pidf=${cdir}/.mypid
+pidf=/var/run/ranger/usersync.pid
if [ ${action^^} == "START" ]; then
@@ -44,58 +44,60 @@ if [ ${action^^} == "START" ]; then
if [ "$JAVA_HOME" != "" ]; then
export PATH=$JAVA_HOME/bin:$PATH
fi
-
+
logdir=`grep -P '^[ \t]*logdir[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | tr '\t' ' ' | sed -e 's:[ ]::g'`
if [ ! -d ${logdir} ]
then
- logdir=/var/log/ranger-usersync
+ logdir=/var/log/ranger/usersync
+ [ ! -d ${logdir} ] && mkdir -p ${logdir}
+ chown ranger:ranger ${logdir}
fi
cp="${cdir}/dist/*:${cdir}/lib/*:${cdir}/conf"
- [ ! -d ${logdir} ] && mkdir -p ${logdir}
- ${cdir}/ranger-usersync-services.sh stop
+
+ if [ -f $pidf ]; then
+ PID=`cat $pidf`
+ if [ -z "`ps axf | grep ${PID} | grep -v grep`" ]; then
+ rm -f ${pidf}
+ else
+ kill -9 ${PID} > /dev/null 2>&1
+ rm -f ${pidf}
+ echo "Ranger Usersync Service [pid = ${PID}] has been stopped."
+ fi
+ fi
+
cd ${cdir}
umask 0077
nohup java -Dproc_rangerusersync ${JAVA_OPTS} -Dlogdir="${logdir}" -cp "${cp}" org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth > ${logdir}/auth.log 2>&1 &
echo $! > ${pidf}
+ chown ranger ${pidf}
sleep 5
- port=`grep '^[ ]*authServicePort' ${cdir}/conf/unixauthservice.properties | awk -F= '{ print $2 }' | awk '{ print $1 }'`
- pid=`netstat -antp | grep LISTEN | grep ${port} | awk '{ print $NF }' | awk -F/ '{ if ($2 == "java") { print $1 } }'`
+ pid=`cat $pidf`
+
if [ "${pid}" != "" ]
then
- echo "UnixAuthenticationService has started successfully."
+ echo "Ranger Usersync Service has started successfully."
else
- echo "UnixAuthenticationService failed to start. Please refer to log files under ${logdir} for further details."
+ echo "Ranger Usersync Service failed to start. Please refer to log files under ${logdir} for further details."
fi
exit;
elif [ ${action^^} == "STOP" ]; then
port=`grep '^[ ]*authServicePort' ${cdir}/conf/unixauthservice.properties | awk -F= '{ print $2 }' | awk '{ print $1 }'`
- pid=`netstat -antp | grep LISTEN | grep ${port} | awk '{ print $NF }' | awk -F/ '{ if ($2 == "java") { print $1 } }'`
- if [ "${pid}" != "" ]
- then
- kill -9 ${pid}
- echo "AuthenticationService [pid = ${pid}] has been stopped."
- fi
- if [ -f ${pidf} ]
- then
- npid=`cat ${pidf}`
- if [ "${npid}" != "" ]
- then
- if [ "${pid}" != "${npid}" ]
- then
- if [ -a /proc/${npid} ]
- then
- echo "AuthenticationService [pid = ${npid}] has been stopped."
- kill -9 ${npid} > /dev/null 2>&1
- echo > ${pidf}
- fi
- fi
- fi
- fi
+
+ if [ -f $pidf ]; then
+ pidf=/var/run/ranger/usersync.pid
+ PID=`cat $pidf` > /dev/null 2>&1
+ kill -9 $PID > /dev/null 2>&1
+ rm -f $pidf
+ echo "Ranger Usersync Service [pid = ${PID}] has been stopped."
+ else
+ echo "Ranger Usersync Service not running"
+ fi
+
exit;
elif [ ${action^^} == "RESTART" ]; then
- echo "Stopping Apache Ranger Usersync"
+ echo "Stopping Ranger Usersync"
${cdir}/ranger-usersync-services.sh stop
echo "Starting Apache Ranger Usersync"
${cdir}/ranger-usersync-services.sh start
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3b77321/unixauthservice/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.sh b/unixauthservice/scripts/setup.sh
index 473d8a6..35bdd75 100755
--- a/unixauthservice/scripts/setup.sh
+++ b/unixauthservice/scripts/setup.sh
@@ -23,7 +23,7 @@ unix_user=ranger
unix_group=ranger
INSTALL_DIR=${INSTALL_BASE}
-
+pidf=/var/run/ranger
curDt=`date '+%Y%m%d%H%M%S'`
LOGFILE=setup.log.$curDt
@@ -33,6 +33,9 @@ log() {
echo "${prefix} $@"
}
+mkdir -p ${pidf}
+chown -R ${unix_user} ${pidf}
+
# Ensure that the user is root
MY_ID=`id -u`
if [ "${MY_ID}" -ne 0 ]
@@ -241,6 +244,11 @@ then
fi
# END Grep configuration properties from install.properties
+# changing ownership for ranger-usersync install directory
+if [ -d ${INSTALL_DIR} ]; then
+ chown -R ${unix_user}:${unix_group} ${INSTALL_DIR}
+fi
+
# Create $INSTALL_DIR/conf/unixauthservice.properties